Program Manufacturer O/S Web Site Program Description COTS or GOTS Comments
anlpasswd Argonne National Laboratory UNIX
The anlpasswd program (formerly perl-passwd) is a proactive password checker that refuses to let users choose "bad" passwords. N/A
ARGUS Software Engineering Institute, CMU UNIX
ARGUS is a generic IP network transaction auditing tool. It runs as an applications level daemon, promiscuously reading network datagrams from a specified interface, and generates network traffic status records for the network activity that it encounters. ARGUS, enables a site to generate comprehensive network transaction audit logs, in a fashion that provides for high degrees of data reduction, and high degrees of semantic preservation. N/A Download from
ARPWatch/ARPSNMP Lawrence Berkeley National Lab. UNIX
These are tools that monitor ethernet of FDDI activity and maintain a database of Ethernet/IP address pairings. It also reports certain changes via email. ARPWatch uses libcap for ARP data capture. ARPSNMP has the same features, but relies on an external agent to collect the ARP data. N/A Download from COAST ftp site-
Libcap (required for ARPWatch) can be downloaded from
Ballista Secure Networks Inc. Solaris, Linux, BSD, Win NT Ballista is a network security auditing tool to serve as a comprehensive auditing tool for use in discovering security weaknesses in networked environments. Ballista performs comprehensive evaluations of Intranets, Web Servers, Firewalls and Screening Routers by scanning them and performing extensive tests to discern whether they are vulnerable to intrusions or attacks from hostile users. It performs over 300 security checks. COTS Demo version available for download from the above vendor site.
Check Promiscuous Mode (CPM) Carnegie Mellon University UNIX
The CPM program checks a system for any network interfaces in promiscuous mode; this may indicate that an attacker has broken in and started a packet snooping program. N/A Download from the COAST ftp site-
chrootuid Wietse Venema UNIX
Chrootuid makes it easy to run a network service at low privilege level and with restricted file system access. It can be used, for example, to run gopher and WWW network daemons in a restricted environment: the daemons have access only to their own directory tree, and run under a low-privileged userid. The arrangement greatly reduces the impact of possible loopholes in daemon software. N/A Download from COAST ftp stie-
COPS Purdue University UNIX
Computer Oracle and Password System - Examines a system for a number of known weaknesses and alerts the system administrator to them; in some cases it can automatically correct these problems. N/A Can be downloaded from the Coast ftp site -
Courtney CIAC UNIX
Courtney monitors the network and identifies the source machines of SATAN probes/attacks. Courtney receives input from tcpdump counting the number of new services a machine generates within a certain time window. If one machine connects to numerous services within that time windows, Courtney identifies that machine as a potential SATAN host. N/A Download from the CIAC ftp site -
Crack v5.0 Alec Muffett UNIX Crack is a password guessing program that is designed to quickly locate insecurities in Unix password files by scanning the contents of a password file, looking for users who have misguidedly chosen a weak logging password. N/A Download from Alec Muffett's site -
Download from CERT
Download from COAST ftp site-
Filereaper Zygo Blaxell UNIX
The traditional way of cleaning up temporary files using the find program is vulnerable to certain race conditions attacks. This program takes a number of measures to avoid those problems. N/A Download from COAST ftp site-
Gabriel Los Altos Technologies Sun Platforms Gabriel is a SATAN detector, similar to Courtney. It comes configured and pre-compiled to run on Sun systems, but the source code is included, so theoretically it would be possible to port it to other platforms. N/A Download from Los Altos Technologies -
ifstatus Dave Curry UNIX
The ifstatus program checks a system for any network interfaces in promiscuous mode; this may indicate that an attacker has broken in and started a packet sniffing program. Designed to be run out of cron. N/A Download from the COAST ftp site -
Intelligent Auditing and Categorizing RIACS UNIX
The RIACS Intelligent Auditing and Categorizing System, from the Research Institute for Advanced Computer Science. A file system auditing program that compares current contents against previously-generated listings, and reports differences. N/A Download from COAST ftp site -
Internet Security Scanner (ISS) Christopher Klaus UNIX
ISS is a multi-level security scanner that checks a Unix system for a number of known security holes such as problems with sendmail, improperly configured NFS file sharing, etc. ISS originated as a free product, but it has evolved into a much more complex and capable commercial product. COTS Download from the COAST ftp site - (free version)
Commercial version available at-
IP-Watcher En Garde Systems, Inc. SunO/S, Solaris, Linux IP-Watcher is a network monitoring tool which can be used to inspect the data being transferred between two hosts. IP-Watcher can monitor all the connections on a network, allowing an administrator to display an exact copy of a session in real time, just as the user of the session sees the data. IP-Watcher uses a new technique called "IP-Hijacking" which intercepts and spoofs packets on the IP Level. COTS
ipacl Siemens Unix
The ipacl package forces all TCP and UDP packets to pass through an access control list facility. The configuration file allows packets to be accepted, rejected, conditionally accepted, and conditionally rejected based on characteristics such as source address, destination address, source port number, and destination port number. Should be portable to any system that uses System V STREAMS for its network code. N/A Download from the COAST ftp site -
KarlBridge Doug Karl DOS
The KarlBridge package by Doug Karl is a program that runs on a PC with two Ethernet boards, turning the PC into a sophisticated, high-level, packet-filtering bridge. It can filter packets based on any specified protocol, including IP, XNS, DECNET, LAT, IPX, AppleTalk, etc. N/A
Kerberos MIT UNIX Kerberos is a network authentication system for use on physically insecure networks, based on the key distribution model presented by Needham and Schroeder. It allows entities communicating over networks to prove their identity to each other while preventing eavesdropping or replay attacks. It also provides for data stream integrity (detection of modification) and secrecy (preventing unauthorized reading) using cryptography systems such as DES. N/A Download information at the above URL, and at the COAST ftp site-
logdaemon Wietse Venema UNIX
The logdaemon package provides modified versions of rshd, rlogind, ftpd, rexecd, login and telnetd that log significantly more information than the standard vendor versions, enabling better auditing of problems via the logfiles. Also includes support for the S/Key one-time password package. N/A Download from the COAST ftp site -
Merlin is a tool for managing and enhancing existing security tools. It can provide a graphical front-end to many popular tools, such as SPI-NET, Tiger, COPS, Crack, and Tripwire. Merlin makes these tools easier to use, while at the same time extending their capabilities. N/A If you use the above security tools, this is well worth taking a look at. Download from the CIAC ftp site -
Netlog Texas A&M University UNIX
The netlog programs constitute a TCP and UDP traffic logging system, usable for locating suspicious network traffic. N/A Download from the COAST ftp site -
NETMAN Curtin University UNIX
The NETMAN is a package of network monitoring and visualization tools. The etherman program is an X Window System tool that displays a representation of real-time Ethernet communications. The interman program focuses on IP connectivity within a single segment. The packetman tools is a retrospective Ethernet packet analyzer. N/A Download from the Curtin Univ. ftp site -
nfsbug Leendert van Doorn UNIX
Test hosts for well known (and old) NFS problems/bugs. Among these tests are: find world wide exportable file systems, determine whether the export list really works, determine whether we can mount file systems through the portmapper, try to guess file handles, exercise the mknod bug, and the uid masking bug. N/A Download from the COAST ftp site-
NFSWatch David Curry UNIX
NFSWatch lets you monitor NFS requests to any given machine, or the entire local network. It mostly monitors NFS client traffic (NFS requests); it also monitors the NFS reply traffic from a server in order to measure the response time for each RPC. It divides the traffic into several categories, and statistics about each category can be collected and analyzed. N/A Download from the COAST ftp site-
NID (Network Intrusion Detector) CTSC UNIX
Network Intrusion Detector (NID) is the work of the Computer Security Technology Center (CSTC). It provides a suite of security tools that detect and analyzes network intrusions. NID provides detection and analysis of intrusions from individuals not authorized to use a particular computer, and from individuals allowed to use a particular computer but who perform either unauthorized activities or activities of a suspicious nature on it. The NID software product is available free of charge to all U.S. Government agencies. GOTS Download from
NOCOL/NetConsole Vikas Aggarwal UNIX
NOCOL/NetConsole (Network Operation Center On-Line) is a network monitoring package that runs on Unix platforms and is capable of monitoring network and system variables such as ICMP or RPC reachability, RMON variables, nameservers, ethernet load, port reachability, host performance, SNMP traps, modem line usage, AppleTalk & Novell routes/services, BGP peers, etc. The software is extensible and new monitors can be added easily. N/A Download from
noshell Michele Crabb UNIX
This program is designed to provide the system administrator with additional information about who is logging into disabled accounts. Traditionally, accounts have been disabled by changing the shell field of the password entry to "/bin/sync" or some other benign program. Noshell provides an informative alternative to this method by specifying the noshell program as the login shell in the password entry for any account which has been disabled. N/A Download from the COAST ftp site-
npasswd Clyde Hoover UNIX
The npasswd program is a plug-compatible replacement for passwd that refuses to accept "bad" passwords. Includes support for System V Release 3 password aging and Sun's Network Information Service (NIS). N/A Download from the University of Texas ftp site -
Download from the COAST ftp site-
NT Crack Jonathan Wilkins of Secure Networks NT
NT Crack is a program to perform off-line auditing of Windows NT passwords. It does not need to be run on a machine that is connected to your Windows NT network and should be able to run under most Unix platforms as well as Windows NT. N/A NT Crack relies on PWDump in order to extract the password list. Program comes with source code. You can download this tool from the Secure Network website listed above.
Ogre Rhino9 NT Ogre will scan an entire class C subnet and perform the following functions against each IP address found. Portscan a variety of ports, an HTTP probe, check for FrontPage and attempt to access the FrontPage password, does a NBTSTAT and retrieve netbios information and then retrieve share information and finally will check for the HTML version of the Internet Information Servers Administration Program. N/A Also available from:
OPIE US Naval Research Lab (NRL) UNIX
OPIE (One Time Passwords in Everything) is an S/Key derivative developed at NRL over the past few years. OPIE implements the IETF One-Time Passwords (OTP) standard as per RFC-1938 and runs out of the box on most versions of Unix. OPIE supports MD5 in addition to MD4 and has a number of other security enhancements when compared to the original Bellcore S/Ikey. N/A Download from the NRL ftp site -
Download from
osh (Operator Shell) Mike Neuman UNIX The Operator Shell (osh) is a setuid root, security enhanced, restricted shell. It allows the administrator to carefully limit the access of special commands and files to the users whose duties require their use, while at the same time automatically maintaining audit records. The configuration file for osh contains an administrator defined access profile for each authorized user or group. This profile lists the commands which may be run and specific access rights for files and directories. In addition to this fine grain distribution of privilege, all typed commands are logged along with a notation of their success or failure, offering a comprehensive audit log. N/A Similar to sudo. Download from the COAST ftp site-
or from the URL above.
passwd+ Matt Bishop UNIX
The passwd+ program is a proactive password checker that is driven by a configuration file to determine what types of passwords are and are not allowed. The configuration file allows the use of regular expressions, the comparison of passwords against the contents of file (e.g., dictionaries) and the calling of external programs to examine the password. N/A Both Alpha and Beta versions of this program are in circulation. Both are funtional but very different, with the Beta being much more powerful and configurable, but harder to use. Download the Alpha version from the Dartmouth ftp site-
Download the Beta version from
PGP (Pretty Good Privacy) Phil Zimmermann UNIX, DOS, Mac, Windows, others PGP is a program that gives your electronic mail and files something that they otherwise don't have: Privacy. It does this by encrypting your files so that nobody but the intended person can read them. When encrypted, the file looks like a meaningless jumble of random characters. PGP has proven itself quite capable of resisting even the most sophisticated forms of analysis aimed at reading the encrypted text. PGP also provides digital signature and integrity provisions. COTS Older versions (previous to 5.0) are freeware, while newer versions are commercial. Within the U.S., download from the URL above. Outside the U.S., download international versions from-
pidentd Peter Erickson UNIX
Pidentd implements RFC1413 identification server that can be used to query a remote host for the identification of the user making a TCP connection request. N/A Download from the COAST ftp site-
Useful when used in conjuntion with TCP-Wrappers
portmap Wietse Venama UNIX
The portmap program is a replacement for the standard portmap program that attempts to close all known holes in portmap. This includes prevention of NIS password file theft, prevention of unauthorized ypset commands, and prevention of NFS file handle theft. N/A Download from Wietse's ftp site-
Download from the COAST ftp site-
PWDump Unknown Windows NT This utility dumps the password database of an NT machine that is held in the NT registry into a valid smbpasswd format file. Crack NT can then be run against this file to check for weak passwords. N/A The file can be downloaded from the following site:
rpcbind Wietse Venema UNIX
The rpcbind program is a replacement for the Sun rpcbind program that offers access control and copious logging. Allows host access control based on network addresses. N/A Download from Wietse's ftp site-
Download from the COAST ftp site-
SAINT World Wide Digital Security Inc. SunOS, Solaris, Linux, others Saint (Security Administrator's Integrated Network Tool) is a updated follow-on to the popular SATAN tool, although not created by the SATAN originators. SAINT has an HTML interface and requires PERL version 5.001 to run. SAINT gathers as much info about remote hosts and networks as possible by examining network services. SAINT looks for and reports on potential security falwas, network topology, network services, and the types of hardware and software being used on the network. N/A This is a free tool available for download from the above site.
SATAN Dan Farmer and Wietse Vemema UNIX
Security Administrator's Tool for Analyzing Networks - The SATAN scanning tool was designed to scan a Unix host or set of Unix hosts on an IP network and report about well-known security vulnerabilities. For each problem found, SATAN offers a tutorial that explains the problem and what can be done to remedy the situation. N/A Download from the COAST ftp site-
Dan Farmer's SATAN homepage is located at -
Extensions developed at the COAST lab are available at-
Scan-Detector COAST Purdue University UNIX
This is a tool to monitor for port scans of a Unix system. N/A Program can be downloaded from -
screend Jeff Mogul UNIX
The screend package provides a daemon and kernel modifications to allow all packets to be filtered based on source address, destination address, or any other byte or set of bytes in the packet. Should work on most systems that use Berkeley-style networking in the kernel, but requires kernel modifications. N/A Download from the following ftp site -
Download from the COAST ftp site-
securelib William LeFebvre SunOS 4.1.x
The securelib package provides a replacement shared library from SunOS 4.1.x systems that offers new versions of the accept, recfrom, and recvmsg networking system calls. These calls are compatible with the originals, except that they check the address of the machine initiating the connection to make sure it is allowed to connect, based on the contents of the configuration files. The advantage of this approach is that it can be installed without recompiling any software. N/A Download from the COAST ftp site -
shadow John F. Haugh, II UNIX
The shadow program is a replacement for login and passwd that can enable any system to use shadow password files. Includes support for shadow password files, shadow group files, DBM password files, double length passwords, and password aging. N/A Download from the following ftp site -
Simple File Wrapper (SFW) Timothy E. Hoff UNIX
SFW is a simple and secure UNIX command wrapper. One of the issues faced by UNIX system administrators is how to delegate routine functions without distributing root authority to a large group of people. SFW provides one approach to addressing this problem. N/A Download for the COAST ftp site-
smrsh Eric P. Allman UNIX
Smrsh is a restricted shell utility that provides the ability to specify, through a configuration, an explicit list of executable programs. When used in conjunction with sendmail, smrsh effectively limits sendmail's scope of program execution to only those programs specified in smrsh's configuration. N/A Download from the COAST ftp site-
SOCKS NEC Networking Systems Lab. UNIX SOCKS establishes a secure proxy data channel between two computers in a client/server environment. From the client's perspective, SOCKS is transparent. From the server's perspective, SOCKS is a client. N/A Download from the COAST ftp site-
Download from the above URL.
Spar Texas A&M Univ. UNIX
Spar is used to select records from a UNIX process accounting file. It is usually faster than the standard lastcomm and significantly more flexible and powerful. N/A Download from the COAST ftp site-
SPI-NET and SPI-NT Lawrence Livermore National Labs UNIX and Windows NT
SPI-NET supports multi-host system security inspections managed from a designated "command host". These inspections include access control testing, system file authentication, file system change detection, password testing, and checks for a variety of common system vulnerabilities. All SPI-NET command and data traffic is protected by public key encryption techniques. GOTS Free to all U.S. Government Agencies,
and contractors directly supporting the U.S.
Department of Defense and Energy. Available
for HP-UX10.x, IRIX 5.x, SunOS 4.x, and SunOS 5.x.
SRA (Secure RPC authentication) Texas A&M Univ. UNIX
This package provides drop in replacements for telnet and ftp clilent and server programs, which use Secure RPC code to provide encrypted authentication across the network, so that plaintext passwords are not used. The clients and servers negotiate the unmodified versions. These programs require no external keyserver or ticket server, and work equally well for local or internet wide connections. N/A Download from the COAST ftp site-
SSH (Secure Shell) Tatu Yl'onen, Data Fellows UNIX, Windows NT, Mac Ssh (Secure Shell) is a program to log into another computer over a network, to execute commands on a remote machine, and to move files from one machine to another. It provides strong authentication and secure communications over insecure channels. N/A Windows and Mac versions are COTS.
Download from the URL above.
Strobe Julian Assange UNIX
Strobe is a security network tool that locates and describes all listening tcp ports on a (remote) host or on many hosts in a manner that tries to minimize bandwidth utilization and maximize process resources. N/A Download from the COAST ftp site-
sudo Todd Miller UNIX
Sudo is a program designed to allow a sysadmin to give limited root privileges to users and log root activity. The basic philosophy is to give as few privileges as possible but still allow people to get their work done. N/A Similar to osh. Download from the COAST ftp site-
Swatch Stephen Hansen and Todd Atkins UNIX
Swatch monitors log files, looking for patterns specified in a configuration file. In response to those patterns, different actions can be taken, such as sending email, execution of commands, etc. N/A Download from the COAST ftp site -
SYNkill COAST Laboratory, Purdue Univ. UNIX
This is a tool that monitors for SYN flood attacks and then responds to them. It can protect all the machines on a LAN. The tool is described in a paper from the 1997 IEEE Symposium on Security and Privacy. N/A The tool is available for license. A patent is pending on the basic technology.
T-sight En Garde Systems, Inc. Windows 95, NT 4.0
T-sight is a network tool designed to provide an advanced method of visualizing the traffic and data going over a network. It is meant to be a successor to the IP-Watcher program. COTS Evaluation license, pricing and availability information at the URL above.
TCP Dump Berkeley Laboratory Research Group UNIX
TCP Dump is a tool for network monitoring and data acquisition. N/A Download from
Download from the COAST ftp site-
TCP Wrappers Wietse Venema UNIX
TCP Wrappers allow monitoring and control of access to network services started through inetd in a UNIX host. This includes most common services such as ftp, telnet, tftp, rsh, rlogin, finger, etc. Also includes a library so that other programs can implement control and monitoring in the same fashion. N/A Download from the COAST ftp site -
tftpd Scott M. Ballew UNIX
Secure version of the standard tftpd daemon, which provides access control and logging facilities. N/A Download from the COAST ftp site-
Tiger Texas A&M Univ. UNIX
Tiger is a set of shell scripts, C code and configuration files which are used to perform a security audit on Unix systems. Tiger was originally developed for checking hosts at Texas A&M University following a break in the Fall of 1992. The Tiger package of system monitoring scripts is similar to COPS in what they do, but significantly more up to date, and easier to configure and use. N/A Download from the COAST ftp site -
TIS Internet Firewall Toolkit Trusted Information Systems UNIX
The TIS Internet Firewall Toolkit is a set of programs and configuration practices designed to facilitate the building of network firewalls. Components of the toolkit, while designed to work together, can be used in isolation or can be combined with other firewall components. The toolkit software is designed to run on UNIX systems using TCP/IP with a Berkley-style "socket" interface. N/A Download from above URL.
TkLogger Doug Hughes UNIX
Tklogger is a tool for watching logs created by syslog (or other logging mechanisms). No special files or interface to syslog are needed because it works on plain text files and watches for updates to the file specified. The events watched are user configurable and based either upon file type, pattern matching, or a mixture of the two. The events are color coded. N/A Download from the COAST ftp site-
or from the above URL.
Tripwire Coast - Purdue University UNIX; Win NT (in '98)
Tripwire is an integrity-monitor tool for Unix systems. It uses checksums and message digests to build a list of "signatures" for monitored files, and can be run to check for changes. It can monitor selected items of system-maintained information, changes in permissions, links, sizes of directories and files, and additions or deletions of files from watched directories. It should work on almost any version of UNIX. N/A Version 1 from COAST is freeware
Download is available from the COAST ftp site -
Version 2 is a COTS product and information can be
obtained from-
ttywatcher Mike Neuman UNIX
TTY_Watcher is a utility to monitor and control users on a single system. It is based on the COAST IP-Watcher utility, which can be used to monitor and control users on an entire network. It is similar to tap, but with many more advanced features and a user friendly interface. TTY-Watcher allows the user to monitor every tty on the system, as well as interact with them. Playback is also available. N/A Download from the COAST ftp site-
Watcher Kenneth Ingham UNIX
Watcher is a configurable and extensible system monitoring tool that issues a number of user-specified commands, parses the output, checks for items of significance, and reports them to the system administrator. N/A Download from the COAST ftp site -
xinetd Chuck Murcko, Jan Wedekind UNIX
xinetd is a replacement for inetd, the internet services daemon. It supports access control based on the address of the remote host and the time of access. It also provide extensive logging capabilities, including server start time, remote host address, remote username, server run time, and actions requested. N/A Download for the COAST ftp site-
Download from the following ftp site -
Page d'accueil

Nous écrire
By mail

Nous envoyer des commentaires
By la page de le Feed-Back

Les mailing-lists


Les stats du serveur


Qui sommes-nous?

Le Sommaire

Sommaire général du site
(voir tout le contenu)

Les rubriques!

Les livres publiés par Kitetoa
Les Textes
Les interviews

Fonds d'écran et autres trucs

Les rubriques!
Les Let-R-s

Des Images
On s'en fout!

KessTaVu? -KiteToile

Statisticator, l'autre site...

Les dossiers :

Precision [ZataZ]
Le monde fou des Admins
Le hack le plus bizarre
Guerre de l'info
Convention contre la cyber-criminalité

Questionnaire visant à améliorer le contenu de  ce site si c'est possible et pas trop compliqué

Réponses au questionnaire visant...

Le Forum

sur le site sur le Net

Des liens
D'autres choses du Ouèb