Trinux Packages

Trinux
Packages

The following categorization describe the contents of various Trinux packages and, in many cases, provides links back to the home pages of the original tools. The goal is not to provide a comprehensive database of packages (ala Debian) but to give you a general idea of what the tool/package does so you can decide whether you want to include it in your Trinux "load."

The color (green, orange, red) of the package name rates my confidence in the package. Green packages have been fully tested and integrated into the boot process, while red packages have been tested somewhat (have worked at least once) but have not been fully integrated into the bootup/configuration process. Orange packages are somewhere in between.

Manditory Packages
These package are required to do anything useful. If you do not have them, you will get errors when you try to use the tools.

system.tgz - network daemons utilities for SMTP and CDP (usually on the boot floppy)
baselib.tgz - essential libraries needed for most trinux apps. NOTE: This must be present in the trinux directory on your hard drive if you are loading packages from it. It also include ldconfig and the full-blown kernel module utilities.
dnslibs.tgz - libresolv, libnsl, libnss libraries (needed for DNS)
bash.tgz - you will probably want this, because ash leaves a lot to be desired.
term.tgz - ncurses and terminal routines
pthread.tgz - GNU thread libraries, needed for many tools

Optional Libraries
You can probably get by without these, but you may want to included them if you If you install any libraries after system bootup, you will need to run ldconfig.

glib.tgz - libglib, libgmodule (needed for ethereal)
libcpp28.tgz - libstdc++.so.2.8.0 (needed for any C++ apps)
libcpp29.tgz - libstdc++-2-libc6.1-1-2.9.0.so (C++)
libgmp.tgz - math libraries (needed for FreeS/WAN)
libdb.tgz - database/hashing routines needed for perl and several of the dsniff tools.

Sniffers and Network Analyzers
These tools put the NIC into the promiscuous mode to capture traffic at the link layer. Sniffing may or may not be legal on your network.

tcpdump.tgz - the original *nix sniffer
ethereal.tgz - console version of Ethereal
ngrep.tgz - applies regexes to network traffic, besides being a general purpose sniffer [H]
ipgrab.tgz - another libpcap based sniffer that provides verbose, but easy-to-read protocol decodes [H]
nstreams.tgz - another libpcap network monitor that identifies streams (IPs endpoints & protocols)
iptraf.tgz - a curses-based network analysis tool
trafshow.tgz - a nice curses monitoring program
darkstat.tgz - statistics gathering similar to ntop. [H]
ipaudit.tgz - contains two pcap monitoring tools (ipstrings and ipaudit)
pof.tgz - performs passive OS detection
sniffit.tgz - command-line/menu driven sniffer [H]
dsniff.tgz - a sniffer and much more including SSH,SSL,TCP hijacking [H]
utcpdump.tgz - stripped down verison of tcpdump 3.4 small enough to put on the Trinux boot floppy for basic troubleshooting.
angst.tgz - a "active" sniffer for capturing packets on switched LANs [H]
ettercap.tgz - A curses-based sniffer that utilizes ARP spoofing to sniff across switches.[H]
vomit.tgz - pcap based sniffer for decoding Cisco IP Phone conversations. [H

Network Mapping/Vulnerability Scanning
The following tools are useful for discovering network and system vulnerabilities. These are active security tools that probe systems and can be easily detected by IDS. Use of these tools may violate your organization's security policy. While none of these tools attempt to exploit vulnerabilities, these tools could crash servers or network devices. Use with caution.

nmap.tgz - the one and only [H]
scanners.tgz - a dozen tools (many taken form SAINT/SARA) for discovering application-layer vulnerabilities in protocols such as FTP, HTTP, NFS/RPC, DNS, and more.
winscan.tgz - NetBIOS scanners including ADM-smb, nbtscan, and nbtstat
xprobe.tgz - implements the ICMP fingerprinting techniques of Ofir Arkin [H]
arping.tgz - sends ARP and/or ICMP requests to determine if a host/interface is active
icmpenum.tgz - probes networks using ICMP echo/timestamp
firewalk.tgz - useful for determining the ACLs that are in place on a firewall/router.
telnetfp.tgz - conducts OS fingerprinting based on telnet option negotiation
packetto.tgz - Paketto Keiretsu is a collection of tools that use new and unusual strategies for manipulating TCP/IP networks. [H] on Telnet escape sequences.

Intrusion Detection
The following tools can be used to detect attacks against a Trinux system or monitor a network segment to perform network intrusion detection

snort.tgz - the Lightweight Network Intrusion Detection System that also works nicely as a standalone sniffer. [H]
sqlsnort.tgz - Snort with support for logging to a MySQL database.
pakemon.tgz - another Open Source network IDS based on Libnet, Libnids, and libpcap. [H] with a large number of attack signatures.
iplog - a port logger that provides more flexibility that scanlogd which is built into Trinux (used for monitorying attacks against your Trinux box)
labrea - Tom Liston's great anti-Code Red tarpit tools. [ H]
despoof.tgz - a proof-of-concept tool for detecting spoofed packets

Packet Generators
These tools can be use to build and send custom TCP/IP packets. While many of these tools have similar (or even overlapping) features, they all have their niche.

dnet.tgz - nice little tool from libdnet. [H]
hping2.tgz - one of the best tools for building ICMP/TCP/UDP packets from the command line. Useful for port scanning, network mapping, and general purpose network security research. [H]
irpas.tgz - a very nasty set of tools that if I told you about it I might get fired ;) - [
isic.tgz - a Libnet based tool for generating garbage Ethernet/IP/UDP/TCP traffic [H]
nemesis.tgz - Another Libnet based "packet-injection" suite that support OSPF and IGMP along with the usual [H]
sing.tgz - another tool for generating ICMP datagrams [H]
packit.tgz - network auditing tool. Its value is derived from its ability to customize, inject, monitor, and manipulate IP traffic. [H]
packedit.tgz - contains editcap, a utility from ethereal for modifying captured tcpdump files and tcpreplay, for replaying captured tcpdump files.
frgroutr.tgz - fragments traffic to evade IDS or other security devices
sendip.tgz - a nice command-line tool for generating IP, IPv6, UDP, TCP, and RIP traffic that is under active development. [H]
sendpkt.tgz - another command-line packet generation tools
mpac.tgz - a packet generation tool that allows you to specify a file for each layer (TCP,IP,Ethernet)
nasl.tgz - NASL is the language used by Nessus scanner to conduct vulnerability checks.

Proxies and Tunneling Tools

httptunl.tgz - tunnels TCP traffic over HTTP
ncovert.tgz - NMRC covert channel using ISN to transmit data from one computer to another
redir.tgz - peforms TCP port forwarding
tunnel.tgz - kernel modules and user space tool for building IPIP and GRE tunnels

Encryption Packages
The following tools may/may not be legal in your country. See the crypto page for more information on export issues.

dropbear.tgz - a small SSH2 server. [H]
gnupg.tgz - GNU Privacy Guard is the Open Source replacement for PGP.
ncrypt.tgz - NMRC symmetric file encryptor/decryptor/wiper that includes multiple crypto choices (Rijndael, Serpent, or Twofish) and multiple secure file wiping techniques. [H]
openssh.tgz - SSH client
opensshd.tgz - SSH server daemon for remotely logging into Trinux boxes (RSA Signatures only)
ssldump.tgz - a libpcap based SSL sniffhttp://matt.ucc.asn.au/dropbear/dropbear.html">H]
stunnel.tgz - SSL port forwarding/tunneling tool
openssl.tgz - the command-line tool from OpenSSL for creating digital certificats and performing all sorts of crypto tasks.
zebedee.tgz - a socket level encryption tool that uses zlib, diffie-helman, and blowfish to encrypt TCP/UDP traffic.

Miscellaneous Security Utilities

frgroutr.tgz - Dug Song's excellent tool for building fragmented packet streams [H]
zodiac.tgz - A menu-driven DNS spoofing tool
sentinel.tgz - an Open Source sniffer detection tool
hunt.tgz - A menu-driven to for conducting ARP spoofing, TCP session hijacking, and sniffer discovery [H]

Web Utilities
HTTP client and server applications have a history security vulnerabilities. These packages have not been systematically audited for buffer overflows, susceptiblility to DoS attacks.

links.tgz - Links is a console-based web browser that does a better job of rendering HTML than Lynx.
curl.tgz - a multi-purpose FTP, HTTP, HTTPS, GOPHER, etc. client that provides many more features than the stripped-down version of wget included with busybox.
wget.tgz - GNU wget
apache.tgz - Apache Server [H]
authforce.tgz - a tool for for brute-forcing HTTP servers [H]
hammerhead.tgz - a tool for stress-testing HTTP & HTTPS servers and web sites. [H]
webfsd.tgz - a a lightweight webserver that can be started from the command-line if you need to quickly retrieve some files from a Trinux box. The webfs startup script only allows the local class C and hosts/networks specified /tux/pkg/webfsd/.

Network Utilities

netconf.tgz - full version of ifconfig and route
bind.tgz - ISC bind 8.2.2p7 nameserver
dhcpcd.tgz - a small DHCP client included on the boot floppy
dhcpd.tgz - ISC DHCP server
dhclient - another DHCP client, slightly larger than pump or dhcpcd
echoping.tgz - a TCP/UDP network bandwidth measurement tool
netutil.tgz - basic tools including arp, ftp, netcat, rsh, telnet, tftp, traceroute, netstat, and jumpgate (for port forwarding)
pump.tgz - the standard DHCP client used by RedHat, Debian, and probably other distributions
dnsutil.tgz - utilities for querying DNS servers (dig, nslookup, whois)

Scripting Languages
As far as I know, Trinux includes more scripting languages than any other compact linux distribution. You can see why.

python1.tgz, python2.tgz, python3.tgz, python4.tgz - Python 1.5.2 packages.
perlbin.tgz - Perl 5.6.0 interpreter, try this first then add the packages below depending on what you need. See the contents of the packages for more details
perlauto.tgz, perlcore.tgz, perlmods.tgz, perluni.tgz, perlsite.tgz - the Perl modules (including Perl DBD/MySQL/Net::Pcap, and Net:RawIP)
phpcgi.tgz - The PHP 4 interpreter. Yes, even PHP can be used as a shell scripting language and of all the scripting languages available in Trinux, this package provides the most bang for the buck. MySQL support is enabled. The mysql package is not needed. See this article for hints and tips.

Text Editors

nano.tgz - an easy to use editor for non-UNIX folks that clones pico.
vi.tgz - elvis, a slim version of vi
vim.tgz - Vim 4.6, a more complete version of the venerable vi edit we all know and love.

Disk and Filesystem Tools
For most of these you will need to install the ide.tgz kernel package and filesystem modules from fsmods.tgz

diskutil.tgz - low level tools for disks and filesystems: [sc]fdisk, lde, mkdosfs, fdfomat
ext2tools.tgz - e2fsck, mke2fs, badblocks and supporting libraries
fileutil.tgz - bvi, hexdump, strings,
tctbin.tgz - non-Perl tools from The Coronoer's Toolkit and TCTUTILS including bcat, blockcalc, file, fls, icat, ils, istat, pcat, and more

Wireless

kismet.tgz - an 802.11b sniffer [H]
wlan-ng.tgz - userspace utilities for configuring prism based wireless cards. CAUTION: I have only have the PCI card working at this point. Requires appropriate kernel modules. [H].

Kernel Modules
These are packaged version of kernel modules necessary for filesystem or hardware support. Post-0.80 releases support the "getkpg" command. Kernel module packages are found within the http://trinux.sf.net/pkg/2.4.x/ directory.

netfilter.tgz - firewall kernel modules
iptables.tgz - kernel-specific application for manipulating firewall rules
usb-core.tgz - base USB support, required for any USB devices
usb-net.tgz - USB network devices
pnp.tgz - Plug-n-Play, required for many devices
win-fs.tgz - SMB filestems RO support for NTFS
linux-fs.tgz - ext2, ext3, and reiserfs

Miscellaneous
These don't fit in anywhere else:

debug.tgz - utilities for debugging: strace and ltrace
sysutil.tgz - tools for monitoring system status (top, procinfo, si, etc.)