PDA

View Full Version : Collaborative InfoSec Tool Library: New library for IT security tools!


dELTA
June 19th, 2008, 20:36
Most people around here are well aware of the Collaborative RCE Tool Library (http://www.woodmann.com/collaborative/tools), which we have had running for more than six months by now. This library, and the entire model and backend upon which it is built, has been a huge success from the start!

Because of this, because of the fact that RCE and IT security in general are becoming more intertwined for each day that passes, and finally because lots of the people who frequent this place are IT security professionals in a broader sense that just RCE (and ok, because I'm one of them ), we are hereby presenting a new and shiny collaborative tool library for the entire IT security field (minus the RCE field, which will stay in the Collaborative RCE Tool Library, due to its size compared to the rest of the IT security field), namely:

The Collaborative InfoSec Tool Library:
http://www.woodmann.com/collaborative/sectools

I have given it a start population consisting of about 100 of the most popular IT security tools used in the field today, but there are of course vast amounts of more tools to be added, by all you people!

So welcome to this new library all security buffs, and may it become as successful as the Collaborative RCE Tool Library, with your help!

Subscribe to the additions and updates RSS feed ("http://www.woodmann.com/collaborative/sectools/index.php/Special:FeedListing/InfoSec_Tools/feed?recursive=1&feed_type=rss") already today, to keep yourself posted of all new cool IT security tools from this point on!


The following link should hopefully also get Google up and running indexing it in a good way ASAP:
http://www.woodmann.com/collaborative/sectools/index.php/Special:Allpages

Enjoy!

Maximus
June 20th, 2008, 04:11
...if I send you a package of the missing tools, will you write their descriptions?

dELTA
June 20th, 2008, 06:49
First of all, even though I'm quite sure you already know this, I must stress again that everyone can submit their own tools directly into the library, and update it themselves in real-time, since it's based on a wiki-backend (a fact which is relatively well hidden to the users though, for usability reasons).

I do understand though that initially mass-submitting a large amount of tools can be somewhat tiresome (guess who submitted the entire initial population... :rolleyes, so if you know a bunch of good tools but don't have the time to submit them all with full information, there are several alternatives:


Submit the tools only with partial information (like e.g. name, URL and a somewhat correct categorization), and other members of the library will be able to complete these tool entries with the rest of the information, collaboration, see!
Post a simple list of all these tools here, and I and other people can find out their full information and submit them to the library.
Email me more info about the tools, including any possible binaries etc (or download URLs to them if they are big), and I will take care of it in the best way possible.

Either way, any and all contributions are very welcome in order to make it an as good, comprehensive and useful library as possible, just like the CRCETL is already!


Oh, and one more thing to everyone:

While the previous Collaborative RCE Tool Library ("http://www.woodmann.com/collaborative/tools") (CRCETL) has its member database and authentication integrated with this message board, the new Collaborative InfoSec Tool Library ("http://www.woodmann.com/collaborative/sectools") (CISTL) has a separate member system, so you have to register a separate account in it. This is because there is a very strong connection between the RCE library and this RCE message board, but the InfoSec connection to this message board isn't as strong or obvious, so we didn't want to unnecessarily mash these two up.

dELTA
June 22nd, 2008, 05:52
Here is a little something to kick start the Google indexing of this new library, please ignore this, it is a list of links to all current tools in the library:

http://www.woodmann.com/collaborative/sectools/index.php/Aircrack
http://www.woodmann.com/collaborative/sectools/index.php/Airsnort
http://www.woodmann.com/collaborative/sectools/index.php/Angry_IP_Scanner
http://www.woodmann.com/collaborative/sectools/index.php/Argus
http://www.woodmann.com/collaborative/sectools/index.php/Arp_scan
http://www.woodmann.com/collaborative/sectools/index.php/BASE
http://www.woodmann.com/collaborative/sectools/index.php/BackTrack
http://www.woodmann.com/collaborative/sectools/index.php/Big_Brother
http://www.woodmann.com/collaborative/sectools/index.php/Brutus
http://www.woodmann.com/collaborative/sectools/index.php/Burp_Suite
http://www.woodmann.com/collaborative/sectools/index.php/CANVAS
http://www.woodmann.com/collaborative/sectools/index.php/Cain_%26_Abel
http://www.woodmann.com/collaborative/sectools/index.php/Cheops-ng
http://www.woodmann.com/collaborative/sectools/index.php/Chkrootkit
http://www.woodmann.com/collaborative/sectools/index.php/Core_Impact
http://www.woodmann.com/collaborative/sectools/index.php/Dsniff
http://www.woodmann.com/collaborative/sectools/index.php/Elcomsoft_Password_Recovery_Bundle
http://www.woodmann.com/collaborative/sectools/index.php/EtherApe
http://www.woodmann.com/collaborative/sectools/index.php/Ettercap
http://www.woodmann.com/collaborative/sectools/index.php/FireCAT
http://www.woodmann.com/collaborative/sectools/index.php/Firewalk
http://www.woodmann.com/collaborative/sectools/index.php/Fping
http://www.woodmann.com/collaborative/sectools/index.php/Fragroute
http://www.woodmann.com/collaborative/sectools/index.php/Fragrouter
http://www.woodmann.com/collaborative/sectools/index.php/GFI_LANguard_Network_Security_Scanner
http://www.woodmann.com/collaborative/sectools/index.php/Helix
http://www.woodmann.com/collaborative/sectools/index.php/Honeyd
http://www.woodmann.com/collaborative/sectools/index.php/Hping
http://www.woodmann.com/collaborative/sectools/index.php/I2P
http://www.woodmann.com/collaborative/sectools/index.php/Ike-scan
http://www.woodmann.com/collaborative/sectools/index.php/John_the_Ripper
http://www.woodmann.com/collaborative/sectools/index.php/KisMac
http://www.woodmann.com/collaborative/sectools/index.php/Kismet
http://www.woodmann.com/collaborative/sectools/index.php/Knoppix
http://www.woodmann.com/collaborative/sectools/index.php/L0phtcrack
http://www.woodmann.com/collaborative/sectools/index.php/MBSA
http://www.woodmann.com/collaborative/sectools/index.php/Main_Page
http://www.woodmann.com/collaborative/sectools/index.php/Malzilla
http://www.woodmann.com/collaborative/sectools/index.php/Metasploit_Framework
http://www.woodmann.com/collaborative/sectools/index.php/NBTScan
http://www.woodmann.com/collaborative/sectools/index.php/NMAP
http://www.woodmann.com/collaborative/sectools/index.php/Nagios
http://www.woodmann.com/collaborative/sectools/index.php/Nemesis
http://www.woodmann.com/collaborative/sectools/index.php/Nessus
http://www.woodmann.com/collaborative/sectools/index.php/NetStumbler
http://www.woodmann.com/collaborative/sectools/index.php/Netcat
http://www.woodmann.com/collaborative/sectools/index.php/Ngrep
http://www.woodmann.com/collaborative/sectools/index.php/Nikto
http://www.woodmann.com/collaborative/sectools/index.php/Ntop
http://www.woodmann.com/collaborative/sectools/index.php/OSSEC
http://www.woodmann.com/collaborative/sectools/index.php/Outpost9_Dictionaries
http://www.woodmann.com/collaborative/sectools/index.php/P0f
http://www.woodmann.com/collaborative/sectools/index.php/Paros_Proxy
http://www.woodmann.com/collaborative/sectools/index.php/Paul_Leyland_Dictionaries
http://www.woodmann.com/collaborative/sectools/index.php/Pwdump
http://www.woodmann.com/collaborative/sectools/index.php/RainbowCrack
http://www.woodmann.com/collaborative/sectools/index.php/Rootkit_Hunter
http://www.woodmann.com/collaborative/sectools/index.php/SARA
http://www.woodmann.com/collaborative/sectools/index.php/SPIKE
http://www.woodmann.com/collaborative/sectools/index.php/SPIKE_Proxy
http://www.woodmann.com/collaborative/sectools/index.php/Scapy
http://www.woodmann.com/collaborative/sectools/index.php/Sguil
http://www.woodmann.com/collaborative/sectools/index.php/Snort
http://www.woodmann.com/collaborative/sectools/index.php/Socat
http://www.woodmann.com/collaborative/sectools/index.php/SolarWinds
http://www.woodmann.com/collaborative/sectools/index.php/Splunk
http://www.woodmann.com/collaborative/sectools/index.php/Stunnel
http://www.woodmann.com/collaborative/sectools/index.php/SuperScan
http://www.woodmann.com/collaborative/sectools/index.php/THC-Amap
http://www.woodmann.com/collaborative/sectools/index.php/THC-Hydra
http://www.woodmann.com/collaborative/sectools/index.php/Tcpdump
http://www.woodmann.com/collaborative/sectools/index.php/Tcptraceroute
http://www.woodmann.com/collaborative/sectools/index.php/Tor
http://www.woodmann.com/collaborative/sectools/index.php/Unicornscan
http://www.woodmann.com/collaborative/sectools/index.php/WebScarab
http://www.woodmann.com/collaborative/sectools/index.php/Wikto
http://www.woodmann.com/collaborative/sectools/index.php/Wireshark
http://www.woodmann.com/collaborative/sectools/index.php/Xprobe
http://www.woodmann.com/collaborative/sectools/index.php/Yersinia

Oh, and as usual, if you see a good tool missing, please submit it yourself!

Maximus
July 3rd, 2008, 10:47
delta, out of curiosity do you plan a way to mass-submit tools?
One at one is somewhat a true pain.... a thing is adding few entries, a thing is to move hundred(s) tools there. Especially if one have to re-catalogue them, check on web if updates are available with respect to your version etc.

JMI
July 3rd, 2008, 11:07
I don't believe that, at the moment, there is a system for mass submitting a large group of tools because each one has to either be individually uploaded for a "Locally Archived Copy" or it needs to be linked to a specific location where the tool is supposed to be linked for possible download. I'm not sure how one could accomplish those requirements "on mass" for a group of tools.

dELTA, of course, created "his baby" and maybe he can figure out how this might be accomplished. At the moment, it is one by one.

Regards,

dELTA
July 4th, 2008, 06:05
Maximus, do you have any idea or suggestion regarding how such a thing could be done? And I don't mean how to implement it, but rather how such a thing would work in the first place, i.e. what procedure the user would follow for such a thing?

Like JMI, I have a little hard time imagining how it could be done while still including all the different fields for the tools? Sure, you could upload a CSV file or something like that, but would it really be easier for the user to prepare this CSV file than to just fill in the details directly into each tool entry at the site?

I'm open for all ideas and suggestions, so please let me know of any good ideas you might have. I just have a little hard time imagining how to solve this specific one myself, but it has happened before (rarely ) that there actually exist solutions to a problem in spite of this.

Silver
July 4th, 2008, 12:16
dELTA, I definitely think this is an "awesome" extension (addition? sibling?) to the RCE tool library, but like ol' Maxi there I'm concerned about the time taken to submit tools.

Here's a thought, not sure how practical though. Places like Download.com have RSS feeds for their downloads, would it be possible to index these and grab descriptions/info directly? I don't really have a fully rounded idea on how this might work, but my concern is the 80/20 rule. 80% of the tools we all know and love and so don't want to spend time adding to the library because they are ubiquitous, but if they're not added to the library then it's incomplete. Classic examples are nmap, netcat, nessus etc. Why bother adding a full and complete description for nessus when "everyone" knows what it does?

Where we need to spend the time is on the other 20% - the lesser known tools that are useful and that need a proper description etc in the library. So if there is some way to put in a tool name ("nessus" and get the library to poll some RSS feeds or websites or something to grab a description, it would save a huge amount of time on the common stuff and let us concentrate on the less common stuff that really makes the library useful.

What does everyone else think?

Actually, re-reading that I'm not sure I've explained myself clearly

dELTA
July 5th, 2008, 19:14
First of all, I have solved the 80/20 problem already, in a very elegant way... I added Fyodor's top 100 list of security tools manually myself to the library, so that no one else will have to do it. Now you can all focus on that other 20%.

About importing RSS feeds, I see two problems:

I just don't want to add any tools to the library, they should be useful and relevant in category. This would be very hard to accomplish with an auto RSS harvester, right? Or did I misunderstand something in your suggestion?
Every RSS feed of every different import source site will most likely have a different format to parse out the relevant information from. This would practically mean one custom RSS parser for each tool. This could possibly be made into a working solution, although quite complex/unintuitive, for updating tool entries (if people could specify an RSS feed URL and a regexp, or similar), but not quite as much for adding tools, see what I mean?

Regarding updating vs adding, I think it is a hundred times more important that a tool gets added to the library in the first place, than it being updated in the library for each update the tool subsequently gets.

So, this brings us back to the problem of the best/fastest way possible to add tools to the library, while still not just automatically harvesting arbitrary content of doubtful quality from a bunch of different RSS feeds, and while still making sure to get the info for all the different fields included in the submission (including the correct categorizations).

My best idea so far (which is the entire origin of the collaborative library idea) is actually that people probably must put in the extra few seconds of effort to get this good the first time a tool is added, BUT, instead, if just a lot of people add 1-3 tools each, it will still become a comprehensive library pretty quickly, without any particular person having to do a huge, or even, noticeable, job themselves.

Any other ideas (or clarifications of what I possibly missed in the previous suggestions)?

Oh, and even if you think it would be too much work to add all the cool tools that the library is missing so far, why not start with adding the 1-3 best of them, and we'll see what happens from there.

Finally: This problem of adding many tools should actually just be a problem in the special case period of initial population of the library. Once it has become somewhat comprehensive for the current point in time, new great tools will not pile up in huge masses each day. The idea with the library then is that you read about a new cool tool, e.g. in a blog entry, and you think "that would be really useful for the next time I will be doing XXX, I should really remember that tool", and then you open a second browser window with the CISTL, click the right category, click the add new tool button, fill in the relevant information in the fields, and bam, it's there, for yours and everyone else's reference, for the next time someone is in the particular situation where such a tool is needed.

Again, if you have large amounts of good tools that you know of which aren't in the library, just PM their names to me, and I'll research and add them myself. I'd gladly do this work to bring the library from the initial special case population period to the more long term goal of standard operation and maintenance, with mostly updates of existing tools, and some new tool being added just every other day, week or even month.

JMI
July 5th, 2008, 20:08
dELTA has this vision that, someday, there will be a large shinny statue, covered with the usual bird-droppings, dedicated to dELTA as the "creator" of the CRCETL.

And while dELTA can, and should be justly proud of his creation, we need to keep reminding him that the "statue", itself, will eventually just become a place for tired pigeons to rest and defecate and only we few, dedicated true fans of his accomplishments will remember all the tireless effort he has actually contributed to make this project actually work the way it does, with as little effort as it does require of those who chose to contribute to its storehouse of tools.



Regards,

Silver
July 6th, 2008, 08:21
Quote:
I added Fyodor's top 100 list of security tools manually myself to the library, so that no one else will have to do it.


I didn't want to say it Good move though!


Quote:
I just don't want to add any tools to the library, they should be useful and relevant in category. This would be very hard to accomplish with an auto RSS harvester, right? Or did I misunderstand something in your suggestion?


Yes, sorry, I didn't explain myself properly. I'm not suggesting you bulk-import tools from RSS. What I'm suggesting is that you have a couple of pre-configured, "known good" RSS sources. Then we can manually add a tool name/title to the database and click a handy "Get from RSS" button on the page. This button goes off to the known good RSS feeds and searches for the tool - if found it automatically populates the description, version fields etc.

That's why I suggested Download.com. It's a massive resource with millions of tools, it has a standard, structured RSS feed and would work well for retrieving descriptions.


But now that you've added the top 100 it's probably less necessary . See, that's the mind of a tech guy - when you can spend a couple of hours manually adding 100 tools or spend a couple of days writing some code to automatically import partial data for those tools, I choose the latter