PipeBytes is a nifty little web-based file transfer tool for sending content that doesn’t have any security sensitivity. The interesting thing about this tool is that it shows you when people are pulling the files and even gives a progress indicator.

Thanks to Ken for the link.

[ PipeBytes ]

A collection of open source tools — all configured to work together. Very interesting concept. Here are a few that it has.

• Arpwatch, used for mac anomaly detection.
• P0f, used for passive OS detection and os change analisys.
• Pads, used for service anomaly detection.
• Nessus, used for vulnerability assessment and for cross correlation (IDS vs Security Scanner).
• Snort, the IDS, also used for cross correlation with nessus.
• Spade, the statistical packet anomaly detection engine. Used to gain knowledge about attacks without signature.
• Tcptrack, used for session data information which can grant useful information for attack correlation.
• Ntop, which builds an impressive network information database from which we can get aberrant behaviour anomaly detection.
• Nagios. Being fed from the host asset database it monitors host and service availability information.
• Osiris, a great HIDS.

(thanks to Average Admins for the find)

Given my new watch I have been checking the time a lot lately (it’s an obsession). Normally I go to time.gov, but I grew tired of doing that and decided to make my own resource for doing this (much like my /ip page for checking my outgoing IP address). I’ve been wanting to mess with Ajax anyway, so I figured this was a good opportunity.

Since my main server for this site synchronizes via NTP it’s quite accurate, so I decided to employ a bit of Ajax to create a dynamically updating time display that uses my server as the source. I started with Justin’s nifty template, simplified it a bit, made it start upon page load instead of through a button, and used some CSS to format it — pretty simple stuff really.

The result is precisely what I was looking for:

1. A very accurate time display coming from my own site
2. Doesn’t require Java (yuk)
3. Allows you to watch the seconds tick by in real time (great for setting watches)

I love building things — no matter how simple.

dmiessler.com/time

I’ve added hostfind to my tools area.

Tool: Hostfind

[Edit: I just found this tool, and it makes mine look like a 4-year-old wrote mine. After a severe head trauma. It's written in a more powerful language, has a better approach, and yields better results. Naturally I'm going to see how he wrote his and learn from it.]

Fyodor, the author of Nmap, was just interviewed on SecurityFocus about the recent release of Nmap 4.00. He touched on a number of cool features that this major release has brought, and I thought it’d be worthwhile to make a list of the improvements.

These sorts of lists are helpful for me when trying to incorporate new functionality into how I currently use a tool. So, here’s the short overview:

• A rewritten scan engine makes it far faster and more memory efficient.
• Can now send raw ethernet frames — which allows it to attain full functionality on Windows XP SP2 systems that don’t have raw socket support.
• New ARP scanning and MAC spoofing capabilities.
• Far better documentation.
• Version detection vastly improved (including a threefold increase in the size of the signature database).
• You can now do runtime modification of scans, i.e. you can press enter during a scan to get an estimated time to finish, or press "v" to switch to verbose mode. Very cool.
• Major improvements in scanning multiple hosts and multiple ports on each host simultaneously.
• Parallel DNS queries.
• The addition of “port scan pings” that allow for improved performance vs. firewalled systems.

Overall, this release just looks incredible. I’m highly enthused about it (have already compiled it on my Mac), and look forward to using these new features. Oh, and for a complete list of changes, be sure to check out the changelog.:

I’m making the switch. My new system is going to be my security box as well as my main system. Well, either that or I’m going to see if work’ll buy me a Mac. Check it:

daniel@kairin daniel $ nmap tiberius Starting Nmap 4.00 ( http://www.insecure.org/nmap/ ) at 2006-02-07 02:23 EST Interesting ports on tiberius (10.100.5.200): (The 1666 ports scanned but not shown below are in state: closed) PORT STATE SERVICE 135/tcp open msrpc 139/tcp open netbios-ssn 445/tcp open microsoft-ds 1025/tcp open NFS-or-IIS 1027/tcp open IIS 3389/tcp open ms-term-serv

Nmap finished: 1 IP address (1 host up) scanned in 1.900 seconds daniel@kairin daniel $

…and that’s running from OS X (compiled natively) — no remote shell to a Linux box or nuttin’. Sure, we’ve been able to do this for a long time now, but for some reason I’ve been silly and haven’t.

From now on I’m going to be compliling all my security apps natively instead of using package managers for OS X; they just aren’t mature enough to me, and the packages all seem dated.

Yeah, this rocks.

This little tool is quite interesting; it watches what you do on your system, takes note of what you do that is repetitive, and then offers to script out a solution for you so that you don’t have to keep doing the same thing over and over.

Not something I’ll be using, personally, but a very cool concept indeed.

Tool: Eager

I’ve written a simple tool for speeding up the scanning of multiple networks using Nmap. It also does a bit of service analysis based on the results and outputs a list of live hosts for use with other tools.

It’s called Scat (Security Consultant’s Assessment Tool), and it’s available for download if anyone’s interested.

Tool: Scat

(Commence with the “crappy” tool jokes)