Knoppix- security tools distribution
STD is a Linux-based Security Tool. Actually, it is a collection of hundreds if not thousands of open source security tools. It's a Live Linux Distro, which means it runs from a bootable CD in memory without changing the native operating system of the host computer. Its sole purpose in life is to put as many security tools at your disposal with as slick an interface as it can.
STD is meant to be used by both novice and professional security personnel but is not ideal for the Linux uninitiated. STD assumes you know the basics of Linux as most of your work will be done from the command line. If you are completely new to Linux, it's best you start with another live Distro like Knoppix to practice the basics.
STD tools are divided into the following categories :
# authentication
# encryption
# forensics
# firewall
# honeypot
# ids
# network utilities
# password tools
# servers
# packet sniffers
# tcp tools
# tunnels
# vulnerability assessment
# wireless tools
Tools are grouped as follows:
authentication
/usr/bin/auth/
* freeradius 0.9.3 : GPL RADIUS server
encryption
/usr/bin/crypto/
* 2c2 : multiple plaintext -> one ciphertext
* 4c : as with 2c2 (think plausible deniability)
* acfe : traditional cryptanalysis (like Vigenere)
* cryptcat : netcat + encryption
* gifshuffle : stego tool for gif images
* gpg 1.2.3 : GNU Privacy Guard
* ike-scan : VPN fingerprinting
* mp3stego : stego tool for mp3
* openssl 0.9.7c
* outguess : stego tool
* stegbreak : brute-force stego'ed JPG
* stegdetect : discover stego'ed JPG
* sslwrap : SSL wrapper
* stunnel : SSL wrapper
* super-freeSWAN 1.99.8 : kernel IPSEC support
* texto : make gpg ascii-armour look like weird English
* xor-analyze : another "intro to crytanalysis" tool
forensics
/usr/bin/forensics/
* sleuthkit 1.66 : extensions to The Coroner's Toolkit forensic toolbox.
* autopsy 1.75 : Web front-end to TASK. Evidence Locker defaults to /mnt/evidence
* biew : binary viewer
* bsed : binary stream editor
* consh : logged shell (from F.I.R.E.)
* coreography : analyze core files
* dcfldd : US DoD Computer Forensics Lab version of dd
* fenris : code debugging, tracing, decompiling, reverse engineering tool
* fatback : Undelete FAT files
* foremost : recover specific file types from disk images (like all JPG files)
* ftimes : system baseline tool (be proactive)
* galleta : recover Internet Explorer cookies
* hashdig : dig through hash databases
* hdb : java decompiler
* mac-robber : TCT's graverobber written in C
* md5deep : run md5 against multiple files/directories
* memfetch : force a memory dump
* pasco : browse IE index.dat
* photorec : grab files from digital cameras
* readdbx : convert Outlook Express .dbx files to mbox format
* readoe : convert entire Outlook Express .directory to mbox format
* rifiuti : browse Windows Recycle Bin INFO2 files
* secure_delete : securely delete files, swap, memory....
* testdisk : test and recover lost partitions
* wipe : wipe a partition securely. good for prep'ing a partition for dd
* and other typical system tools used for forensics (dd, lsof, strings, grep, etc.)
firewall
/usr/bin/fw/
* blockall : script to block all inbound TCP (excepting localhost)
* flushall : flush all firewall rules
* firestarter : quick way to a firewall
* firewalk : map a firewall's rulebase
* floppyfw : turn a floppy into a firewall
* fwlogwatch : monitor firewall logs
* iptables 1.2.8
* gtk-iptables : GUI front-end
* shorewall 1.4.8-RC1 : iptables based package
honeypots
/usr/bin/honeypot/
* honeyd 0.7
* labrea : tarpit (slow to a crawl) worms and port scanners
* thp : tiny honeypot
ids
/usr/bin/ids/
* snort 2.1.0: everyone's favorite networks IDS
* ACID : snort web frontend
* barnyard : fast snort log
Download Code:
* http://www.skyrevolution.com/knoppix-std/download.php
* http://public.www.planetmirror.com/pub/knoppix-std/
* http://public.www.planetmirror.com/pub/knoppix-std/
* http://gd.tuwien.ac.at/opsys/linux/knoppix-std/
* http://ftp.ntua.gr/pub/linux/knoppix-std/
