Free thc probe 4.1 software for linux

THC-Parasite v1.2 allows you to sniff on switched networks by performing ARP man-in-the-middle spoofing. Selective targets, DOS and various other features present.
Have you ever sniffed on a switch? Without special tools you will see no (no thats not true, but lets simplify that statement) which is not destined for your machine. This gives you 3 options to do to be able to sniff on the LAN.
1) ARP Spoofing
2) MAC Flooding
3) MAC duplicating
4) Routing attacks
5) hook your laptop to the uplink trunk
1+2+3 are possible with this tool
3 you can also do with any linux/solaris/etc. via the ifconfig command
4 I know no good tools for this (except icmp_redir)
5 needs physical access to the switch component.
For 2, there are already a few tools available, the best is the one by Dug Song as part of dsniff. See http://www.monkey.org/~dugsong/ For 1, you will only find tools which send fake ARP packets to defined single machines. This is not effective if you want to sniff the whole LAN. Thats what this tool is for, bypass the basic switch security to be able to see all traffic on the LAN.
With this tool you can NOT sniff on a different VLAN on the same switch! There are other ways to do this ...
Enhancements:
- made OpenBSD port (tcp/ip config via sysctl)
- made Solaris port (tcp/ip config via ndd)
- added sysctl support for Linux (before directly /proc writing was done)
- added -p percent option, to give a percent chance for every arp request being replied. this is a nice features for DOS.
- renamed LINUX_SPEED_HACK to SPEED_HACK as it works as well on Solaris and OpenBSD.

THC-Yaotp (Yet Another One-Time Pad) is a tool that implements so called one-time pads and that is useful only to the totally paranoid geek.
Main features:
- Real random number generation by audio sampling and hashing. Generated data passes the DIEHARD RNG test suite.
- Automatic sanity check of random data using statistic values (mean, deviation, entropy) to avoid sampling EMI noise or silence.
- Key management that enforces one-time usage and irreproducible key destruction similar to secure-delete
- Obligatory message compression, checksumming, uuencoding and PGP-like ASCII output
- No whistles and bells, but a tool for the true security fanatic. (Maybe even NSA-resistent)
Example message:
BEGIN YAOTP MSG {qvT6ibeE8gQuH3iSN4knl3fDN9TlfkEkd6+74/zWoksuk27oSZIAx2d0gZeT fXZBm+BezyjYqPX+VPPiACkiyGB12E4nHW7MYm9eOlagnnPLUae/uAAAAACb} END YAOTP MSG
And the corresponding test.key
Key file: test.key
Total key size: 8192
Available key size: 8192
Creation time: Thu Aug 5 16:14:55 2004
Key label: Test Key
You can decrypt the above message by downloading this page and the key and executing Yaotp with the following options:
$ wget www.thc.org/thc-yaotp/test.key
$ wget www.thc.org/thc-yaotp/index.html
$ cat index.html | yaotp -k test.key -d -v

mrtg-mica-probe is a Telebit MicaBlazer modem usage probe.
mrtg-mica-probe is a modem usage probe for the ITK NetBlazer 6100 (formerly Telebit MicaBlazer) 3.32. It is used to monitor the number of used modem and ISDN lines.
The latest release of mrtg-mica-probe can always be found on the web at http://pwo.de/projects/mrtg/ or via anonymous ftp at ftp://ftp.pwo.de/pub/pwo/mrtg/mrtg-mica-probe/.
mrtg.cfg-mica shows some sample mrtg.cfg entries.
Enhancements:
- added documentation to workaround a Telebit bug that might prevent SNMP from starting correctly.

mrtg-misc-probe probes different system features for mrtg to graph.
Currently it can probe:
- percent usage of disk space and inodes for UFS filesystems
- percent usage of disk space for VxFS filesystems
- incoming and outgoing mail messages on sendmail mail server
- total size of mail messages sendt and received on sendmail mail server
- network delay using NTP peers/servers
- number of ClearCase vobs and views
- number of available and used ClearCase and MultiSite licenses
- number of active and disconnected sessions of a Citrix Metaframe server
- number of reachable hosts in a given network range
- network device reachability (ping success)
Enhancements:
- New probes: ctxmf - number of active and disconnected Citrix Metaframe sessions; hostcount - scan given nmap-network-range and return number of hosts found.

ETrace is a configurable static port network tracing tool, similar to traceroute, but supporting ICMP, TCP, UDP and other IP protocols.

Usage:

etrace [ -BbCcnv ] [ -p profile ] [ -F config ] [ -i interface ] [ -I icmp-type ] [ -T port ] [ -U port ] [ -P protocol ] [ -r probe-count ] [ -t timeout ] [ -1 hop ] [ -h hop ] [ -m hop ] [ -A address ] [ -s port ] [ -f flags ] [ -d data ] [ -D data-file ] [ -R count ] [ -q seq] [ -w window ] target [...]

Options:

etrace has a wealth of options ranging in function from controlling output to the detailed construction of trace packets.

Profile Options:

A profile is a pre-configured list of options stored in a shared, or user specific configuration file. By defining profiles, complex etrace option sets can be easily accessed with a single command line option.

-p, --profile
Specify a profile.
-C, --clear
Clear the current list of probes. This option can be used to allow a profile to inherit options from another profile, but specify its own list of probes.
-F, --config
Specify an alternative profiles file.

Interface options

-i, --interface
Specify interface. If unspecified, etrace will examine the routing table and select the most appropriate interface for each target address.
-c, --promisc
Put in interface into promiscuous mode. As this option increases the load on the system in general, it should only be used if spoofing of source packets address is enabled with the "-A" option.
Trace Type Options
-I, --icmp
Specify an ICMP trace and the packet type to use. ICMP traces may use Echo (E or P), Timestamp (T or S), Netmask (N or M) or Info (I). The default trace probe is an ICMP Echo.
-h, --hop
Specify a specific hop to investigate.
-m, --maximum
Specify the maximum number of hops.
-r, --probes
Set the maximum number of probes to send per hop. The default is 3.
-t, --timeout
Set the maximum amount of time, in milli-seconds, to wait for a response to a probe. The default is 3000 (three seconds).

Packet Construction Options

-A, --address
Specify the source IP address of generated packets.
-s, --source
Set the source port of the generated probe packets. If unspecified, etrace uses a random high port.
-f, --flags
Specify TCP and/or IP flags. Takes a comma delimitered list of any of the following flags: RF, DF, MF, FIN, SYN, RST, PSH, ACK, URG, ECE, CWR (Default: SYN)
-d, --data
Specify the data content of generated probe packets. Standard meta-characters are recognised (e.g. "nt") as are binary values given in octal (e.g. " 00x00");
-D, --data-file
Load the data content of the generated probe packets from the specified file. Filenames beginning with @ a loaded from the etrace shared data directory (usually /usr/local/share/etrace). etrace currently ships with the following predfined packet data files: dns, ike.
-R, --random
Fill the data content of the generated probe packets with the specified number of random bytes.
-b, --badcksum
Generate and send probe packets with bad checksums.
-q, --seq
Specify the TCP sequence number.
-w, --window
Specify the TCP window size.

Output Options

-v, --verbose
Increase output verbosity.
-B, --debug
Enable debugging output.
-n, --numeric
Disable name resolution.

Examples:

etrace www.sample.com

Launches a trace ICMP Echo, the default, trace to www.sample.com. Specifiying the options "-I E" whould accomplish the same results.

etrace -T 80 www.sample.com

Similar to the previous example, except the trace is performed on TCP port 80.

etrace --udp 53 --data-file @dns ns.sample.com

Starts are trace to ns.sample.com on UDP port 53 with the trace packets containing data loaded from the file /usr/local/share/etrace/dns (a file supplied with etrace that contains a simple dns request to resolve 127.0.0.1).

etrace -p dns -p fast ns.sample.com

The default profiles shipped with etrace include "dns" (which equates to the options shown in the previous example) and "fast" (which decreases both timeouts and the number of probes sent for each hop, as well as disabling name resolution). Profiles are stackable, with latter options overriding those specified in earlier profiles.

THC-SecureDelete is the best secure data deletion toolkit! If you overwrite a file for 10+ times, it can still be recovered. Read why and use the programs included (w/src!).

These tools can wipe files, free disk space, swap and memory! Changes: Linux LKM for secure file deletion included, small bufixes.

COMMANDLINE OPTIONS

Here are the commandline options:

srm [-d] [-f] [-l] [-l] [-v] [-z] file [file] [another file] [etc.]
sfill [-i] [-I] [-f] [-l] [-l] [-v] [-z] target-directory
sswap [-f] [-l] [-l] [-v] [-z] /dev/of_swap_filesystem
smem [-f] [-l] [-l] [-v]

The -s options are depricated now, and will be ignored.

-d dont delete the dot special files "." and ".." on the
commandline (only srm)
-i wipe only free inode space, not free disk space on the filesystem
(only sfill)
-I wipe only free disk space, not free inode space on the filesystem
(only sfill)
-f fast writes without O_SYNC and sync() between writes. Much faster
but less secure.
-l lessens the security. Only one random plus one pass with 0xff are
written.
-l a seconds time as parameter switches into the insecurest mode,
it overwrites the file only once with 0xff.
-v turn verbose mode on.
-z last wipe mode writes zeros instead of random data
file file to delete. Wildcards are of course allowed.
For unix: you need write permissions. For msdos: It may be hidden,
system, readonly etc. we dont care.
target-directory target is a directory in the filesystem to write to.
swap_filesystem your swap filesystem. Unmount it first!!
only tested on linux

Options may be applied like "-lfv", "-l -f -v" or a mix.

Note: If you use a gnu-compactible linux, you can use the patch rm.diff included in the package to put the features from srm into your normal rm. Just enter your fileutils-3.16 directory, type "patch < rm.diff" and then "make". You need at least one -s switch to activate (1 overwrite). Note that -sss is needed for full security.

NOTE:

For the linux kernel module, you just have to do "insmod sdel-mod" to load the module. After that, all files, which are deleted by any program are then wiped once before the space is marked as free.