It took me way too long, but finally I have a new release of my portscanner Poison. Here's the changelog from 1.5.3:
-- Added code to automatically save every single scan into ~.poison/poison-scans.csv
- Open ports won't be reported twice when banner grabbing is enabled
- Http banner only collects useful information
- Http banner grabbing now speaks HTTP/1.1 instead of HTTP/1.0
- Added portmapper support for banner grabbing. Now shows which services a portmapper offers
- Made OS fingerprinting a flag. Removes a lot of clutter from the output if disabled (-o)
- Added daemon mode (-d)
- Improved telnet banner grabbing
- Updated the random IP exclude list (random.c)
- Added country (top level domain) display to the scans
- Removed option -I
- Removed option -t
- Added flag to allow logging to a remote host (-z)
- Improved OS fingerprint handling
Even the most well-encrypted harddrive with the best chosen password may fall for a very simple, very low-tech attack employing a hardware keylogger. This paper shows a potential way to defend against these devices.
Find the paper in the respective section or download it here.
Description: Creates pcaps showing input files being downloaded from the web.
This handy utility takes any sort of input file and creates a pcap showing this file being downloaded from a remote web server. The pcap is a full tcp stream from syn to fin and all the sequence numbers and checksums and all that are correct.
Envoy is a personal firewall for Linux, similar to Windows tools like Zonealarm. A kernel module intercepts outgoing and incoming tcp connections, consults a userland daemon for the rules and if required tips off the Envoy gui to ask the user for decisions whether some program may establish a new connection.