|
Trinux Packages |
The following categorization describe the contents of various Trinux packages and, in many cases, provides links back to the home pages of the original tools. The goal is not to provide a comprehensive database of packages (ala Debian) but to give you a general idea of what the tool/package does so you can decide whether you want to include it in your Trinux "load."
The color (green, orange, red) of the package name rates my confidence in the package. Green packages have been fully tested and integrated into the boot process, while red packages have been tested somewhat (have worked at least once) but have not been fully integrated into the bootup/configuration process. Orange packages are somewhere in between.
Manditory Packages
These package are required to do anything useful. If you do not have them, you
will get errors when you try to use the tools.
- system.tgz - network daemons utilities for SMTP and CDP (usually on the boot floppy)
- baselib.tgz - essential libraries needed for most trinux apps. NOTE: This must be present in the trinux directory on your hard drive if you are loading
packages from it. It also include ldconfig and the full-blown kernel module utilities.
- dnslibs.tgz - libresolv, libnsl, libnss libraries (needed for DNS)
- bash.tgz - you will probably want this, because ash leaves a lot to be
desired.
- term.tgz - ncurses and terminal routines
- pthread.tgz - GNU thread libraries, needed for many tools
Optional Libraries
You can probably get by without these, but you may want to included them if you If you install any libraries after system bootup, you will need to run ldconfig.
- glib.tgz - libglib, libgmodule (needed for ethereal)
- libcpp28.tgz - libstdc++.so.2.8.0 (needed for any C++ apps)
- libcpp29.tgz - libstdc++-2-libc6.1-1-2.9.0.so (C++)
- libgmp.tgz - math libraries (needed for FreeS/WAN)
- libdb.tgz - database/hashing routines needed for perl and several of the dsniff tools.
Sniffers and Network Analyzers
These tools put the NIC into the promiscuous mode to capture traffic at the link layer. Sniffing may or may not be legal on your network.
- tcpdump.tgz - the original *nix sniffer
- ethereal.tgz - console version of Ethereal
- ngrep.tgz - applies regexes to network traffic, besides being a general purpose sniffer [H]
- ipgrab.tgz - another libpcap based sniffer that provides verbose, but easy-to-read protocol decodes [H]
- nstreams.tgz - another libpcap network monitor that identifies streams (IPs endpoints & protocols)
- iptraf.tgz - a curses-based network analysis tool
- trafshow.tgz - a nice curses monitoring program
- darkstat.tgz - statistics gathering similar to
ntop. [H]
- ipaudit.tgz - contains two pcap monitoring tools (ipstrings and ipaudit)
- pof.tgz - performs passive OS detection
- sniffit.tgz - command-line/menu driven sniffer [H]
- dsniff.tgz - a sniffer and much more including SSH,SSL,TCP hijacking [H]
- utcpdump.tgz - stripped down verison of tcpdump 3.4 small enough to put on the Trinux boot floppy for basic troubleshooting.
- angst.tgz - a "active" sniffer for capturing
packets on switched LANs [H]
- ettercap.tgz - A curses-based sniffer that utilizes
ARP spoofing to sniff across switches.[H]
- vomit.tgz - pcap based sniffer for decoding Cisco IP Phone conversations. [H
Network Mapping/Vulnerability Scanning
The following tools are useful for discovering network and system vulnerabilities. These are active security tools that probe systems and can be easily detected by IDS. Use of these tools may violate your organization's security policy. While none of these tools attempt to exploit vulnerabilities, these tools could crash servers or network devices. Use with caution.
- nmap.tgz - the one and only [H]
- scanners.tgz - a dozen tools (many taken form SAINT/SARA) for discovering application-layer vulnerabilities in protocols such as FTP, HTTP, NFS/RPC, DNS, and more.
- winscan.tgz - NetBIOS scanners including ADM-smb, nbtscan, and nbtstat
- xprobe.tgz - implements the ICMP fingerprinting techniques of Ofir Arkin [H]
- arping.tgz - sends ARP and/or ICMP requests to determine if a host/interface is active
- icmpenum.tgz - probes networks using ICMP echo/timestamp
- firewalk.tgz - useful for determining the ACLs that are in place on a firewall/router.
- telnetfp.tgz - conducts OS fingerprinting based on telnet option negotiation
- packetto.tgz - Paketto Keiretsu is a collection of tools that use new and unusual strategies for manipulating TCP/IP networks. [H]
on Telnet escape sequences.
Intrusion Detection
The following tools can be used to detect attacks against a Trinux system or monitor a network segment to perform network intrusion detection
- snort.tgz - the Lightweight Network Intrusion Detection System that also works nicely as a standalone sniffer. [H]
- sqlsnort.tgz - Snort with support for logging to a MySQL database.
- pakemon.tgz - another Open Source network IDS based on Libnet, Libnids, and libpcap. [H] with a large number of attack signatures.
- iplog - a port logger that provides more flexibility that scanlogd which is built into Trinux (used for monitorying attacks against your Trinux box)
- labrea - Tom Liston's great anti-Code Red tarpit
tools. [ H]
- despoof.tgz - a proof-of-concept tool for detecting spoofed packets
Packet Generators
These tools can be use to build and send custom TCP/IP packets. While many of these tools have similar (or even overlapping) features, they all have their niche.
- dnet.tgz - nice little tool from libdnet. [H]
- hping2.tgz - one of the best tools for building ICMP/TCP/UDP packets from the command line. Useful for port scanning, network mapping, and general purpose network security research. [H]
- irpas.tgz - a very nasty set of tools that if I
told you about it I might get fired ;) - [
- isic.tgz - a Libnet based tool for generating garbage Ethernet/IP/UDP/TCP traffic [H]
- nemesis.tgz - Another Libnet based "packet-injection" suite that support OSPF and IGMP along with the usual [H]
- sing.tgz - another tool for generating ICMP datagrams [H]
- packit.tgz - network auditing tool. Its value is derived from its ability to customize, inject, monitor, and manipulate IP traffic. [H]
- packedit.tgz - contains editcap, a utility from ethereal for modifying captured tcpdump files and tcpreplay, for replaying captured tcpdump files.
- frgroutr.tgz - fragments traffic to evade IDS or
other security devices
- sendip.tgz - a nice command-line tool for generating IP, IPv6, UDP, TCP, and RIP traffic that is under active development. [H]
- sendpkt.tgz - another command-line packet generation tools
- mpac.tgz - a packet generation tool that allows you to specify a file for each layer (TCP,IP,Ethernet)
- nasl.tgz - NASL is the language used by Nessus scanner to conduct vulnerability checks.
Proxies and Tunneling Tools
- httptunl.tgz - tunnels TCP traffic over HTTP
- ncovert.tgz - NMRC covert channel using ISN to transmit data from one computer to another
- redir.tgz - peforms TCP port forwarding
- tunnel.tgz - kernel modules and user space tool for building IPIP and GRE tunnels
Encryption Packages
The following tools may/may not be legal in your country. See the crypto page for more information on export issues.
- dropbear.tgz - a small SSH2 server. [H]
- gnupg.tgz - GNU Privacy Guard is the Open Source replacement for PGP.
- ncrypt.tgz - NMRC symmetric file encryptor/decryptor/wiper that includes multiple crypto choices (Rijndael, Serpent, or Twofish) and multiple secure file wiping techniques. [H]
- openssh.tgz - SSH client
- opensshd.tgz - SSH server daemon for remotely logging into Trinux boxes (RSA Signatures only)
- ssldump.tgz - a libpcap based SSL sniffhttp://matt.ucc.asn.au/dropbear/dropbear.html">H]
- stunnel.tgz - SSL port forwarding/tunneling tool
- openssl.tgz - the command-line tool from OpenSSL for creating digital certificats and performing all sorts of crypto tasks.
- zebedee.tgz - a socket level encryption tool that uses zlib, diffie-helman, and blowfish to encrypt TCP/UDP traffic.
Miscellaneous Security Utilities
- frgroutr.tgz - Dug Song's excellent tool for building fragmented packet streams [H]
- zodiac.tgz - A menu-driven DNS spoofing tool
- sentinel.tgz - an Open Source sniffer detection tool
- hunt.tgz - A menu-driven to for conducting ARP spoofing, TCP session hijacking, and sniffer discovery [H]
Web Utilities
HTTP client and server applications have a history security vulnerabilities. These packages have not been systematically audited for buffer overflows, susceptiblility to DoS attacks.
- links.tgz - Links is a console-based web browser that does a better job of rendering HTML than Lynx.
- curl.tgz - a multi-purpose FTP, HTTP, HTTPS, GOPHER, etc. client that provides many more features than the stripped-down version of wget included with busybox.
- wget.tgz - GNU wget
- apache.tgz - Apache Server [H]
- authforce.tgz - a tool for for brute-forcing
HTTP servers [H]
- hammerhead.tgz - a tool for stress-testing HTTP & HTTPS servers and web sites. [H]
- webfsd.tgz - a a lightweight webserver that can be started from the command-line if you need to quickly retrieve some files from a Trinux box. The webfs startup script only allows the local class C and hosts/networks specified /tux/pkg/webfsd/.
Network Utilities
- netconf.tgz - full version of ifconfig and route
- bind.tgz - ISC bind 8.2.2p7 nameserver
- dhcpcd.tgz - a small DHCP client included on the boot
floppy
- dhcpd.tgz - ISC DHCP server
- dhclient - another DHCP client, slightly larger than pump
or dhcpcd
- echoping.tgz - a TCP/UDP network bandwidth
measurement tool
- netutil.tgz - basic tools including arp, ftp, netcat, rsh, telnet, tftp, traceroute, netstat, and jumpgate (for port forwarding)
- pump.tgz - the standard DHCP client used by
RedHat, Debian, and probably other distributions
- dnsutil.tgz - utilities for querying DNS servers (dig, nslookup, whois)
Scripting Languages
As far as I know, Trinux includes more scripting languages than any other compact linux distribution. You can see why.
- python1.tgz, python2.tgz, python3.tgz, python4.tgz - Python 1.5.2 packages.
- perlbin.tgz - Perl 5.6.0 interpreter, try this first then add the packages below depending on what you need. See the contents of the packages for more details
- perlauto.tgz, perlcore.tgz, perlmods.tgz, perluni.tgz, perlsite.tgz - the Perl modules (including Perl DBD/MySQL/Net::Pcap, and Net:RawIP)
- phpcgi.tgz - The PHP 4 interpreter. Yes, even PHP can be used as a shell scripting language and of all the scripting languages available in Trinux, this package provides the most bang for the buck. MySQL support is enabled. The mysql package is not needed. See this article for hints and tips.
Text Editors
- nano.tgz - an easy to use editor for non-UNIX folks
that clones pico.
- vi.tgz - elvis, a slim version of vi
- vim.tgz - Vim 4.6, a more complete version of the
venerable vi edit we all know and love.
Disk and Filesystem Tools
For most of these you will need to install the ide.tgz kernel package and
filesystem modules from fsmods.tgz
- diskutil.tgz - low level tools for disks and
filesystems: [sc]fdisk, lde, mkdosfs, fdfomat
- ext2tools.tgz - e2fsck, mke2fs, badblocks and
supporting libraries
- fileutil.tgz - bvi, hexdump, strings,
- tctbin.tgz - non-Perl tools from The Coronoer's
Toolkit and TCTUTILS including bcat, blockcalc, file, fls, icat, ils, istat,
pcat, and more
Wireless
- kismet.tgz - an 802.11b sniffer [H]
- wlan-ng.tgz - userspace utilities for
configuring prism based wireless cards. CAUTION: I have only have the PCI card
working at this point. Requires appropriate kernel modules. [H].
Kernel Modules
These are packaged version of kernel modules necessary for filesystem or
hardware support. Post-0.80 releases support the "getkpg" command. Kernel module
packages are found within the http://trinux.sf.net/pkg/2.4.x/ directory.
- netfilter.tgz - firewall kernel modules
- iptables.tgz - kernel-specific application for manipulating firewall rules
- usb-core.tgz - base USB support, required for any USB devices
- usb-net.tgz - USB network devices
- pnp.tgz - Plug-n-Play, required for many devices
- win-fs.tgz - SMB filestems RO support for NTFS
- linux-fs.tgz - ext2, ext3, and reiserfs
Miscellaneous
These don't fit in anywhere else:
- debug.tgz - utilities for debugging: strace and ltrace
- sysutil.tgz - tools for monitoring system status (top, procinfo, si, etc.)