PACKETSTORM’S LISTING OF CISCO ANALYSIS TOOLS
http://packetstormsecurity.org/cisco/
BENCHMARK & AUDIT TOOL FOR CISCO IOS ROUTERS AND PIX FIREWALLS
http://www.cisecurity.org/bench_cisco.html
CIS LEVEL-1 / LEVEL-2 BENCHMARKS AND AUDIT TOOL FOR CISCO IOS ROUTERS AND PIX FIREWALLS.
- ABILITY TO SCORE CISCO ROUTER IOS.
- ABILITY TO SCORE CISCO PIX FIREWALLS.
- INCLUDES BENCHMARK DOCUMENTS(PDF) FOR BOTH CISCO IOS AND CISCO PIX SECURITY SETTINGS
CISCO TORCH
http://www.arhont.com/ViewPage7422.html?siteNodeId=3&languageId=1&contentId=-1
CISCO TORCH MASS SCANNING, FINGERPRINTING, AND EXPLOITATION TOOL WAS WRITTEN WHILE WORKING ON THE NEXT EDITION OF THE "HACKING EXPOSED CISCO NETWORKS", SINCE THE TOOLS AVAILABLE ON THE MARKET COULD NOT MEET OUR NEEDS. THE MAIN FEATURE THAT MAKES CISCO-TORCH DIFFERENT FROM SIMILAR TOOLS IS THE EXTENSIVE USE OF FORKING TO LAUNCH MULTIPLE SCANNING PROCESSES ON THE BACKGROUND FOR MAXIMUM SCANNING EFFICIENCY. ALSO, IT USES SEVERAL METHODS OF APPLICATION LAYER FINGERPRINTING SIMULTANEOUSLY, IF NEEDED. WE WANTED SOMETHING FAST TO DISCOVER REMOTE CISCO HOSTS RUNNING TELNET, SSH, WEB, NTP AND SNMP SERVICES AND LAUNCH DICTIONARY ATTACKS AGAINST THE SERVICES DISCOVERED.
EIGRP TOOLS
http://www.arhont.com/ViewPage7422.html?siteNodeId=3&languageId=1&contentId=-1
THIS IS A CUSTOM EIGRP PACKET GENERATOR AND SNIFFER DEVELOPED TO TEST THE SECURITY AND OVERALL OPERATION QUALITY OF THIS BRILLIANT CISCO ROUTING PROTOCOL. USING THIS TOOL REQUIRES A DECENT LEVEL OF KNOWLEDGE OF EIGRP OPERATIONS, PACKETS STRUCTURE AND TYPES, AS WELL AS THE LAYER 3 TOPOLOGY OF AN AUDITED NETWORK.
CISCOPACK
http://www.arhont.com/ViewPage7422.html?siteNodeId=3&languageId=1&contentId=-1
THIS IS THE IOS BINARY IMAGE PACKING AND UNPACKING PROGRAM CAPABLE OF CALCULATING A CORRECT CHECKSUM FOR THESE IMAGES.
PIX CHECKSUM DOS
http://www.arhont.com/ViewPage7422.html?siteNodeId=3&languageId=1&contentId=-1
THIS IS A PROOF OF CONCEPT PROGRAM THAT DEMONSTRATES THE VULNERABILITY OF CISCO PIX DEVICES TO A DENIAL OF SERVICE ATTACK USING A SPOOFED BAD CHECKSUM PACKET.
CPFPC
CISCO PIX FIREWALL PASSWORD CALCULATOR) PRODUCES THE ENCRYPTED FORM OF CISCO PIX ENABLE MODE PASSWORDS WITHOUT THE NEED TO ACCESS THE DEVICE.
ULTIMA RATIO
http://www.phenoelit.de/ultimaratio/index.html
A REMOTE CISCO IOS EXPLOIT
NIPPER
http://sourceforge.net/projects/nipper
NIPPER IS A NETWORK INFRASTRUCTURE CONFIGURATION PARSER. NIPPER TAKES A NETWORK INFRASTRUCTURE DEVICE CONFIGURATION, PROCESSES THE FILE AND DETAILS SECURITY-RELATED ISSUES WITH THE CONFIGURATION TOGETHER WITH DETAILED RECOMMENDATIONS. NIPPER WAS PREVIOUS KNOWN AS CISCOPARSE. NIPPER CURRENTLY SUPPORTS CISCO SWITCHES (IOS), CISCO ROUTERS (IOS), CISCO FIREWALLS (PIX/ASA/FWSM) AND JUNIPER NETSCREEN (SCREENOS). OUTPUT IS IN HTML, LATEX, XML AND TEXT. ENCRYPTED PASSWORDS CAN BE OUTPUT TO A JOHN-THE-RIPPER FILE FOR STRENGTH TESTING.
VOMIT
THE VOMIT UTILITY CONVERTS A CISCO IP PHONE CONVERSATION INTO A WAVE FILE THAT CAN BE PLAYED WITH ORDINARY SOUND PLAYERS. VOMIT REQUIRES A TCPDUMP OUTPUT FILE.
CISCO GLOBAL EXPLOITER
http://packetstormsecurity.org/0405-exploits/cge-13.tar.gz
CISCO GLOBAL EXPLOITER IS A TOOL THAT DEMONSTRATES EXPLOITATION OF THE CISCO 677/678 TELNET BUFFER OVERFLOW VULNERABILITY, IOS ROUTER DENIAL OF SERVICE VULNERABILITY, IOS HTTP AUTH VULNERABILITY AND CISCO IOS HTTP CONFIGURATION ARBITRARY ADMINISTRATIVE ACCESS VULNERABILITY, CISCO CATALYST SSH PROTOCOL MISMATCH DENIAL OF SERVICE VULNERABILITY, CISCO 675 WEB ADMINISTRATION DENIAL OF SERVICE VULNERABILITY, CISCO CATALYST 3500 XL REMOTE ARBITRARY COMMAND VULNERABILITY, CISCO IOS SOFTWARE HTTP REQUEST DENIAL OF SERVICE VULNERABILITY, CISCOSECURE ACS FOR WINDOWS NT SERVER DENIAL OF SERVICE VULNERABILITY, CISCO CATALYST MEMORY LEAK VULNERABILITY, CISCO CATOS CISCOVIEW HTTP SERVER BUFFER OVERFLOW VULNERABILITY, %U ENCODING IDS BYPASS VULNERABILITY (UTF), AND CISCO IOS HTTP DENIAL OF SERVICE VULNERABILITY.
CISTO
http://sourceforge.net/projects/cisto/
CISTO (CISCO SCRIPT TOOL) TOOL FOR MANAGING CISCO DEVICES (IOS, CATOS). ALLOWS TO GET CONFIGS, DO CONFIGURATION, INSTALL NEW IMAGES, CHANGE PASSWORDS, DO SINGLE OR LIST OF SHOW COMMANDS AND LOTS MORE FOR A GIVEN LIST OF DEVICES (RUNNING PARALLEL PROZ.)
SWITCHMAP
http://sourceforge.net/projects/switchmap/
EXAMPLE CAPTURES ARE LOCATED HERE:
http://switchmap.sourceforge.net/portlists/
SWITCHMAP IS A PERL PROGRAM THAT CREATES HTML PAGES THAT SHOW INFORMATION ABOUT A SET OF CISCO ETHERNET SWITCHES. THIS PROGRAM USES SNMP TO GATHER DATA FROM THE SWITCHES.
RANCID
http://www.shrubbery.net/rancid/
RANCID MONITORS A ROUTER'S (OR MORE GENERALLY A DEVICE'S) CONFIGURATION, INCLUDING SOFTWARE AND HARDWARE (CARDS, SERIAL NUMBERS, ETC) AND USES CVS (CONCURRENT VERSION SYSTEM) OR SUBVERSION TO MAINTAIN HISTORY OF CHANGES.
RANCID DOES THIS BY THE VERY SIMPLE PROCESS SUMMARIZED HERE:
- LOGIN TO EACH DEVICE IN THE ROUTER TABLE (ROUTER.DB),
- RUN VARIOUS COMMANDS TO GET THE INFORMATION THAT WILL BE SAVED,
- COOK THE OUTPUT; RE-FORMAT, REMOVE OSCILLATING OR INCREMENTING DATA,
- EMAIL ANY DIFFERENCES (SAMPLE) FROM THE PREVIOUS COLLECTION TO A MAIL LIST,
- AND FINALLY COMMIT THOSE CHANGES TO THE REVISION CONTROL SYSTEM
RANCID ALSO INCLUDES LOOKING GLASS SOFTWARE. IT IS BASED ON ED KERN'S LOOKING GLASS WHICH WAS ONCE USED FOR HTTP://NITROUS.DIGEX.NET/, FOR THE OLD-SCHOOL FOLKS WHO REMEMBER IT. OUR VERSION HAS ADDED FUNCTIONS, SUPPORTS CISCO, JUNIPER, AND FOUNDRY AND USES THE LOGIN SCRIPTS THAT COME WITH RANCID; SO IT CAN USE TELNET OR SSH TO CONNECT TO YOUR DEVICES(S).
RANCID CURRENTLY SUPPORTS CISCO ROUTERS, JUNIPER ROUTERS, CATALYST SWITCHES, FOUNDRY SWITCHES, REDBACK NASS, ADC EZT3 MUXES, MRTD (AND THUS LIKELY IRRD), ALTEON SWITCHES, AND HP PROCURVE SWITCHES AND A HOST OF OTHERS.
RANCID IS KNOWN TO BE USED AT: AOL, GLOBAL CROSSING, MFN, NTT AMERICA, CERTAINTY SOLUTIONS INC.
SIPTIGER
http://www.vovida.org/applications/downloads/siptiger/
SIPTIGER IS A WEB-BASED PROVISIONING UTILITY FOR CISCO'S LINE OF 7960 AND 7940 SESSION INITIATION PROTOCOL (SIP) IP PHONES AND CISCO SIP PROXY SERVERS (CSPS). THIS UTILITY IS USEFUL FOR ANYONE DEPLOYING CISCO 7960/7940 SIP IP PHONES.
IOSTACK.PL
http://www.phenoelit-us.org/ultimaratio/IOStack2.tgz
IOSTACK.PL IS A SCRIPT TO READ OUT IOS STACK RETURN ADDRESS LOCATIONS.
CISCO ROUTER PASSWORD DECODER
http://www.loud-fat-bloke.co.uk/tools/ciscopass.txt
Simple little perl script to decode router passwords.
1 comment:
Thanks for the tips! I am looking into having a network security audit performed to make sure that my business information is protected and my security is really effective.
Post a Comment