The Top Security Tools in the Ubuntu Repositories you may not know about with 1 click Installation!

Here is a collection of security tools that you should look through to add to your arsenal to help keep the peace on your pc/network or unleash war on others for whatever reason.

You can simply install these tools by clicking on the title within firefox in Ubuntu Hardy Heron.

Most of these are command line tools which need to be invoked via the Terminal:

If you need help with these tools, please read the manual via man “application” in the terminal, and feel free to comment if you need a little assistance or care to add to this growing list


Various tools to sniff network traffic for cleartext insecurities
This package contains several tools to listen to and create network traffic:

* arpspoof – Send out unrequested (and possibly forged) arp replies.
* dnsspoof – forge replies to arbitrary DNS address / pointer queries
on the Local Area Network.
* dsniff – password sniffer for several protocols.
* filesnarf – saves selected files sniffed from NFS traffic.
* macof – flood the local network with random MAC addresses.
* mailsnarf – sniffs mail on the LAN and stores it in mbox format.
* msgsnarf – record selected messages from different Instant Messengers.
* sshmitm – SSH monkey-in-the-middle. proxies and sniffs SSH traffic.
* sshow – SSH traffic analyser.
* tcpkill – kills specified in-progress TCP connections.
* tcpnice – slow down specified TCP connections via “active”
traffic shaping.
* urlsnarf – output selected URLs sniffed from HTTP traffic in CLF.
* webmitm – HTTP / HTTPS monkey-in-the-middle. transparently proxies.
* webspy – sends URLs sniffed from a client to your local browser
(requires libx11-6 installed).

Please do not abuse this software.

Simple program to log Instant Messaging activity on the network
The imsniff program can be used to log IM activity on the network. It uses
libpcap to capture packets and analyzes them, logging conversation, contact
lists, etc.

Users connecting after imsniff is started can get pretty good results,
including complete contact lists and events (displaying a name change, for
example). Users already connected will be able to get the conversations, but
will miss the other information.

The only required parameter is the interface name to listen to. This can be
any interface that libpcap supports. A sample imsniff.conf.sample file is

imsniff is beta software, for now, only MSN is supported. Others could follow.

Author: Carlos Fernandez

network traffic analyzer for KDE
KSniffer is a network traffic analyzer, or “sniffer” for KDE.

A sniffer is a tool used to capture packets from your network.

it detects network protocols like IP, TCP, UDP, ICMP and ARP.


Network service detector
NWatch is a sniffer but can be conceptualized as a “passive port
scanner”, in that it is only interested in IP traffic and it organizes
results as a port scanner would.

The advantage of this tool is that services that are open for a short
period of time can be detected with NWatch while successive nmap scans
will miss them. The disadvantage is that the service have to be actively
used to be detected.


Scapy is a powerful interactive packet manipulation tool, packet
generator, network scanner, network discovery, packet sniffer, etc. It
can for the moment replace hping, 85% of nmap, arpspoof, arp-sk, arping,
tcpdump, tethereal, p0f, ….

In scapy you define a set of packets, then it sends them, receives
answers, matches requests with answers and returns a list of packet couples
(request, answer) and a list of unmatched packets. This has the big advantage
over tools like nmap or hping that an answer is not reduced to
(open/closed/filtered), but is the whole packet.


It was previously named scapy. This is a transitional package
so scapy users get python-scapy on upgrades. This package handles
scapy -> python-scapy. It can be safely removed.


Flexible Network Intrusion Detection System
Snort is a libpcap-based packet sniffer/logger which can be used as a
lightweight network intrusion detection system. It features rules
based logging and can perform content searching/matching in addition
to being used to detect a variety of other attacks and probes, such
as buffer overflows, stealth port scans, CGI attacks, SMB probes, and
much more. Snort has a real-time alerting capability, with alerts being
sent to syslog, a separate “alert” file, or even to a Windows computer
via Samba.

This package provides the plain-vanilla snort distribution and does not
provide database (available in snort-pgsql and snort-mysql) support.

TCP stream sniffer and connection tracker
This libpcap-based textmode sniffer can:
* track, reassemble and reorder TCP streams
* save the captured flows in different files or display them in the terminal
* display all the stream on the terminal with different display modes like
hexdump, hexdump + ascii, only printable characters, raw mode, colorized
mode …
* handle several network interface types, including ethernet cards and PPP


Wireshark network traffic analyzer (console interface)
Wireshark is a network traffic analyzer, or “sniffer”, for Unix and
Unix-like operating systems. A sniffer is a tool used to capture
packets off the wire. Wireshark decodes numerous protocols (too many
to list).

This package provides the console version of wireshark, named

network traffic analyzer
Wireshark is a network traffic analyzer, or “sniffer”, for Unix and
Unix-like operating systems. A sniffer is a tool used to capture
packets off the wire. Wireshark decodes numerous protocols (too many
to list).

This package provides wireshark (the GTK+ version)

Last But not least for the sniffers is my personal fav:
Multipurpose sniffer/interceptor/logger for switched LAN
Ettercap supports active and passive dissection of many protocols
(even ciphered ones) and includes many feature for network and host

Data injection in an established connection and filtering (substitute
or drop a packet) on the fly is also possible, keeping the connection

Many sniffing modes were implemented to give you a powerful and complete
sniffing suite. It’s possible to sniff in four modes: IP Based, MAC Based,
ARP Based (full-duplex) and PublicARP Based (half-duplex).

It has the ability to check whether you are in a switched LAN or
not, and to use OS fingerprints (active or passive) to let you know the
geometry of the LAN.

Wireless Tools:

Grab the latest @
wireless WEP/WPA cracking utilities
aircrack-ng is an 802.11a/b/g WEP/WPA cracking program that can recover a
40-bit, 104-bit, 256-bit or 512-bit WEP key once enough encrypted packets have
been gathered. Also it can attack WPA1/2 networks with some advanced
methods or simply by brute force.

It implements the standard FMS attack along with some optimizations,
thus making the attack much faster compared to other WEP cracking tools.
It can also fully use a multiprocessor system to its full power in order
to speed up the cracking process.

aircrack-ng is a fork of aircrack, as that project has been stopped by
the upstream maintainer.

Wireless 802.11b monitoring tool
Kismet is a 802.11b wireless network sniffer. It is capable of sniffing
using almost any supported wireless card using the Airo, HostAP, Wlan-NG,
and Orinoco (with a kernel patch) drivers.

Can make use of sox and festival to play audio alarms for network events
and speak out network summary on discovery. Optionally works with gpsd
to map scanning.

Wireless network sniffer
Prismstumbler is a packet sniffer for 802.11b wireless LANs.

Simple Wireless Scanner
SWScanner is a KDE application specially designed to make easy the whole
wardriving process, but also intended to facilitate many tasks related
to wireless networks. SWScanner is compatible with NetStumbler files and
supports GPS devices.

tool designed to break WEP keys
WepLab is a tool designed to teach how WEP works, what different
vulnerabilities it has, and how they can be used in practice to
break a WEP protected wireless network.

WepLab can dump network traffic, analyse it or crack the WEP key.

The Network Mapper
Nmap is a utility for network exploration or security auditing. It
supports ping scanning (determine which hosts are up), many port
scanning techniques, version detection (determine service protocols
and application versions listening behind ports), and TCP/IP
fingerprinting (remote host OS or device identification). Nmap also
offers flexible target and port specification, decoy/stealth scanning,
sunRPC scanning, and more. Most Unix and Windows platforms are
supported in both GUI and commandline modes. Several popular handheld
devices are also supported, including the Sharp Zaurus and the iPAQ.

Multi threaded port scanner
Pnscan is a multi threaded port scanner that can scan a large network
very quickly. If does not have all the features that nmap have but
is much faster.

port scanner for discovering services on large networks
doscan is a tool to discover TCP services on your network. It is
designed for scanning a single ports on a large network. doscan
contacts many hosts in parallel, using standard TCP sockets provided
by the operating system. It is possible to send strings to remote
hosts, and collect the banners they return.

There are better tools for scanning many ports on a small set of
hosts, for example nmap.

Active Network Smashing Tool
hping3 is a network tool able to send custom ICMP/UDP/TCP packets and
to display target replies like ping does with ICMP replies. It handles
fragmentation and arbitrary packet body and size, and can be used to
transfer files under supported protocols. Using hping3, you can test
firewall rules, perform (spoofed) port scanning, test network
performance using different protocols, do path MTU discovery, perform
traceroute-like actions under different protocols, fingerprint remote
operating systems, audit TCP/IP stacks, etc. hping3 is scriptable
using the TCL language.

Unusual TCP/IP testing tools
The Paketto Keiretsu is a collection of tools that use new and unusual
strategies for manipulating TCP/IP networks. scanrand is said to be
faster than nmap and more useful in some scenarios.

This package includes:
* scanrand, a very fast port, host, and network trace scanner
* minewt, a user space NAT/MAT (MAC Address Translation) gateway
* linkcat(lc), that provides direct access to the network (Level 2)
* paratrace, a “traceroute”-like tool using existing TCP connections
* phentropy, that plots a large data source onto a 3D matrix

Network Injection and Capture
Packit is a network auditing tool. Its value is derived from its ability
to customize, inject, monitor, and manipulate IP traffic. By allowing you
to define (spoof) nearly all TCP, UDP, ICMP, IP, ARP, RARP, and Ethernet
header options, Packit can be useful in testing firewalls, intrusion
detection systems, port scanning, simulating network traffic, and general
TCP/IP auditing. Packit is also an excellent tool for learning TCP/IP.

get SSH server versions for an entire network
The ScanSSH protocol scanner scans a list of addresses and networks for
running SSH protocol servers and their version numbers. Version 2.0 adds
support for scanning arbitrary ports and specifically open proxies. The
ScanSSH protocol scanner supports random selection of IP addresses from
large network ranges and is useful for gathering statistics on the
deployment of SSH protocol servers in a company or the Internet as whole.

Passive OS fingerprinting tool
p0f performs passive OS detection based on SYN packets. Unlike nmap
and queso, p0f does recognition without sending any data.
Additionally, it is able to determine the distance to the remote
host, and can be used to determine the structure of a foreign or
local network. When running on the gateway of a network it is able
to gather huge amounts of data and provide useful statistics. On a
user-end computer it could be used as powerful IDS add-on. p0f
supports full tcpdump-style filtering expressions, and has an
extensible and detailed fingerprinting database.


~ by betikbusuk on September 7, 2009.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: