PBNJ is a network tool that can be used to give an overview of an machine or multiple machines by identifying the details about the services running on them. PBNJ is different from other tools because it is based on using a scan from nmap parsed to amap. PBNJ parses the data from a scan and outputs to a CSV format file for each ip address scanned.

However, PBNJ is able to handle additional scans and parse the data while only looking for changes. For example, if a machine was updated with a newer version of OpenSSH than was running when the first scan was performed, the CSV file would contain the difference of the scan. Very useful for vulnerability assessment and penetration testing.

dsniff is a collection of tools for network auditing and penetration testing. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.). arpspoof, dnsspoof, and macof facilitate the interception of network traffic normally unavailable to an attacker (e.g, due to layer-2 switching). sshmitm and webmitm implement active monkey-in-the-middle attacks against redirected SSH and HTTPS sessions by exploiting weak bindings in ad-hoc PKI.

SecureLinx Spider™ provides secure KVM over IP (keyboard, video, mouse) management of servers over an IP network. Unlike traditional KVM switches on the market, Spider offers a flexible, scalable and affordable CAT5-based remote access KVM solution in a cable friendly, compact “zero-footprint” package.

The latest addition to the SecureLinx family of IT/data center management products, this KVM over IP solution eliminates server-to-switch CAT5 cable distance limitations, and gives system administrators non-intrusive and cost-effective 24/7 access to servers across a wide variety of IT/network environments: from mission critical servers in high-density data centers, to servers distributed over corporate campuses, multi-floor buildings, remote/branch office sites. Management access, from BIOS to applications, from any web browser anywhere, at any time… guaranteed.

OSSEC is an Open Source Host-based Intrusion Detection System. It performs log analysis, integrity checking, Windows registry monitoring, rootkit detection, real-time alerting and active response.

It runs on most operating systems, including Linux, OpenBSD, FreeBSD, MacOS, Solaris and Windows.

If you have one system to monitor, you can install the OSSEC HIDS locally on that box and do everything from there. However, if you are administering a few systems, you can select one to be your OSSEC server and the others to be OSSEC agents, forwarding events to the server for analysis. One of the greatest benefits of the OSSEC HIDS is its scalability, allowing you to monitor multiple systems from a central point.

Start a shell with logging of input/output. Rootsh must be started via sudo if you want to become root. It does not raise your privileges on it's own. You can run rootsh as a standalone application if you only want to log your own user's session. If you call rootsh with additional commands, these will be passed to the shell.

Netcat is a featured networking utility which reads and writes data across network connections, using the TCP/IP protocol. It is designed to be a reliable "back-end" tool that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need and has several interesting built-in capabilities.

It provides access to the following main features:

• Outbound and inbound connections, TCP or UDP, to or from any ports.
• Featured tunneling mode which allows also special tunneling such as UDP to TCP, with the possibility of specifying all network parameters (source port/interface, listening port/interface, and the remote host allowed to connect to the tunnel.
• Built-in port-scanning capabilities, with randomizer.
• Advanced usage options, such as buffered send-mode (one line every N seconds), and hexdump (to stderr or to a specified file) of trasmitted and received data.
• Optional RFC854 telnet codes parser and responder.

The GNU Netcat is distributed freely under the GNU General Public License (GPL).

...from www.sandboxie.com...

When you run a program on your computer, data flows from the hard disk to the program via read operations. The data is then processed and displayed, and finally flows back from the progam to the hard disk via write operations.

For example, if you run the Freecell program to play a game, it starts by reading the previously recorded statistics, displaying and altering them as you play the game, and finally writing them back to disk for future reference.

Firekeeper is an Intrusion Detection and Prevention System for Firefox. It is able to detect, block and warn the user about malicious sites. Firekeeper uses flexible rules similar to Snort ones to describe browser based attack attempts. Rules can also be used to effectively filter different kinds of unwanted content. Other features of Firekeeper include:

• Ability to scan incoming Firefox traffic - HTTP(S) response headers, body and URL and to cancel processing of suspicious responses.
• HTTPS and compressed responses are scanned after decryption/decompression.
• Very fast pattern matching algorithm (taken directly from Snort).

OpenVPN is a full-featured SSL VPN solution which can accomodate a wide range of configurations, including remote access, site-to-site VPNs, WiFi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls.

OpenVPN implements OSI layer 2 or 3 secure network extension using the industry standard SSL/TLS protocol, supports flexible client authentication methods based on certificates, smart cards, and/or 2-factor authentication, and allows user or group-specific access control policies using firewall rules applied to the VPN virtual interface. OpenVPN is not a web application proxy and does not operate through a web browser.

sudosh is used with sudo(8) to exec the user's shell specified in /etc/passwd as root. sudosh makes use of the built-in script(5) command to log session data to syslog.

Companies that have a team of system administrators and a large number of servers face a difficult problem: root access.

The most common solution is to distribute the root password to the system administrators and contain them in a wheel group. With the recent requirements of Sarbanes and Oxley this becomes quickly impossible because the root password must be changed every 3 months.

The other option is to use sudo. Sudo works great. It's actually too good. This is why I created sudosh. Sudo doesn't allow you to do shell type things that system administrators are used to. The following example is a real command that is used during an AIX data migration: