Archive | Tools

Security tools both offensive and defensive in nature.

WordPress User Enumeration

A common technique to reveal the usernames of a WordPress based site can be undertaken with this simple bash one liner. In many WordPress installations it is possible to enumerate usernames through the author archives, (usually ID:1). This is not a new trick and is available in a number of WordPress Security Testing tools. Here […]

Continue Reading

ngrep and tcpflow – packet capture on a shoestring

The Ngrep and TCPflow packet capture tools are useful for fast access to packets on the wire. As you will see they make grabbing text out of the network stream a piece of cake. You may have heard of Wireshark (formerly Ethereal), a powerful network packet capture tool that enables a user to grab packets […]

Continue Reading

Firewall Testing with a remote Port Scanner

A Firewall Test conducted by an external port scanner will quickly identify open services and weakness in firewall configurations. In this post I will revisit some of the benefits of a remote firewall test and cover the basics of why a firewall is still an important part of any Internet connected system. Why you need […]

Continue Reading

Update GeoIP data for Splunk App

If you are using the GeoIP app for Splunk you will find that it has not been updated recently. The last update was June 2011. Following my recent post regarding the installation of Splunk on an Ubuntu based system I started to dig into this app and found that it is a simple matter to […]

Continue Reading

Install Splunk on Ubuntu in 5 mins

Splunk is a powerful log database that can be used for analysis of any sort of log data through its easy to use search engine. Security logs, Syslog, Web server logs and Windows logs are just the beginning. One of the great features of Splunk is that you can feed pretty much any log into […]

Continue Reading

11 Offensive Security Tools for SysAdmins

Offensive security tools are used by security professionals for testing and demonstrating security weakness. Systems Administrators and other IT professionals will benefit from having an understanding of at least the capabilities of these tools. Benefits include preparing systems to defend against these types of attacks and being able to identify the attacks in the case […]

Continue Reading

10 Essential Open Source Security Tools

There are thousands of open source security tools with both defensive and offensive security capabilities. The following are 10 essential security tools that will help you to secure your systems and networks. These open source security tools have been given the essential rating due to the fact that they are effective, well supported and easy […]

Continue Reading

Firewalling Ubuntu with UFW for IPv4 + IPv6

Under Ubuntu you can quickly build an based firewall using the handy built in firewall configuration tool UFW. Network architectures will vary but if you are deploying Internet facing Servers you generally should be configuring a host based firewall. It can provide protection to listening services that don’t need to be Internet accessible, in addition […]

Continue Reading

Bro-IDS installation in Ubuntu 12.04

Bro is a well regarded Intrusion Detection System (IDS) that I have always wanted to play with. In this guide I will install and get started with an install of Bro-IDS on Ubuntu. The detection focus of Bro IDS is more network flow rather than signature based and does not get the same attention as […]

Continue Reading

Nessus, OpenVAS and Nexpose VS Metasploitable

In this high level comparison of Nessus, Nexpose and OpenVAS I have made no attempt to do a detailed metric based analysis. The primary reason for this is that it would be time consuming and difficult to get a conclusive result. This is due to the large differences in not only detection but also categorization […]

Continue Reading