Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 08:01:48 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=2169738963&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Sniffer%20Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2Ffiles%2Ftags%2Fsniffer%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.2169738963.1338192108.1338192108.1338192108.1%3B%2B__utmz%3D32867617.1338192108.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/111623/sagan-0.2.1.tar.gz http://packetstormsecurity.org/files/111623/sagan-0.2.1.tar.gz http://packetstormsecurity.org/files/111623/Sagan-Log-Monitor-0.2.1.html Fri, 06 Apr 2012 02:03:55 GMT Sagan is multi-threaded, real-time system- and event-log monitoring software, but with a twist. Sagan uses a "Snort" like rule set for detecting nefarious events happening on your network and/or computer systems. If Sagan detects a "bad thing" happening, it can do a number of things with that information. Sagan can also correlate the events with your Intrusion Detection/Intrusion Prevention (IDS/IPS) system and basically acts like an SIEM (Security Information and Log Management) system. http://packetstormsecurity.org/files/111300/netsniff-ng-0.5.6.tar.gz http://packetstormsecurity.org/files/111300/netsniff-ng-0.5.6.tar.gz http://packetstormsecurity.org/files/111300/Netsniff-NG-High-Performance-Sniffer-0.5.6.html Thu, 29 Mar 2012 03:44:52 GMT netsniff-ng is is a free, performant Linux network sniffer for packet inspection. The gain of performance is reached by 'zero-copy' mechanisms, so that the kernel does not need to copy packets from kernelspace to userspace. For this purpose netsniff-ng is libpcap independent, but nevertheless supports the pcap file format for capturing, replaying and performing offline-analysis of pcap dumps. netsniff-ng can be used for protocol analysis, reverse engineering and network debugging. http://packetstormsecurity.org/files/110684/aanval-7-latest-stable.tar.gz http://packetstormsecurity.org/files/110684/aanval-7-latest-stable.tar.gz http://packetstormsecurity.org/files/110684/Aanval-Intrusion-Detection-Tool-7.html Mon, 12 Mar 2012 23:44:55 GMT Aanval is the industry's most comprehensive snort and syslog intrusion detection, correlation and management console. Aanval is designed specifically to scale from small single sensor installations to global enterprise deployments. Aanval is browser based and designed to work on all current variants of UNIX, Linux and Mac OS X. http://packetstormsecurity.org/files/110378/httpry-0.1.7.tar.gz http://packetstormsecurity.org/files/110378/httpry-0.1.7.tar.gz http://packetstormsecurity.org/files/110378/httpry-Specialized-HTTP-Packet-Sniffer-0.1.7.html Fri, 02 Mar 2012 04:18:20 GMT httpry is a specialized packet sniffer designed for displaying and logging HTTP traffic. It is not intended to perform analysis itself, but instead to capture, parse, and log the traffic for later analysis. It can be run in real-time displaying the live traffic on the wire, or as a daemon process that logs to an output file. It is written to be as lightweight and flexible as possible, so that it can be easily adaptable to different applications. It does not display the raw HTTP data transferred, but instead focuses on parsing and displaying the request/response line along with associated header fields. http://packetstormsecurity.org/files/109445/vns.zip http://packetstormsecurity.org/files/109445/vns.zip http://packetstormsecurity.org/files/109445/Viper-Network-Sniffer-Script.html Sun, 05 Feb 2012 00:44:22 GMT This is a bash script to use in conjunction with Backtrack that simplifies the spawning of various sniffers. http://packetstormsecurity.org/files/108397/sniffer-2012-01-05.tar.gz http://packetstormsecurity.org/files/108397/sniffer-2012-01-05.tar.gz http://packetstormsecurity.org/files/108397/Stev.Org-Sniffer.html Fri, 06 Jan 2012 00:15:52 GMT This sniffer has an ncurses user interface, network statics for many different protocols, a view into active TCP connections, UDP packets, ICMP packets, and more. http://packetstormsecurity.org/files/108354/sst-javascript-keylogger.zip http://packetstormsecurity.org/files/108354/sst-javascript-keylogger.zip http://packetstormsecurity.org/files/108354/S.S.T-Javascript-Keylogger.html Wed, 04 Jan 2012 21:20:03 GMT S.S.T (Save Typed Text) javascript proof of concept keylogging code. http://packetstormsecurity.org/files/108326/pzids.py.txt http://packetstormsecurity.org/files/108326/pzids.py.txt http://packetstormsecurity.org/files/108326/Peta-Zetas-IDS-Testing-Tool.html Tue, 03 Jan 2012 16:22:22 GMT PZIDS (Peta Zetas IDS) is a tool to test if your IDS is detecting threats properly. Written in Python. http://packetstormsecurity.org/files/108454/snort-2.9.2.tar.gz http://packetstormsecurity.org/files/108454/snort-2.9.2.tar.gz http://packetstormsecurity.org/files/108454/Snort-IDS-2.9.2.html Thu, 15 Dec 2011 12:12:12 GMT Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Includes real time alerting, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages via smbclient. http://packetstormsecurity.org/files/107537/ettercap-0.7.4.tar.gz http://packetstormsecurity.org/files/107537/ettercap-0.7.4.tar.gz http://packetstormsecurity.org/files/107537/Ettercap-Network-Sniffer-Interceptor-0.7.4.html Tue, 06 Dec 2011 01:47:17 GMT Ettercap is a network sniffer/interceptor/logger for ethernet LANs. It supports active and passive dissection of many protocols (even ciphered ones, like SSH and HTTPS). Data injection in an established connection and filtering on the fly is also possible, keeping the connection synchronized. Many sniffing modes were implemented to give you a powerful and complete sniffing suite. Plugins are supported. It has the ability to check whether you are in a switched LAN or not, and to use OS fingerprints (active or passive) to let you know the geometry of the LAN. http://packetstormsecurity.org/files/105497/0x4553-Intercepter.v084.zip http://packetstormsecurity.org/files/105497/0x4553-Intercepter.v084.zip http://packetstormsecurity.org/files/105497/0x4553-Intercepter-WinPcap-Based-Sniffer-0.8.4.html Sun, 02 Oct 2011 17:17:17 GMT 0x4553-Intercepter is a WinPcap-based sniffer that offers various capabilities including sniffing for password hashes related to ICQ/IRC/AIM/FTP/IMAP/POP3/SMTP/LDAP/BNC/SOCKS/HTTP/WWW/NNTP/CVS/TELNET/MRA/DC++/VNC/MYSQL and ORACLE. It also sniffs ICQ/AIM/JABBER/YAHOO/MSN/GADU-GADU/IRC and MRA protocols. It has a built-in arp poisoning module, can change MAC addresses of LAN adapters, and has various other interesting functionality. http://packetstormsecurity.org/files/104363/sagan-0.2.0.tar.gz http://packetstormsecurity.org/files/104363/sagan-0.2.0.tar.gz http://packetstormsecurity.org/files/104363/Sagan-Log-Monitor-0.2.0.html Tue, 23 Aug 2011 14:25:59 GMT Sagan is multi-threaded, real-time system- and event-log monitoring software, but with a twist. Sagan uses a "Snort" like rule set for detecting nefarious events happening on your network and/or computer systems. If Sagan detects a "bad thing" happening, it can do a number of things with that information. Sagan can also correlate the events with your Intrusion Detection/Intrusion Prevention (IDS/IPS) system and basically acts like an SIEM (Security Information and Log Management) system. http://packetstormsecurity.org/files/103819/httpry-0.1.6.tar.gz http://packetstormsecurity.org/files/103819/httpry-0.1.6.tar.gz http://packetstormsecurity.org/files/103819/httpry-Specialized-HTTP-Packet-Sniffer-0.1.6.html Tue, 09 Aug 2011 02:06:02 GMT httpry is a specialized packet sniffer designed for displaying and logging HTTP traffic. It is not intended to perform analysis itself, but instead to capture, parse, and log the traffic for later analysis. It can be run in real-time displaying the live traffic on the wire, or as a daemon process that logs to an output file. It is written to be as lightweight and flexible as possible, so that it can be easily adaptable to different applications. It does not display the raw HTTP data transferred, but instead focuses on parsing and displaying the request/response line along with associated header fields. http://packetstormsecurity.org/files/101605/pytbull-1.3.tar.bz2 http://packetstormsecurity.org/files/101605/pytbull-1.3.tar.bz2 http://packetstormsecurity.org/files/101605/Pytbull-1.3.html Sun, 22 May 2011 15:15:52 GMT pytbull is an intrusion detection/prevention system (IDS/IPS) testing framework for Snort and Suricata. It can be used to test the detection and blocking capabilities of an IDS/IPS, to compare IDS/IPS, to compare configuration modifications and to check/validate configurations. The framework is shipped with about 300 tests grouped into 8 testing modules. http://packetstormsecurity.org/files/101214/pytbull-1.0.tar.bz2 http://packetstormsecurity.org/files/101214/pytbull-1.0.tar.bz2 http://packetstormsecurity.org/files/101214/Pytbull-1.0.html Mon, 09 May 2011 04:08:15 GMT pytbull is an intrusion detection/prevention system (IDS/IPS) testing framework for Snort and Suricata. It can be used to test the detection and blocking capabilities of an IDS/IPS, to compare IDS/IPS, to compare configuration modifications and to check/validate configurations. The framework is shipped with about 300 tests grouped into 8 testing modules. http://packetstormsecurity.org/files/101030/pytbull.tar.bz2 http://packetstormsecurity.org/files/101030/pytbull.tar.bz2 http://packetstormsecurity.org/files/101030/Pytbull-0.3.html Sun, 01 May 2011 20:22:22 GMT pytbull is an intrusion detection/prevention system (IDS/IPS) testing framework for Snort and Suricata. It can be used to test the detection and blocking capabilities of an IDS/IPS, to compare IDS/IPS, to compare configuration modifications and to check/validate configurations.The framework is shipped with about 300 tests grouped into 8 testing modules. http://packetstormsecurity.org/files/99886/snortalog_v2.4.3.tgz http://packetstormsecurity.org/files/99886/snortalog_v2.4.3.tgz http://packetstormsecurity.org/files/99886/Snortalog-Snort-Log-Summarizer-2.4.3.html Wed, 30 Mar 2011 15:10:39 GMT Snortalog is a powerful Perl script that summarizes Snort logs, making it easy to view any network attacks detected by Snort. It can generate charts in HTML, PDF, and text output. It works with all versions of Snort, and can analyze logs in three formats: syslog, fast, and full snort alerts. Moreover, it is able to summarize other logs like Fw-1 (NG and 4.1), Netfilter, and IPFilter in a similar way. http://packetstormsecurity.org/files/99418/sagan-rules-03172011-r1.tar.gz http://packetstormsecurity.org/files/99418/sagan-rules-03172011-r1.tar.gz http://packetstormsecurity.org/files/99418/Sagan-Rules-03172011-r1.html Thu, 17 Mar 2011 14:08:01 GMT This is the Sagan ruleset released 03/17/2011 to coincide with the 0.1.8 release. http://packetstormsecurity.org/files/99419/sagan-0.1.8.tar.gz http://packetstormsecurity.org/files/99419/sagan-0.1.8.tar.gz http://packetstormsecurity.org/files/99419/Sagan-Log-Monitor-0.1.8.html Thu, 17 Mar 2011 14:07:59 GMT Sagan is multi-threaded, real-time system- and event-log monitoring software, but with a twist. Sagan uses a "Snort" like rule set for detecting nefarious events happening on your network and/or computer systems. If Sagan detects a "bad thing" happening, it can do a number of things with that information. Sagan can also correlate the events with your Intrusion Detection/Intrusion Prevention (IDS/IPS) system and basically acts like an SIEM (Security Information and Log Management) system. http://packetstormsecurity.org/files/96535/aanval-6-latest-stable.tar.gz http://packetstormsecurity.org/files/96535/aanval-6-latest-stable.tar.gz http://packetstormsecurity.org/files/96535/Aanval-Intrusion-Detection-Tool-6.html Thu, 09 Dec 2010 22:22:22 GMT Aanval is the industry's most comprehensive snort and syslog intrusion detection, correlation and management console. Aanval is designed specifically to scale from small single sensor installations to global enterprise deployments. Aanval is browser based and designed to work on all current variants of UNIX, Linux and Mac OS X. http://packetstormsecurity.org/files/94602/netsniff-ng-0.5.5.0.tar.gz http://packetstormsecurity.org/files/94602/netsniff-ng-0.5.5.0.tar.gz http://packetstormsecurity.org/files/94602/Netsniff-NG-High-Performance-Sniffer-0.5.5.0.html Mon, 11 Oct 2010 17:53:44 GMT netsniff-ng is is a free, performant Linux network sniffer for packet inspection. The gain of performance is reached by 'zero-copy' mechanisms, so that the kernel does not need to copy packets from kernelspace to userspace. For this purpose netsniff-ng is libpcap independent, but nevertheless supports the pcap file format for capturing, replaying and performing offline-analysis of pcap dumps. netsniff-ng can be used for protocol analysis, reverse engineering and network debugging. http://packetstormsecurity.org/files/93733/hexinject-1.1.tar.gz http://packetstormsecurity.org/files/93733/hexinject-1.1.tar.gz http://packetstormsecurity.org/files/93733/HexInject-1.1.html Sat, 11 Sep 2010 18:46:51 GMT HexInject is a hexadecimal and raw packet injector and sniffer. It can be easily combined with other tools to provide a powerful command line framework for raw network access. It will automatically set the correct checksum (IP, TCP, UDP, ICMP). http://packetstormsecurity.org/files/92330/aanval-5.6-latest-stable.tar.gz http://packetstormsecurity.org/files/92330/aanval-5.6-latest-stable.tar.gz http://packetstormsecurity.org/files/92330/Aanval-Intrusion-Detection-Tool-5.6.html Tue, 03 Aug 2010 06:41:22 GMT Aanval is the industry's most comprehensive snort and syslog intrusion detection, correlation and management console. Aanval is designed specifically to scale from small single sensor installations to global enterprise deployments. Aanval is browser based and designed to work on all current variants of UNIX, Linux and Mac OS X. http://packetstormsecurity.org/files/88839/aanval-5.5-latest-stable.tar.gz http://packetstormsecurity.org/files/88839/aanval-5.5-latest-stable.tar.gz http://packetstormsecurity.org/files/88839/Aanval-Intrusion-Detection-Tool-5.5.html Fri, 23 Apr 2010 05:14:11 GMT Aanval is the industry's most comprehensive snort and syslog intrusion detection, correlation and management console. Aanval is designed specifically to scale from small single sensor installations to global enterprise deployments. Aanval is browser based and designed to work on all current variants of UNIX, Linux and Mac OS X. http://packetstormsecurity.org/files/86010/netsniff-ng-0.5.4.1.tar.gz http://packetstormsecurity.org/files/86010/netsniff-ng-0.5.4.1.tar.gz http://packetstormsecurity.org/files/86010/Netsniff-NG-High-Performance-Sniffer-0.5.4.1.html Sat, 06 Feb 2010 01:49:02 GMT netsniff-ng is a high performance linux network sniffer for packet inspection. Basically, it is similar to tcpdump, but it doesn't need syscalls for fetching packets. Instead, it uses an memory mapped area within kernelspace for accessing packets without the need of copying them to userspace ('zero-copy' mechanism). Therefore, netsniff-ng is libpcap independent. netsniff-ng can be used for protocol analysis and reverse engineering, network debugging, measurement of performance throughput or network statistics creation of incoming packets on central network nodes like routers or firewalls.