Weekly Security Tools Digest
2001/02/23 to 2001/03/01

By Seán Boran (sean at boran.com) for SecurityPortal

Weekly Security Tools Digest Archive

To receive this digest via Email:

This is a summary of changes to free security tools over the last week.

The Rundown

Updates to General free tools this week include Eudora GnuPG plugin, GPA, GPGME, Seahorse, OpenSSH, Stunnel, Apache and Linux kernel.

Auditing and Intrusion Monitoring tools include SAINT, NetSaint, syslog-ng and 5 other new tools.

Firewalls for UNIX/Linux/BSD & Cross-platform include Zorp, Fireparse, IPtables, IPtables Linux Firewall, Firestarter and 3 other tools.

Tools for Linux/Unix/Cross Platform include APG, Exiscan, BUGS/bcrypt, SILC, Sectar and 4 other tools.

Tools for Windows include aTrans, aCrypt and Advanced Password Generator.

General Tools


This is a GnuPG plugin for windows. For now this plugin only supports plaintext, all email text/html messages will be converted to text/plain before going through these functions: signing email messages, verifying email signatures, encrypting (and signing), decrypting

Changes: adds the option to not Remember the Passphrase, the plugin can remember the passphrase while Eudora is running.

The GNU Privacy Assistant is a graphical user interface for the GNU Privacy Guard (GnuPG). GnuPG is a system that provides you with privacy by encrypting emails or other documents and with authentication of received files by signature management. GPA utilizes the GIMP Tool Kit (GTK) and compiles for various platforms.

Note: in the previous Tools Digest, this tools was named "Graphical GnuPG for Windows 1.0.4-17" and referred to the pre-compiled version of GnuPG 1.0.4 for Windows including the graphical interface (http://www.gnupg.org/download.html). In fact its correct name is GPA. The latest version could be downloaded at ftp://ftp.gnupg.org/pub/gcrypt/devel. My apologies for this mistake!

GnuPG Made Easy is a library designed to make access to GnuPG easier for applications. It provides a High-Level Crypto API for encryption, decryption, signing, signature verification and key management. Currently it uses GnuPG as it's backend but the API isn't restricted to this engine; in fact it is planned to add other backends to it.

Note: first time in the Tools Digest.

Seahorse is a Gnome front end for GnuPG - the Gnu Privacy Guard program. Data encryption and digital signature creation can easily be performed through a GUI and Key Management operations can easily be carried out through an intuitive interface.

Note: first time in the Tools Digest.



This is a Unix/Linux port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups. OpenSSH also features an independent implementation of the SSH2 protocol.

Changes: release of version 2.5.1p2. Consult ftp://ftp.ca.openbsd.org/pub/OpenBSD/OpenSSH/portable/ChangeLog for more information about the changes.



The Stunnel program is designed to work as an SSL encryption wrapper between remote client and local (inetd-startable) or remote server. It can be used to add SSL functionality to commonly used inetd daemons like POP2, POP3, and IMAP servers without any changes in the programs' code. It will negotiate an SSL connection using the OpenSSL or SSLeay libraries. It calls the underlying crypto libraries, so Stunnel supports whatever cryptographic algorithms you compiled into your crypto package. Runs on Windows and UNIX.

Changes: the pidfile creation algorithm has been changed.


Apache 1.3.19 - Apache 2.0a Alpha
Apache Software Foundation and The Apache Server Project

Changes: new version 1.3.19. The version 1.3.18 was not released due to an incorrect fix addressing hostnames with url-escaped characters. A corrected fix will be included in the next release. The version 1.3.19 of Apache is primarily a security fix release addressing a problem which could lead to a directory listing being displayed in place of an error message. Also, it fixes some broken functionality present in the 1.3.17 release and various Win32 issues. The main new feature is a new configuration error reporting if the UserDir argument is set to a relative path on Win32 or NetWare [which do not support home directories], or a relative path on any platform if that path includes the '*' username substitution. More detailed information at http://httpd.apache.org/dist/Announcement.html.


Linux 2.4.2

Linux Kernel version 2.4.2 released.

Changes: the biggest real changes that impact normal users are the two bugs that could corrupt your hard disk. The IDE driver bug and the elevator bug could cause   corruption, but probably has not actually bit people in practice. Other changes: sync up, smbfs and HIGHMEM fix, reiserfs tail unpacking fix ("null bytes in reiserfs files"), new cpia usb ID, misc. small sysv ipc fixes and remove overly restrictive sector size check for SCSI CD-ROM.

Auditing and Intrusion Monitoring Tools

SAINT 3.1.6
World Wide Digital Security, Inc.

Saint is a security scanning tool based on Satan.

Changes: new checks with this version: IMAP lsub vulnerability, Lotus Domino malformed HTML attachment vulnerability, latest vulnerability in ProFTP, Multiple vulnerabilities in Zope, PHP Nuke (opendir.php), VShell, Hex-encoded space (%20) source code exposure vulnerability in Netscape and Website Pro web servers, Cold Fusion startstop denial of service, SCO OpenServer calserver, Web servers allowing read access by escaped dot-dot-slash (\../) and man-cgi.


NetSaint Network Monitor 0.0.7 beta2
Ethan Galstad

NetSaint is a program that will monitor hosts and services on your network. It has the ability to email or page you when a problem arises and when it gets resolved. NetSaint is written in C and is designed to run under Linux, although it should work under most other Unix variants. It can run either as a normal process or as a daemon, intermittently running checks on various services that you specify. The actual service checks are performed by external "plugins" which return service information to NetSaint. Several CGI programs are included with NetSaint in order to allow you to view the current service status, history, etc. via a web browser.

Changes: beta 2 of the 0.0.7 release is now available. It fixes a few bugs found in beta 1. New versions of the NRPE (NetSaint Remote Plugin Executor 1.2.4) and NSCA (NetSaint Service Check Acceptor 1.1.0) are now available. The NSCA add-on can now encrypt traffic between the client and daemon using multiple crypto algorithms (DES, 3DES, CAST, xTEA, Twofish, LOKI97, RJINDAEL, SERPENT, GOST, SAFER/SAFER+, etc.) if you have the mcrypt libraries installed on your systems. Release of a new beta version of NSClient add-on, which allows you to monitor NT servers.


Syslog-ng 1.4.11 - Devel: 1.5.3
Balazs Scheidler

Syslog-ng is a syslogd replacement, but with new functionality for the new generation. The original syslogd allows messages only to be sorted based on priority/facility pair, Syslog-ng adds the possibility to filter based on message contents using regular expressions. The new configuration scheme is intuitive and powerful. Syslog-ng includes filtering using regular expressions, logging forwarding and hash protected logging (planned in version 1.5). It is multi-platform and requires libol-0.2.17.

Changes: new stable version 1.4.11. This new version fixes a long-standing SIGHUP problem.


Md5mon 1.3a
Serge Winitzki

Md5mon is a file monitor that verifies files by computing their checksums. The shell script is suitable for use as a basic security checking tool from cron. It features configurable monitoring levels, local copies of find/md5sum, and integrity checks to prevent tampering with itself. It can also use a more secure SHA sum instead of md5sum.

Note: first time in the Tools Digest.



ImSafe 0.2.2 (Devel)

ImSafe (Immune Security For your Enterprise) is a host-based intrusion detection tool. After a learning phase, it is able to detect changes in processes behavior, to detect buffer overflows, etc. It is implemented through a device driver (as a kernel patch) for the Linux kernel, but can also be run on other UNIX systems by using a "sensor" built upon strace.

Note: first time in the Tools Digest.


Cheops-ng 0.1.3
Brent Priddy

Cheops-ng is a graphical network management tool for mapping and monitoring your network. It has host/network discovery functionality, OS detection, and it also does a port scan of each computer to tell what services are running, so you can use or administer them.

Note: first time in the Tools Digest.



Viperdb 0.9.5
Peter Surda

Viperdb is a file checker. It is meant to be run from cron on a regular basis in order to monitor strange activity on a system. It supports checking of size, mtime, privileges, UID/GID, added/deleted files, and MD5 checksums. Data isn't stored in a single archive as in tripwire, but is split among all the monitored directories. This Viperdb is in fact a fork of the original, as the original authors seem unreachable.

Note: first time in the Tools Digest.


Mod_id 1.0

Mod_id is an interesting Apache Module which is an IDS system watching for suspicious URL's.

Note: first time in the Tools Digest.

Firewalls for UNIX/Linux/BSD & Cross-platform

Zorp 0.6.0 - Devel: 0.7.15
Balazs Scheidler

Zorp is a new-generation modular proxy firewall suite to fine tune proxy decisions with its built in script language, fully analyze complex protocols (like SSH with several forwarded TCP connections), and utilize outband authentication techniques (unlike common practices where proxy authentication had to be hacked into the protocol).

Changes: in policy.py.sample: fixed some 0.6isms, zorpctl: fixed a problem with restarting all instances. Zorp Reference Documentation added to the tarball in PDF format.


Fireparse 2.1
Aaron D. Marasco

Fireparse is a Perl script that emails a report of all packets that have been logged by the kernel's IPtables packet filtering subsystem. The report includes source and destination ports, direction, logged packet count, IPtables rules, and fully resolved host names (if available). The report can be formatted as plain text or as a colored HTML table. Fireparse also moves all IPtables entries from your syslog file into a second message file so that other syslog entries are more easily noticed and filtered. HTML output can also be sent to a dated file.

Changes: this version is not released yet but huge performance increases with smaller loading requirements are expected.



MonMotha's IPtables Masquerading Firewall 2.3.3
MonMotha and Steff

MonMotha's IPtables firewall is a shell script that implements masquerading and basic security using IPtables. It is easily configurable by modifying the options near the beginning and does not need to be rerun every time your IP address changes, making it perfect for users with dialup connections. Many features, such as SSH rulesets and limited flood protection, are available. There are three branches: the default branch (actual version is 2.3.3), the IPtables-insecure branch (actual version is 2.0.1) and the IPtables 2.2 branch (actual version is 2.2.0).

Changes: new default branch version 2.3.3. This release is currently not stable. There is no information about the modifications in this new version.

IPtables Linux Firewall  4.3f - Devel: 4.4b
Patrik Hildingsson

IPtables Linux Firewall is a firewall that uses NetFilter in Linux 2.4. It features easy configuration and a DMZ option, logs portscans (limited so they won't flood the logfile), and has stateful inspection, masquerading, and general NAT support.

Changes: new development version 4.4b: fixed NEW bug in CHECK_MAC, configurable log limit, multiport is now gone in external ports range, only exists in TRUST_EXT now. Trusted hosts may PING, SSH and now telnet into firewall.


Firestarter 0.6.1
Tomas Junnonen

Firestarter is a firewall tool for Linux, and uses GNOME. You can use the wizard to create a basic firewall, then streamline it further using the dynamic rules. You can open and close ports with a few clicks, or stealth your services giving access only to a select few. It features a real-time hit monitor which you can watch as attackers probe your machine for open ports.

Changes: fixed Linux 2.2 systems being left in a "deny all" state, fixed Linux 2.2 systems having wrong default policies, fixed some ToS problems on Linux 2.4 systems, added descriptive error dialogs for name lookup failures.


rTables Linux Firewall (Devel)

rTables is a detailed, custom, IPtables firewall for Linux 2.4.x, easily implemented on boxes with one to three network interfaces. It is currently set up to handle a single external LAN, single internal LAN, and a single internal DMZ with support for multiple LANs/DMZs to follow.

Changes: this is the fourth development release: fixed internal variable problem, added install documentation and script.


Iridium Firewall 1.49 - Devel: 1.5k
Ryan Edwards

Iridium Firewall is a script which uses the IPchains facility in Linux 2.2 to perform network packet filtering in an attempt to protect against network-based computer attacks. It's written so that users that know what they are doing can easily configure the script themselves, but it also offers a beginner many convenience flags to turn common features on and off. Iridium Firewall is packed with features, and it is heavily commented with instructions and explanations in an easy-to-read format.

Note: first time in the Tools Digest.



FireWall Log Spawn 1.0.7

FireWall Log Spawn is a simple Perl script which collects firewall information from the specified source, formats it to make it easier to read, and places it in another file.

Changes: option of parsing out 'lo' traffic, better summary, fixed up IPchains compatibility and option of creating a vanilla html page for easier viewing.

Tools for UNIX/Linux/BSD & Cross-platform

APG - Automated Password Generator 1.2.13
Adel I. Mirzazhanov

APG is the tool set for random password generation. There is a Standalone version that generates some random words of required type and prints them to standard output and there is a network version that consist of an APG server and of an APG client. When client's request is arrived, the server generates some random words of predefined type and send them to client over the network (according to RFC0972). APG uses two Password Generation. Algorithms: the Pronounceable Password Generation Algorithm (according to NIST FIPS 181) and the Random Character Password Generation Algorithm with 19 configurable modes of operation. The password length parameters are configurable as well as the amount of generated passwords. It supports /dev/random. It has the ability to use password generation service from any type of box (Mac, WinXX, etc.) that connected to network and has the ability to enforce remote users to use only allowed type of password generation.

Changes: version 1.2.12 and 1.2.13 released during this week: support for AIX has been added as well as some compatibility reports. Added support for NetBSD.


Exiscan 1.0
Tom Kistner

Exiscan is an email virus scanner which works together with the Exim MTA (http://www.exim.org). It is written in Perl and designed to be as subtle and lightweight as possible. Exiscan relies on McAffee's uvscan or Trend Micro's vscan to do the actual scanning work.

Changes: codename: "Smells like stable". New features: now uses the RipMIME mime unpacker, FPROT scanner support, and small fixes. Update Advice: no major fixes in this release, but RipMIME is supposedly more stable than reformime, so upgrading is advised.


BUGS/bcrypt 4.0.1
Sylvain Martinez
http://www.bcrypt.com/index_fr.html (in French)

BUGS is a strong dynamic private key encryption algorithm and applications. It is easy to use, and includes sample applications and documentation. The cryptography library can also be used with your own programs and is multi-platform.

Changes: this new version corrects a minor compilation problem on OpenBSD2.8.


SILC 20010228 (Devel)
Pekka Riikonen

SILC (Secure Internet Live Conferencing) is a protocol which provides secure conferencing services in the Internet over insecure channels. SILC superficially resembles IRC, although they are very different internally. The purpose of SILC is to provide secure conferencing services. Strong cryptographic methods are used to secure all traffic.

Changes: a lot of changes since the previous version. Please refer to http://silc.pspt.fi/changes.txt for more details.



Sectar 1.01
Brian Wagener & Katrina Illari

Secure Tar (Sectar) doesn't create encrypted tape archives (tar files) yet, but it can encrypt/decrypt files only using multiple blocksizes, and keysizes using the AES algorithm Rijndael. Once the standalone application is stable, then I will incorporate it with tar. The encryption is exported under exemption TSU 740.13.

Changes: added getopt.h to the distro, as well as the corresponding *.c files so you should be able to compile on more systems now. Has been tested on Solaris, and should be able to compile on all others.


BeeCrypt 2.0.0
Bob Deblier

BeeCrypt is an ongoing project to provide strong and fast cryptography in the form of a toolkit usable by commercial and open source projects. Included in the library are entropy sources, random generators, block ciphers, hash functions, message authentication codes, multiprecision integer routines, and public key primitives.

Note: first time in the Tools Digest. This is a different project from BUGS/bcrypt at http://www.bcrypt.com.


OutGuess 0.2
Niels Provos

OutGuess is a universal steganographic tool that allows the insertion of hidden information into the redundant bits of data sources. The nature of the data source is irrelevant to the core of OutGuess. The program relies on data specific handlers that will extract redundant bits and write them back after modification. In this version the PNM and JPEG image formats are supported. In the next paragraphs, images will be used as concrete example of data objects, though OutGuess can use any kind of data, as long as a handler is provided.

Note: first time in the Tools Digest.


No-Name Instant Messenger pre-release

No-Name Instant Messenger is a fast, cross-platform, and secure messaging client. The client uses public key crypto (such as RSA or El Gamal) and symmetric block ciphers (MARS, Twofish, etc.).

Note: first time in the Tools Digest.



Scponly 1.1

Scponly is an alternative shell (of sorts) for system administrators who would like to provide file transfer over SSH without providing any remote execution privileges. Functionally, it is best described as a wrapper to the "tried and true" SSH suite of applications. Some Features: logging: Scponly logs time, client IP, username, and the actual request to the scponly.log file, chroot: if compiled with this functionality, Scponly can chroot to the user's home directory, disallowing access to the rest of the filesystem, SFTP compatibility, file listing: aside from just scp, Scponly allows "ls" commands to be executed remotely, security checks: root login is disallowed (though root should never be configured to be using Scponly as the default shell.).

Note: first time in the Tools Digest.

Tools for Windows

aTrans & aCrypt
DataRescue Inc.

Easy to move, easy to use, P2P secure file transfer and chat on the windows 32 platform. AES encryption / RSA authentication / Diffie-Hellman EKE, on the fly compression, secure migration in a 400 kb self extracting encrypted package. It runs under Windows 2000, Windows 95/98 and Windows NT.

Note: first time in the Tools Digest. Currently, both aTrans and aCrypt are free. There's nothing to order. While they could develop extended versions of these products in the near future, there will always be a freeware version of aTrans and aCrypt.



Advanced Password Generator 2.74
Segobit Software

Advanced Password Generator is a application designed to generate passwords of any length and character content. Advanced Password Generator allow users to do choice random number generator, which built into this application.This feature is used to generate an extremely random seed value. Random number generators written in low-level language, and some of random number generators, which built into this application, is impossible to write in high-level language (Basic,Pascal,C++ and other). After registration user can to obtain the application with the own additional random number generator. Advanced Password Generator will create alphabetic, numeric, alphanumeric or all keyboard characters password of user-defined lengths. Password can be generated in lowercase or mixed case. All passwords can be printed. It runs under Windows 2000, Windows 95/98 and Windows NT.

Changes: no information about the changes.

Note: tools announced on forums are not necessarily updates or new or free, it's just that someone posted an announcement. We try out best to only notify you only of new or updated free tools.

About the Author

Seán Boran is an IT security consultant based in Switzerland and the author of the online IT Security Cookbook.

© Copyright 2001, SecurityPortal Inc. & Seán .Boran, All Rights Reserved, Last Update: 01 mars, 2001