Free network security software for linux

Plan-B is a bootable Linux environment without the need for a hard drive, it runs entirely in ram or from the cd, based on a basic, stripped installation of Red Hat Linux and the fundamental workings of the SuperRescue CD. A list of tools and utilities are also included for projects such as:

* Forensics/Data Recovery
* System/Network Analysis and Security Scanning
* Temporary Network Device/Server
* IDS / NIDS System
* Network Status Report Creation

My reason for its creation came about due to finding other similar projects (SuperRescue CD, Biatchux (F.I.R.E.), Trinux, Knoppix) to be geared toward only a single area of the broad spectrum I was looking for. The first of which (by H. Peter Anvin, the author of Syslinux, Isolinux, and zisofs) was the only one close to the concept I had in mind which is why I chose it as the foundation for this cd. After not finding what I was really looking for, the "All-in-One", I decided the only way to get it was to build one myself.

Devolution Security is a video surveillance system for Linux based systems. It supports up to 16 cameras and features unicast and multicast broadcasting, a Web interface, an X11 interface, themes, motion detection, record on motion, eight different camera layouts, camera cycling, fullscreen mode, and more. Devolution Security uses its own toolkit (dtk).
Main features:
- Up to 16 cameras
- Motion detection
- Record on motion detection
- Record up to 25 fps mpeg4 video
- Multicast live streams to local network
- Unicast to internet IP address
- Very configurable
- Themeable X11 interface
- Web based interface

BASE is the Basic Analysis and Security Engine. It is based on the code from the Analysis Console for Intrusion Databases (ACID) project.
This application provides a web front-end to query and analyze the alerts coming from a SNORT IDS system.
BASE is a web interface to perform analysis of intrusions that snort has detected on your network. It uses a user authentication and role-base system, so that you as the security admin can decide what and how much information each user can see. It also has a simple to use, web-based setup program for people not comfortable with editing files directly.
BASE is supported by a group of volunteers. They are available to answer any questions you may have or help you out in setting up your system. They are also skilled in intrusion detection systems and make use of that knowledge in the development of BASE.
Enhancements:
- This release fixes a number of bugs with PHP 5.
- It also adds a number of new features.

Operator is a complete Linux (Debian) distribution that runs from a single bootable CD and runs entirely in RAM.
The Operator contains an extensive set of Open Source network security tools that can be used for monitoring and discovering networks.
This virtually can turn any PC into a network security pen-testing device without having to install any software. Operator also contains a set of computer forensic and data recovery tools that can be used to assist you in data retrieval on the local system.
Starting with the 3.3 version of Operator, we have started completely from scratch by installing a basic Debian installation then adding the KNOPPIX functionality afterwards. This allowed us to have more control and understanding of what is on the CD.
Main features:
- Debian based Linux Installation
- Linux-Kernel 2.4.31
- KDE V3.3.2-1
- wine Windows Emulator (Binary Emulator)
- Konqueror and Mozilla Firebird Web Browsers
- Koffice which includes korganizer, kword, kspread and more
- X Multimedia System (xmms) an MPEG-video, MP3
- Internet connection software kppp,pppoeconf (DSL)
- utilities for data recovery and system repairs, even for other operating systems
- network and security analysis tools for network administrators
- many programming languages, development tools
- in total more than 900 installed software packages with over 2000 executable user programs and utilities
- 100+ Unix/Windows Exploits and Tools ready to run
Enhancements:
- Modified wireless_select to use /proc/net/dev instead of /proc/net/wireless. Some cards were not showing up after they were reinserted like orinoco.
- Added package aim_1.5.286 AOL Instant Messenger
- Stripped down locales to use en_, de_, es_ only
- upgraded hydra-4.6 to hydra-4.7
- Added BusLogic driver to the kernel so that vmware would not panic when booting after an HD install.
- Updated Metasploit framework from 2.3 to 2.4
- reinstalled libnet1-dev
- fixed captive-ntfs
- Added new Exploits:
- HOD-ms05039-pnp-expl - (MS05-039) Microsoft Windows Plug-and-Play Service Remote Overflow
- HOD-kerio-firewall-DoS-expl - Kerio Personal Firewall Multiple IP Options Denial of Service
- HOD-ms04031-netdde-expl - Microsoft Windows NetDDE Remote Buffer Overflow Exploit
- HOD-ms04032-emf-expl - Microsoft Windows Metafile (.emf) Heap Overflow Exploit
- HOD-ms05002-ani-expl - Internet Explorer .ANI files handling Universal Exploit
- HOD-ms05017-msmq-expl - Message Queuing Buffer Overflow Universal Exploit
- DSR-cpanel - POC for Cpanel 5 and below
- cpanel-9x_RCE - POC for Cpanel 9 and below
- DSR-nethack - local exploit for Nethack 3.4.0
- phpLDAPadmin - phpLDAPadmin 0.9.6 - 0.9.7 Remote command Execution
- phpbb.php - phpBB 2.0.10 Remote command Execution
- HP_OV_NNM_RCE - HP OpenView Network Node Manager 6.2, 6.4, 7.01, 7.50 Remote Command Execution
- Added new Tools:
- zebra 0.94 - Tool that manages TCP/IP based routing protocols
- voipong 1.2 dev - VoIP call detector and voice dumper VoIPong is a utility which detects all Voice Over IP calls on a pipeline, and for those which are G711 encoded, dumps actual conversation to seperate wave files. It supports SIP, H323, Ciscos Skinny Client Protocol, RTP and RTCP.
- Upgraded yersinia v0.5.3 to v0.5.6 - Framework for performing layer 2 attacks
- ike-scan v1.2 - Discover and fingerprint IKE hosts (IPsec VPN Servers)

Linux Netwosix is a powerful and optimized Linux distribution for servers and Network Security related jobs.
Linux Netwosix can be also used for special operations as penetration test with its big collection of softwares and sources security oriented. Its a ligh distribution created for the requirements of every SysAdmin and its very portable and highly configurable. Our philosophy is to give a big liberty of configuration to the SysAdmin.
Only in this way he/she can configure a powerful and stable server machine. Linux Netwosix have also a powerful ports system (Nepote) similar to the xBSD systems but more flexible and usable.
Whats New in 1.3 Release:
- New improved SETUP method
- All packages upgraded to latest and fixed versions.
- Very very light iso image fast to download and install (~240MB).
- It runs Linux Kernel 2.6.14.4
- System binaries linked with the GNU C Library, version 2.3.5.
- Iptables 1.3.1
- GCC 3.4.3 as the default C compiler.
- It runs "nepote" as default Porting Tool (updated with the new packages).
- Perl 5.8.6 as perl compiler.
Whats New in 2.0 RC1 Release:
- New improved SETUP method (screenshots here: http://www.netwosix.org/screenshots.html)
- All packages upgraded to latest and fixed versions.
- Very very light iso image fast to download and install (~248MB).
- It runs Linux Kernel 2.6.14.5
- System binaries linked with the GNU C Library, version 2.3.5.
- Iptables 1.3.1
- GCC 3.4.3 as the default C compiler.
- It runs "nepote" as default Porting Tool (updated with the new packages).
- Perl 5.8.6 as perl compiler.

Deep Network Analyzer is an flexible, open and extensible deep network analyzer (software server) and architecture for gathering and analyzing network packets, network sessions and applications protocols, passively off enterprise class networks.
DNA is designed to be used for Internet Security, Intrusion detection, Network Management, Protocol and Network Analysis, Information Gathering, Network Monitoring applications.
DNA runs as a distributed application under a Java Virtual Machine (JVM) environment and is portable across many OS environments, including: Network appliances, Switches and Routers.
Main features:
- Deep packet and session processing (layers 2-7)
- Configurable processing and output:
- Layer 4 Packet flows
- Layer 4-7 Stateful Sessions flows (client/server flow pairs)
- Layer 7 Packet and Session Application protocol Parsing (HTTP, DNS, P2P, VoIP, etc)
- Application protocol parsing toolkit enables easy devlopment of new new protocol parsers.
- Support for both symmetric and asymmetric routing links.
- Targeting based full session capture facility, like a real time targeted TCPDump.
- Flexible targeting from IP address, port tuple to application sensitive targeting.
- Configurable and extensible output adaptor utilizing OpenAdaptor able to send output to a varity of resources including: Flat file, Oracle, MySQL, MSSQL, Sybase, Sockets, JMS, RMI, WebService.
- Extensible real time collection engine portable across many OS/Packet processing environment :
- Specialized linux drivers mechanisms
- Network Appliances
- Network Switches / Routers
- Highly paralleliszed for increased performance over multi processor environment
- System metadata dictionary externalizes processing type definition
Enhancements:
- Adoption of OpenAdaptor(tm) as the Output Adapter mechanism.
- Support for local-only administration.
- A new targeted packet capture parser, new run scripts, and a new install mechanism.
- Many bugfixes.

Firewalk is an active reconnaissance network security tool that attempts to determine what layer 4 protocols a given IP forwarding device will pass. Firewalk project works by sending out UDP or TCP packets with a TTL one greater than the targeted gateway.

If the gateway allows the traffic, it will forward the packets to the next hop where they will expire and elicit an ICMP_TIME_EXCEEDED message. If the gateway hostdoes not allow the traffic, it will likely drop the packets on the floor and we will see no response.

To get the correct IP TTL that will result in expired packets one beyond the gateway we need to ramp up hop-counts. We do this in the same manner that traceroute works. Once we have the gateway hopcount (at that point the scan is said to be `bound`) we can begin our scan.

It is significant to note the fact that the ultimate destination host does not have to be reached. It just needs to be somewhere downstream, on the other side of the gateway, from the scanning host.