Results 1 to 11 of 11

Thread: Collaborative InfoSec Tool Library: New library for IT security tools!

  1. #1
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,206
    Blog Entries
    5

    Collaborative InfoSec Tool Library: New library for IT security tools!

    Most people around here are well aware of the Collaborative RCE Tool Library (http://www.woodmann.com/collaborative/tools), which we have had running for more than six months by now. This library, and the entire model and backend upon which it is built, has been a huge success from the start!

    Because of this, because of the fact that RCE and IT security in general are becoming more intertwined for each day that passes, and finally because lots of the people who frequent this place are IT security professionals in a broader sense that just RCE (and ok, because I'm one of them ), we are hereby presenting a new and shiny collaborative tool library for the entire IT security field (minus the RCE field, which will stay in the Collaborative RCE Tool Library, due to its size compared to the rest of the IT security field), namely:

    The Collaborative InfoSec Tool Library:
    http://www.woodmann.com/collaborative/sectools

    I have given it a start population consisting of about 100 of the most popular IT security tools used in the field today, but there are of course vast amounts of more tools to be added, by all you people!

    So welcome to this new library all security buffs, and may it become as successful as the Collaborative RCE Tool Library, with your help!

    Subscribe to the additions and updates RSS feed already today, to keep yourself posted of all new cool IT security tools from this point on!


    The following link should hopefully also get Google up and running indexing it in a good way ASAP:
    http://www.woodmann.com/collaborative/sectools/index.php/Special:Allpages

    Enjoy!
    "Give a man a quote from the FAQ, and he'll ignore it. Print the FAQ, shove it up his ass, kick him in the balls, DDoS his ass and kick/ban him, and the point usually gets through eventually."

  2. #2
    ...if I send you a package of the missing tools, will you write their descriptions?
    I want to know God's thoughts ...the rest are details.
    (A. Einstein)
    --------
    ..."a shellcode is a command you do at the linux shell"...

  3. #3
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,206
    Blog Entries
    5
    First of all, even though I'm quite sure you already know this, I must stress again that everyone can submit their own tools directly into the library, and update it themselves in real-time, since it's based on a wiki-backend (a fact which is relatively well hidden to the users though, for usability reasons).

    I do understand though that initially mass-submitting a large amount of tools can be somewhat tiresome (guess who submitted the entire initial population... ), so if you know a bunch of good tools but don't have the time to submit them all with full information, there are several alternatives:

    1. Submit the tools only with partial information (like e.g. name, URL and a somewhat correct categorization), and other members of the library will be able to complete these tool entries with the rest of the information, collaboration, see!
    2. Post a simple list of all these tools here, and I and other people can find out their full information and submit them to the library.
    3. Email me more info about the tools, including any possible binaries etc (or download URLs to them if they are big), and I will take care of it in the best way possible.

    Either way, any and all contributions are very welcome in order to make it an as good, comprehensive and useful library as possible, just like the CRCETL is already!


    Oh, and one more thing to everyone:

    While the previous Collaborative RCE Tool Library (CRCETL) has its member database and authentication integrated with this message board, the new Collaborative InfoSec Tool Library (CISTL) has a separate member system, so you have to register a separate account in it. This is because there is a very strong connection between the RCE library and this RCE message board, but the InfoSec connection to this message board isn't as strong or obvious, so we didn't want to unnecessarily mash these two up.
    "Give a man a quote from the FAQ, and he'll ignore it. Print the FAQ, shove it up his ass, kick him in the balls, DDoS his ass and kick/ban him, and the point usually gets through eventually."

  4. #4
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,206
    Blog Entries
    5
    Here is a little something to kick start the Google indexing of this new library, please ignore this, it is a list of links to all current tools in the library:

    http://www.woodmann.com/collaborative/sectools/index.php/Aircrack
    http://www.woodmann.com/collaborative/sectools/index.php/Airsnort
    http://www.woodmann.com/collaborative/sectools/index.php/Angry_IP_Scanner
    http://www.woodmann.com/collaborative/sectools/index.php/Argus
    http://www.woodmann.com/collaborative/sectools/index.php/Arp_scan
    http://www.woodmann.com/collaborative/sectools/index.php/BASE
    http://www.woodmann.com/collaborative/sectools/index.php/BackTrack
    http://www.woodmann.com/collaborative/sectools/index.php/Big_Brother
    http://www.woodmann.com/collaborative/sectools/index.php/Brutus
    http://www.woodmann.com/collaborative/sectools/index.php/Burp_Suite
    http://www.woodmann.com/collaborative/sectools/index.php/CANVAS
    http://www.woodmann.com/collaborative/sectools/index.php/Cain_%26_Abel
    http://www.woodmann.com/collaborative/sectools/index.php/Cheops-ng
    http://www.woodmann.com/collaborative/sectools/index.php/Chkrootkit
    http://www.woodmann.com/collaborative/sectools/index.php/Core_Impact
    http://www.woodmann.com/collaborative/sectools/index.php/Dsniff
    http://www.woodmann.com/collaborative/sectools/index.php/Elcomsoft_Password_Recovery_Bundle
    http://www.woodmann.com/collaborative/sectools/index.php/EtherApe
    http://www.woodmann.com/collaborative/sectools/index.php/Ettercap
    http://www.woodmann.com/collaborative/sectools/index.php/FireCAT
    http://www.woodmann.com/collaborative/sectools/index.php/Firewalk
    http://www.woodmann.com/collaborative/sectools/index.php/Fping
    http://www.woodmann.com/collaborative/sectools/index.php/Fragroute
    http://www.woodmann.com/collaborative/sectools/index.php/Fragrouter
    http://www.woodmann.com/collaborative/sectools/index.php/GFI_LANguard_Network_Security_Scanner
    http://www.woodmann.com/collaborative/sectools/index.php/Helix
    http://www.woodmann.com/collaborative/sectools/index.php/Honeyd
    http://www.woodmann.com/collaborative/sectools/index.php/Hping
    http://www.woodmann.com/collaborative/sectools/index.php/I2P
    http://www.woodmann.com/collaborative/sectools/index.php/Ike-scan
    http://www.woodmann.com/collaborative/sectools/index.php/John_the_Ripper
    http://www.woodmann.com/collaborative/sectools/index.php/KisMac
    http://www.woodmann.com/collaborative/sectools/index.php/Kismet
    http://www.woodmann.com/collaborative/sectools/index.php/Knoppix
    http://www.woodmann.com/collaborative/sectools/index.php/L0phtcrack
    http://www.woodmann.com/collaborative/sectools/index.php/MBSA
    http://www.woodmann.com/collaborative/sectools/index.php/Main_Page
    http://www.woodmann.com/collaborative/sectools/index.php/Malzilla
    http://www.woodmann.com/collaborative/sectools/index.php/Metasploit_Framework
    http://www.woodmann.com/collaborative/sectools/index.php/NBTScan
    http://www.woodmann.com/collaborative/sectools/index.php/NMAP
    http://www.woodmann.com/collaborative/sectools/index.php/Nagios
    http://www.woodmann.com/collaborative/sectools/index.php/Nemesis
    http://www.woodmann.com/collaborative/sectools/index.php/Nessus
    http://www.woodmann.com/collaborative/sectools/index.php/NetStumbler
    http://www.woodmann.com/collaborative/sectools/index.php/Netcat
    http://www.woodmann.com/collaborative/sectools/index.php/Ngrep
    http://www.woodmann.com/collaborative/sectools/index.php/Nikto
    http://www.woodmann.com/collaborative/sectools/index.php/Ntop
    http://www.woodmann.com/collaborative/sectools/index.php/OSSEC
    http://www.woodmann.com/collaborative/sectools/index.php/Outpost9_Dictionaries
    http://www.woodmann.com/collaborative/sectools/index.php/P0f
    http://www.woodmann.com/collaborative/sectools/index.php/Paros_Proxy
    http://www.woodmann.com/collaborative/sectools/index.php/Paul_Leyland_Dictionaries
    http://www.woodmann.com/collaborative/sectools/index.php/Pwdump
    http://www.woodmann.com/collaborative/sectools/index.php/RainbowCrack
    http://www.woodmann.com/collaborative/sectools/index.php/Rootkit_Hunter
    http://www.woodmann.com/collaborative/sectools/index.php/SARA
    http://www.woodmann.com/collaborative/sectools/index.php/SPIKE
    http://www.woodmann.com/collaborative/sectools/index.php/SPIKE_Proxy
    http://www.woodmann.com/collaborative/sectools/index.php/Scapy
    http://www.woodmann.com/collaborative/sectools/index.php/Sguil
    http://www.woodmann.com/collaborative/sectools/index.php/Snort
    http://www.woodmann.com/collaborative/sectools/index.php/Socat
    http://www.woodmann.com/collaborative/sectools/index.php/SolarWinds
    http://www.woodmann.com/collaborative/sectools/index.php/Splunk
    http://www.woodmann.com/collaborative/sectools/index.php/Stunnel
    http://www.woodmann.com/collaborative/sectools/index.php/SuperScan
    http://www.woodmann.com/collaborative/sectools/index.php/THC-Amap
    http://www.woodmann.com/collaborative/sectools/index.php/THC-Hydra
    http://www.woodmann.com/collaborative/sectools/index.php/Tcpdump
    http://www.woodmann.com/collaborative/sectools/index.php/Tcptraceroute
    http://www.woodmann.com/collaborative/sectools/index.php/Tor
    http://www.woodmann.com/collaborative/sectools/index.php/Unicornscan
    http://www.woodmann.com/collaborative/sectools/index.php/WebScarab
    http://www.woodmann.com/collaborative/sectools/index.php/Wikto
    http://www.woodmann.com/collaborative/sectools/index.php/Wireshark
    http://www.woodmann.com/collaborative/sectools/index.php/Xprobe
    http://www.woodmann.com/collaborative/sectools/index.php/Yersinia

    Oh, and as usual, if you see a good tool missing, please submit it yourself!
    "Give a man a quote from the FAQ, and he'll ignore it. Print the FAQ, shove it up his ass, kick him in the balls, DDoS his ass and kick/ban him, and the point usually gets through eventually."

  5. #5
    delta, out of curiosity do you plan a way to mass-submit tools?
    One at one is somewhat a true pain.... a thing is adding few entries, a thing is to move hundred(s) tools there. Especially if one have to re-catalogue them, check on web if updates are available with respect to your version etc.
    I want to know God's thoughts ...the rest are details.
    (A. Einstein)
    --------
    ..."a shellcode is a command you do at the linux shell"...

  6. #6
    I don't believe that, at the moment, there is a system for mass submitting a large group of tools because each one has to either be individually uploaded for a "Locally Archived Copy" or it needs to be linked to a specific location where the tool is supposed to be linked for possible download. I'm not sure how one could accomplish those requirements "on mass" for a group of tools.

    dELTA, of course, created "his baby" and maybe he can figure out how this might be accomplished. At the moment, it is one by one.

    Regards,
    JMI

  7. #7
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,206
    Blog Entries
    5
    Maximus, do you have any idea or suggestion regarding how such a thing could be done? And I don't mean how to implement it, but rather how such a thing would work in the first place, i.e. what procedure the user would follow for such a thing?

    Like JMI, I have a little hard time imagining how it could be done while still including all the different fields for the tools? Sure, you could upload a CSV file or something like that, but would it really be easier for the user to prepare this CSV file than to just fill in the details directly into each tool entry at the site?

    I'm open for all ideas and suggestions, so please let me know of any good ideas you might have. I just have a little hard time imagining how to solve this specific one myself, but it has happened before (rarely ) that there actually exist solutions to a problem in spite of this.
    "Give a man a quote from the FAQ, and he'll ignore it. Print the FAQ, shove it up his ass, kick him in the balls, DDoS his ass and kick/ban him, and the point usually gets through eventually."

  8. #8
    dELTA, I definitely think this is an "awesome" extension (addition? sibling?) to the RCE tool library, but like ol' Maxi there I'm concerned about the time taken to submit tools.

    Here's a thought, not sure how practical though. Places like Download.com have RSS feeds for their downloads, would it be possible to index these and grab descriptions/info directly? I don't really have a fully rounded idea on how this might work, but my concern is the 80/20 rule. 80% of the tools we all know and love and so don't want to spend time adding to the library because they are ubiquitous, but if they're not added to the library then it's incomplete. Classic examples are nmap, netcat, nessus etc. Why bother adding a full and complete description for nessus when "everyone" knows what it does?

    Where we need to spend the time is on the other 20% - the lesser known tools that are useful and that need a proper description etc in the library. So if there is some way to put in a tool name ("nessus") and get the library to poll some RSS feeds or websites or something to grab a description, it would save a huge amount of time on the common stuff and let us concentrate on the less common stuff that really makes the library useful.

    What does everyone else think?

    Actually, re-reading that I'm not sure I've explained myself clearly
    Still here...

  9. #9
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,206
    Blog Entries
    5
    First of all, I have solved the 80/20 problem already, in a very elegant way... I added Fyodor's top 100 list of security tools manually myself to the library, so that no one else will have to do it. Now you can all focus on that other 20%.

    About importing RSS feeds, I see two problems:
    1. I just don't want to add any tools to the library, they should be useful and relevant in category. This would be very hard to accomplish with an auto RSS harvester, right? Or did I misunderstand something in your suggestion?
    2. Every RSS feed of every different import source site will most likely have a different format to parse out the relevant information from. This would practically mean one custom RSS parser for each tool. This could possibly be made into a working solution, although quite complex/unintuitive, for updating tool entries (if people could specify an RSS feed URL and a regexp, or similar), but not quite as much for adding tools, see what I mean?

    Regarding updating vs adding, I think it is a hundred times more important that a tool gets added to the library in the first place, than it being updated in the library for each update the tool subsequently gets.

    So, this brings us back to the problem of the best/fastest way possible to add tools to the library, while still not just automatically harvesting arbitrary content of doubtful quality from a bunch of different RSS feeds, and while still making sure to get the info for all the different fields included in the submission (including the correct categorizations).

    My best idea so far (which is the entire origin of the collaborative library idea) is actually that people probably must put in the extra few seconds of effort to get this good the first time a tool is added, BUT, instead, if just a lot of people add 1-3 tools each, it will still become a comprehensive library pretty quickly, without any particular person having to do a huge, or even, noticeable, job themselves.

    Any other ideas (or clarifications of what I possibly missed in the previous suggestions)?

    Oh, and even if you think it would be too much work to add all the cool tools that the library is missing so far, why not start with adding the 1-3 best of them, and we'll see what happens from there.

    Finally: This problem of adding many tools should actually just be a problem in the special case period of initial population of the library. Once it has become somewhat comprehensive for the current point in time, new great tools will not pile up in huge masses each day. The idea with the library then is that you read about a new cool tool, e.g. in a blog entry, and you think "that would be really useful for the next time I will be doing XXX, I should really remember that tool", and then you open a second browser window with the CISTL, click the right category, click the add new tool button, fill in the relevant information in the fields, and bam, it's there, for yours and everyone else's reference, for the next time someone is in the particular situation where such a tool is needed.

    Again, if you have large amounts of good tools that you know of which aren't in the library, just PM their names to me, and I'll research and add them myself. I'd gladly do this work to bring the library from the initial special case population period to the more long term goal of standard operation and maintenance, with mostly updates of existing tools, and some new tool being added just every other day, week or even month.
    "Give a man a quote from the FAQ, and he'll ignore it. Print the FAQ, shove it up his ass, kick him in the balls, DDoS his ass and kick/ban him, and the point usually gets through eventually."

  10. #10
    dELTA has this vision that, someday, there will be a large shinny statue, covered with the usual bird-droppings, dedicated to dELTA as the "creator" of the CRCETL.

    And while dELTA can, and should be justly proud of his creation, we need to keep reminding him that the "statue", itself, will eventually just become a place for tired pigeons to rest and defecate and only we few, dedicated true fans of his accomplishments will remember all the tireless effort he has actually contributed to make this project actually work the way it does, with as little effort as it does require of those who chose to contribute to its storehouse of tools.



    Regards,
    JMI

  11. #11
    I added Fyodor's top 100 list of security tools manually myself to the library, so that no one else will have to do it.
    I didn't want to say it Good move though!


    I just don't want to add any tools to the library, they should be useful and relevant in category. This would be very hard to accomplish with an auto RSS harvester, right? Or did I misunderstand something in your suggestion?
    Yes, sorry, I didn't explain myself properly. I'm not suggesting you bulk-import tools from RSS. What I'm suggesting is that you have a couple of pre-configured, "known good" RSS sources. Then we can manually add a tool name/title to the database and click a handy "Get from RSS" button on the page. This button goes off to the known good RSS feeds and searches for the tool - if found it automatically populates the description, version fields etc.

    That's why I suggested Download.com. It's a massive resource with millions of tools, it has a standard, structured RSS feed and would work well for retrieving descriptions.


    But now that you've added the top 100 it's probably less necessary . See, that's the mind of a tech guy - when you can spend a couple of hours manually adding 100 tools or spend a couple of days writing some code to automatically import partial data for those tools, I choose the latter
    Still here...

Similar Threads

  1. Collaborative RCE Tool Library - official discussion thread
    By dELTA in forum Tools of Our Trade (TOT) Messageboard
    Replies: 60
    Last Post: August 15th, 2012, 01:12
  2. Collaborative InfoSec Tool Library - official discussion thread
    By dELTA in forum Tools of Our Trade (TOT) Messageboard
    Replies: 3
    Last Post: April 5th, 2010, 16:19
  3. Replies: 1
    Last Post: February 24th, 2008, 18:27
  4. Collaborative RCE Tool Library contents so far
    By dELTA in forum Blogs Forum
    Replies: 7
    Last Post: January 5th, 2008, 12:06
  5. The Collaborative RCE Tool Library
    By Ring3 Circus in forum Blogs Forum
    Replies: 1
    Last Post: December 30th, 2007, 09:13

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •