- CAINE – http://www.caine-live.net/
- Mobius Forensics Toolkit – http://freshmeat.net/projects/mobiusft
- Process Hacker – http://processhacker.sourceforge.net/
- Netwitness Free Edition – http://www.netwitness.com/
- Volatility – https://www.volatilesystems.com/default/volatility/: extract digital artifacts from volatile memory (RAM) samples – [Python based]
- SandMan – http://sandman.msuiche.net: read the hibernation file, regardless of Windows version – [Python based]
- LibForensics – http://code.google.com/p/libforensics/: library for developing digital forensics applications – [Python based]
- TrIDLib – http://mark0.net/code-tridlib-e.html: identify file types from their binary signatures. Now includes Python binding – [Python based]
2011.02.28
Forensics
Malware analysis
- pyew – http://code.google.com/p/pyew/: command line hexadecimal editor and disassembler, mainly to analyze malware
- make-pdf – Didier Stevens’ PDF tools: analyse, identify and create PDF files (includes PDFiD: pdf-parser and http://blog.didierstevens.com/programs/pdf-tools”>Didier Stevens’ PDF tools: analyse, identify and create PDF files (includes PDFiD: pdf-parser and <a href="http://blog.didierstevens.com/programs/pdf-tools/#make-pdf and mPDF)
- Origapy – http://www.decalage.info/python/origapy: Python wrapper for the Origami Ruby module which sanitizes PDF files
- Exefilter – http://www.decalage.info/exefilter: filter file formats in e-mails, web pages or files. Detects many common file formats and can remove active content
- pyClamAV – http://xael.org/norman/python/pyclamav/index.html: add virus detection capabilities to your Python software
Personal computer security
Anti-mallware (=Antivirus)
- Avast Free Antivirus – http://download.cnet.com/Avast-Free-Antivirus/3000-2239_4-10019223.html
- Avira AntiVir Personal – Free Antivirus 10.0.0.567 – http://download.cnet.com/Avira-AntiVir-Personal-Free-Antivirus/3000-2239_4-10322935.html
- AVG Anti-Virus Free Edition – http://download.cnet.com/AVG-Anti-Virus-Free-Edition/3000-2239_4-10320142.html
- “AVG Anti-Virus Free 2011” by Neil J. Rubenking (PcMagazine review; 2010.10.04) – http://www.pcmag.com/article2/0,2817,2370108,00.asp
- Pros: Excellent scores in independent tests. Fast antivirus scan. Above average in my malware removal tests. LinkScanner add-in blocks malicious exploits. No false positives. Scans and marks Facebook links. Multi-function toolbar. One-time system tuneup. Free identity theft recovery.
- Cons: Didn’t thoroughly remove detected threats. LinkScanner missed many phishing sites. Below-average rootkit and scareware blocking.
- Bottom Line: AVG Anti-Virus Free 2011 is better at removing malware than most free solutions, but not at malware blocking. With the current release it has the full power of AVG’s paid solutions, and the independent labs give it top marks. Add some unusual bonus features and you’ve got a solid choice for free antivirus protection.
- “AVG Anti-Virus Free 2011” by Neil J. Rubenking (PcMagazine review; 2010.10.04) – http://www.pcmag.com/article2/0,2817,2370108,00.asp
- AVG LinkScanner online – http://www.linkscanner.com/linkscanner/default.aspx
- Download offline version – http://linkscanner.avg.com/?cmpid=explabsban001
- ClamWin Free Antivirus – http://sourceforge.net/projects/clamwin/
- ClamWin Portable – http://portableapps.com/apps/utilities/clamwin_portable
- Malwarebytes Anti-Malware – http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html
- ‘Malwarebytes’ Anti-Malware 1.46″ by Neil J. Rubenking (PcMagazine; 2010.05.07) – http://www.pcmag.com/article2/0,2817,2363509,00.asp
- Pros: Fast download, fast install, fast scan. Good malware cleanup, especially against scareware. Paid edition offers real-time protection, malicious web site blocking.
- Cons: Poor cleanup of rootkits and commercial keyloggers. Must pay for real-time protection. Real-time protection also weak against rootkits and commercial keyloggers./li>
- Bottom Line: When support agents from other vendors run into malware that foils their own product they frequently direct users to run Malwarebytes. I can see why—it’s small, fast, and simple. This free product should definitely be in your toolbox. Just don’t pay extra for real-time protection./li>
- ‘Malwarebytes’ Anti-Malware 1.46″ by Neil J. Rubenking (PcMagazine; 2010.05.07) – http://www.pcmag.com/article2/0,2817,2363509,00.asp
- Malware Sweeper Free 2.2 – http://download.cnet.com/Malware-Sweeper-Free/3000-2144_4-10431422.html
- Panda Cloud Antivirus Free Edition – http://www.cloudantivirus.com/en/ | CNET’s download – http://download.cnet.com/Panda-Cloud-Antivirus-Free-Edition/3000-2239_4-10914099.html | Blog – http://blog.cloudantivirus.com/
- Panda Cloud Antivirus 1.1 – http://www.pcmag.com/article2/0,2817,2364844,00.asp
- Pros: Small download. Quick install. Simple, attractive interface. Cloud-based malware detection needs no signature updates. This version adds behavioral malware detection. Very effective at keeping malware out of clean systems. Free!
- Cons: In malware-cleanup testing, didn’t detect as many threats as the competition and didn’t thoroughly remove what it did detect. Limited functionality when no Internet connection available.
- Bottom Line: This free antivirus is great at keeping malicious software from installing on clean computers. It’s less effective at cleaning up existing infestations, so, if it detects a threat, run another product for a second scrubbing.
- Trend Micro CWShredder is a tool to find and remove traces of CoolWebSearch – the name for a wide range of insidious browser hijackers– from your PC. CoolWebSearch installs dozens of bookmarks–mostly to porn Web sites–on your desktop, changes your home page without asking, and continually changes it back if you attempt to correct it. Furthermore, it significantly slows down the performance of your PC, and introduces modifications which cause Microsoft Windows™ to freeze, crash or randomly reboot. CWShredder removes these browser hijackers.
- HouseCall is on-demand scanner for identifying and removing viruses, Trojans, worms, unwanted browser plugins, and other malware.
Misc:
- LinkedIn discussion (2010.09): What is the Best Anti-Virus in 2010?
- Corporate Endpoint Protection: 2010 suites comparison (2010.06.12) – http://www.decicco.it/2010/06/corporate-endpoint-protection-2010-suites-comparison/
- Corporate Endpoint Protection: AV-Test.org latest rankings (2010.06.17) – http://www.decicco.it/2010/06/corporate-endpoint-protection-av-test-org-latest-rankings/
- “Free Virus and Spyware Protection: What’s Right for You?” by Neil J. Rubenking (PCMagazine; 2010.07.06) – http://www.pcmag.com/article2/0,2817,2356509,00.asp
- VirusTotal web site – http://www.virustotal.com/ – … a service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines.
- “Five free security software suites” by y Asavin Wattanajantra (ITPro Business; 2009.12.10) – http://www.itpro.co.uk/618604/five-free-security-software-suites
Anti-spyware
- Ad-Aware Free Internet Security – http://download.cnet.com/Ad-Aware-Free-Internet-Security/3000-8022_4-10045910.html
- AdWare SpyWare SE – http://download.cnet.com/AdWare-SpyWare-SE/3000-8022_4-10384137.html
- Trend Micro’s HijackThis – http://free.antivirus.com/hijackthis/:
- Trend Micro HijackThis is a free utility that generates an in depth report of registry and file settings from your computer. HijackThis makes no separation between safe and unsafe settings in its scan results giving you the ability to selectively remove items from your machine. In addition to this scan and remove capability HijackThis comes with several tools useful in manually removing malware from a computer.
- Spybot – Search & Destroy – http://download.cnet.com/Spybot-Search-amp-Destroy/3000-8022_4-10122137.html
Misc:
- Rogue/Suspect Anti-Spyware Products & Web Sites – http://www.spywarewarrior.com/rogue_anti-spyware.htm
Anti-Rootkit / Rootkit detection
- Trend Micro’s RootkitBuster – http://free.antivirus.com/rootkit-buster/
- A rootkit scanner that offers ability to scan for hidden files, registry entries, processes, drivers and hooked system services, and MBR. It also includes the cleaning capability for hidden files and registry entries. Master Boot Record (MBR) rootkit detection, gives RootkitBuster the ability to detect hidden MBR content. It can spot all variants of MBR rootkit in the wild. MBR rootkits first began appearing in the wild late 2007. New variants continue to appear.
- Trend Micro’s RUBotted – http://free.antivirus.com/rubotted/:
- Malicious software called Bots can secretly take control of computers and make them participate in networks called “Botnets.” These networks can harness massive computing power and Internet bandwidth to relay spam, attack web servers, infect more computers, and perform other illicit activities. RUBotted monitors your computer for suspicious activities and regularly checks with an online service to identify behavior associated with Bots. Upon discovering a potential infection, RUBotted prompts you to scan and clean your computer.
- Sophos Anti RookKit – http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html
- chrootkit – http://www.chkrootkit.org/ (MAC and many linux/unix versions)
- GMER – http://www.gmer.net/ – (Windows)
Email security
- gnuPG – http://www.gnupg.org/
- gnuPG Shell – http://www.tech-faq.com/gnupg-shell.shtml
File and container/volume encryption
- TrueCrypt – http://www.truecrypt.org/
- AxCrypt – http://www.axantum.com/AxCrypt/
- The privyCrypt Series – http://www.picospace.com.au/downloads/privyCrypt/index.html – (Unix, PalmOS, Win, Java Applet)
- Cryptainer LE – http://www.cypherix.co.uk/cryptainerle/index.htm
“Secure” file erasure
- Eraser – http://sourceforge.net/projects/eraser/
- File Waster – http://www.jcmatt.com/filewaster.html
- HandyBits file shredder – http://www.handybits.com/shredder.htm (Windows)
Privacy cleaners
- CCleaner – http://download.cnet.com/ccleaner/
Steganography
- Eyemage IIE – http://www.yadabyte.com/eyemage.htm
Passwords management
- KeePass Password Safe – http://keepass.info/ | http://sourceforge.net/projects/keepass/ | http://keepass.info/download.html
- Password Safe – http://sourceforge.net/projects/passwordsafe/
- KeePass Password Safe Portable – http://portableapps.com/apps/utilities/keepass_portable
- Cryptainer LE – http://www.cypherix.com/cryptainerle/
- RoboForm – http://www.roboform.com/ (Windows/Mobile)
- USB Vault – http://www.softsea.com/review/USB-Vault.html
- BitCrypt – http://bitcrypt.moshe-szweizer.com/
- 1Password – http://agilebits.com/products/1Password
- LastPass – http://lastpass.com/ – online password safe | also has various browser extensions
- Hacked recently!:
- “LastPass Possibly Hacked, Users Forced to Change Master Passwords” by Simon Mackie (2011.05.05) – http://gigaom.com/collaboration/lastpass-possibly-hacked-users-forced-to-change-master-passwords/
- “LastPass Security Notification” – http://blog.lastpass.com/2011/05/lastpass-security-notification.html
- Hacked recently!:
Host-based (aka “Personal”) firewalls
- Comodo Free Firewall – http://personalfirewall.comodo.com/
- ZoneAlarm Free Firewall – http://www.zonealarm.com/security/en-us/zonealarm-pc-security-free-firewall.htm
More on this blog: IpTables – https://eikonal.wordpress.com/2011/01/24/iptables/ | Port Knocking – https://eikonal.wordpress.com/2010/10/05/port-knocking/ | Firewalls – https://eikonal.wordpress.com/2012/05/04/firewalls/
Web proxies
- Privax – http://www.privax.us/ – Anonymous proxy network
- Proxify – http://www.proxify.com/ – Anonymous proxy network
- The Cloack – http://www.the-cloak.com/ – Anonymous proxy network
Related:
- GoogleSharing – http://www.googlesharing.net/ – a special kind of anonymizing proxy service, designed … to provide a level of anonymity that will prevent Google from tracking your searches, movements, and what websites you visit. … [it] is not a full proxy service designed to anonymize all your traffic, but rather something designed exclusively for your communication with Google. … [the] system is totally transparent, with no special “alternative” websites to visit. Your normal work flow should be exactly the same. It operates as a Firefox extension (“addon”).
- “A Better Way To Hide From Google” by Andy Greenberg (Forbes; 2010.10.04) – http://blogs.forbes.com/andygreenberg/2010/10/04/a-better-way-to-hide-from-google/
- Download – https://addons.mozilla.org/en-US/firefox/addon/60333/
Process scanners
- ProcessScan – http://www.processlibrary.com/processscan/ (Windows)
2010.07.28
Security tools
2011.02.28: This post was getting too large, so I broke it into smaller pieces:
- Personal computer security – https://eikonal.wordpress.com/2011/02/28/personal-computer-security/
- Security testing: Vulnerability Assessment, Penetration testing, etc – https://eikonal.wordpress.com/2010/01/29/vulnerability-assessment-tools/
- Malware analysis – https://eikonal.wordpress.com/2011/02/28/malware-analysis/
- Forensics – https://eikonal.wordpress.com/2011/02/28/forensics/
- Code analysis, Debugging and reverse engineering / Code security – https://eikonal.wordpress.com/2011/02/28/code-analysis-debugging-and-reverse-engineering-code-security/
There are still some smaller islands of content that do not yet deserve separate postings:
Patch Management
- GFI Languard
- NSS
- Lumension
- EndPoint
Sites:
- Microsoft Security Bulletins – http://technet.microsoft.com/en-us/security/bulletin/
- Windows service packs & updates for Windows 7, Windows Vista, Server 2008 and Windows XP – http://www.softwarepatch.com/windows/index.html – cumulative patches and list of yearly issued patches for these Windows OSes.
IT Management
- Spiceworks Community – http://www.spiceworks.com/
- Paglo IT – http://paglo.com/
Datamining / logs management
- Splunk Community – http://www.splunk.com/
- Dradis – http://dradisframework.org/
Password analysis
- Cain & Abel – http://www.oxid.it/
- OphCrack – http://ophcrack.sourceforge.net/
- John the Ripper – http://www.openwall.com/john/
Various collections
- http://www.security-database.com/toolswatch/
- Tools by iSEC Partners – https://www.isecpartners.com/tools.html
- Sysinternals Suite at Microsoft, by Mark Russinovich – http://technet.microsoft.com/en-us/sysinternals/bb842062.aspx; [FREEWARE]
- Foundstone Suite at McAfee – http://www.foundstone.com/us/resources-free-tools.asp; [FREEWARE]; Mainly security tools.
- NtSecurity.nu Toolbox – http://ntsecurity.nu/toolbox/
Misc
- InlineEgg – http://oss.coresecurity.com/projects/inlineegg.html: toolbox of classes for writing small assembly programs in Python
- Exomind – http://corelabs.coresecurity.com/index.php?module=Wiki&action=view&type=tool&name=Exomind: framework for building decorated graphs and developing open-source intelligence modules and ideas, centered on social network services, search engines and instant messaging
- RevHosts – http://www.securityfocus.com/tools/3851: enumerate virtual hosts for a given IP address
- Google’s AJAX API – simplejson: JSON encoder/decoder, e.g. to use http://undefined.org/python/#simplejson”>simplejson: JSON encoder/decoder, e.g. to use <a href="http://dcortesi.com/2008/05/28/google-ajax-search-api-example-python-code/
- IPython – http://ipython.scipy.org/: enhanced interactive Python shell with many features for object introspection, system shell access, and its own special command system
- Beautiful Soup – http://www.crummy.com/software/BeautifulSoup/: HTML parser optimized for screen-scraping
- matplotlib – http://matplotlib.sourceforge.net/: make 2D plots of arrays
- Mayavi – http://code.enthought.com/projects/mayavi/: 3D scientific data visualization and plotting
- RTGraph3D – http://www.secdev.org/projects/rtgraph3d/: create dynamic graphs in 3D
- Twisted – http://twistedmatrix.com/: event-driven networking engine
- Suds – https://fedorahosted.org/suds/: lightweight SOAP client for consuming Web Services
- M2Crypto – http://chandlerproject.org/bin/view/Projects/MeTooCrypto: most complete OpenSSL wrapper
- NetworkX – http://networkx.lanl.gov/: graph library (edges, nodes)
- pyparsing – http://pyparsing.wikispaces.com/: general parsing module
- lxml – http://codespeak.net/lxml/: most feature-rich and easy-to-use library for working with XML and HTML in the Python language
- Pexpect – http://www.noah.org/wiki/Pexpect: control and automate other programs, similar to Don Libes `Expect` system
- Jython – Sikuli: visual technology to search and automate GUIs using screenshots. Scriptable in http://groups.csail.mit.edu/uid/sikuli/”>Sikuli: visual technology to search and automate GUIs using screenshots. Scriptable in <a href="http://www.jython.org/
Sources:
- Secure your Identity, email, passwords, files and internet communication by using free encryption tools. (BiGGTech) – http://www.biggtech.com/web/secure-your-identity-email-passwords-files-and-internet-communication-by-using-free-encryption-tools_357.html
See also local info at this blog:
- Nipper – https://eikonal.wordpress.com/2010/06/21/nipper/
- Logging tools – https://eikonal.wordpress.com/2010/04/13/logging/
- Vulnerability Assessment tools – https://eikonal.wordpress.com/2010/01/29/vulnerability-assessment-tools/
- Password crackers: https://eikonal.wordpress.com/2010/01/06/password-crackers/