Firejail is a SUID security sandbox program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces and seccomp-bpf. It allows a process and all its descendants to have their own private view of the globally shared kernel resources, such as the network stack, process table, mount table.
Firejail can sandbox any type of processes: servers, graphical applications, and even user login sessions. Written in C with virtually no dependencies, it should work on any Linux computer with a 3.x kernel version.
Cuckoo Sandbox is a modular, automated malware analysis system. Running from command-line on a Linux or Mac host, it uses python and virtualization (VirtualBox, QEMU-KVM, etc) to create an isolated Windows guest environment to safely and automatically run and analyze files to collect comprehensive file behavior analysis. These results outline what the malware does while running inside an isolated Windows operating system, including Win32 API calls, files created/deleted, memory dumps, network traffic trace, screenshots of execution behavior, and full memory dumps of virtual machines.
Malwr.com is a free, non-commercial, closed-source example of a running instance of Cuckoo Sandbox while also using VirusTotal (Google subsidiary) APIs and libraries to present the file analysis.
Supported Host Operating Systems: GNU/Linux (Debian/Ubuntu preferred), Mac OS X Required Host Software: Python-2.7, Virtualization (VirtualBox, QEMU-KVM, etc) Supported Virtualized Operating Systems: Windows XP Service Pack 3, Windows Vista, Windows 7
Rootkit Hunter is a POSIX system scanner for rootkits, backdoors and local exploits by running tests like:
- MD5 hash compare
- Look for default files used by rootkits
- Wrong file permissions for binaries
- Look for suspected strings in LKM and KLD modules
- Look for hidden files
- Optional scan within plaintext and binary files
Rootkit Hunter is released as GPL licensed project and free for everyone to use. Can be installed on macOS via Homebrew.
Chkrootkit is a Linux tool to locally check for signs of a rootkit. It contains:
- chkrootkit: shell script that checks system binaries for rootkit modification.
- ifpromisc.c: checks if the interface is in promiscuous mode.
- chklastlog.c: checks for lastlog deletions.
- chkwtmp.c: checks for wtmp deletions.
- chkproc.c: checks for signs of LKM trojans.
- chkdirs.c: checks for signs of LKM trojans.
- strings.c: quick and dirty strings replacement.
- chkutmp.c: checks for utmp deletions.
Kaspersky Lab has developed the TDSSKiller utility that allows removing rootkits.
Tiger is a Linux security tool that can be use both as a security audit and intrusion detection system.
Tiger can be used as an audit tool and a host intrusion detection system tool. Free Software intrusion detection is currently going many ways: network IDS, kernel, file integrity and log checkers and logcheckers. But few of them focus on the host-side of intrusion detection fully.
Tiger complements these tools and also provides a framework in which all of them can work together.
Lynis is an open source security auditing tool. Primary goal is to help users with auditing and hardening of Unix and Linux based systems. The software is very flexible and runs on almost every Unix based system (including Mac). Even the installation of the software itself is optional!
How it works
Lynis will perform hundreds of individual tests to determine the security state of the system. Many of these tests are also part of common security guidelines and standards. Examples include searching for installed software and determine possible configuration flaws. Lynis goes further and does also test individual software components, checks related configuration files and measures performance. After these tests, a scan report will be displayed with all discovered findings. Typical use cases for Lynis: *Security auditing *Vulnerability scanning *System hardening
Fail2ban scans log files (e.g. /var/log/apache/error_log) and bans IPs that show the malicious signs -- too many password failures, seeking for exploits, etc. Generally Fail2Ban is then used to update firewall rules to reject the IP addresses for a specified amount of time, although any arbitrary other action (e.g. sending an email) could also be configured. Out of the box Fail2Ban comes with filters for various services (apache, courier, ssh, etc).
Fail2Ban is able to reduce the rate of incorrect authentications attempts however it cannot eliminate the risk that weak authentication presents. Configure services to use only two factor or public/private authentication mechanisms if you really want to protect services.
SSHGuard monitors services through their logging activity. It reacts to messages about dangerous activity by blocking the source address with the local firewall. SSHGuard employs a clever parser that can transparently recognize several logging formats at once (syslog, syslog-ng, metalog, multilog, raw messages), and detects attacks for many services out of the box, including SSH, several ftpds, and dovecot. It can operate all the major firewalling systems, and features support for IPv6, whitelisting, suspension, and log message authentication.
MailScanner scans email for viruses, spam, phishing, malware, and other attacks against security vulnerabilities and plays a major part in the security of a network. By virtue of being open source, the technology in MailScanner has been reviewed many times over by some of the best and brightest in the field of computer security from around the world. MailScanner supports a wide range of MTAs and virus scanners to include the popular open source Clam AV. Spam detection is accomplished via SpamAssassin, which is by far the most popular and standardized spam detection engine.
Note: There is not a native UI, however a UI (Mailborder) can be installed to accompany the engine. Mailborder is a web-based GUI that provides complete installation and configuration of MailScanner for single node and clustered installations. Mailborder provides a free Community Edition, a Small Business Edition, and an Enterprise Edition with premium support and extended capabilities, such as a customer portal. Mailborder is maintained by Jerry Benton, the lead developer of the MailScanner project.
Valkyrie analysis systems consist of multiple techniques to ensure each and every file submitted is analyzed thoroughly before providing the verdict. In order to do that Valkyrie deploys two types of technologies - Automatic analysis and Human Expert analysis. The techniques used for automatic analysis include Static Analysis, Dynamic Analysis, Valkyrie Plugins and Embedded Detectors, Signature Based Detection, Trusted Vendor and Certificate Validation, Reputation System and Big Data VirusScope Analysis System.
Static Analysis Dynamic Analysis Valkyrie Plugins and Embedded Detectors Signature Based Detection Trusted Vendor and Certificate Validation Reputation System Big Data VirusScope Analysis System Human Expert Analysis
Joe Sandbox detects and analyzes potential malicious files and URLs on Windows, Android, Mac OS, Linux, and iOS for suspicious activities. It performs deep malware analysis and generates comprehensive and detailed analysis reports.
Joe Sandbox is a multi-technology platform which uses instrumentation, simulation, hardware virtualization, hybrid and graph - static and dynamic analysis to deeply analyze malware. Rather than focus on one technology, Joe Sandbox combines the best parts of multiple techniques. This enables deep analysis, excellent detection and big evasion resistance.
This webpage is a free malware analysis service powered by Payload Security that detects and analyzes unknown threats using a unique Hybrid Analysis technology.
Interactive malware hunting service. Any environments ready for live testing most type of threats. Without install. Without waiting.
Interactive online malware analysis service for dynamic and static research of most types of threats using any environments. Replaces a set of tools for research.
The service can be used for a convenient in-depth analysis of new (unidentified) malicious objects, as well as for the investigation of cyber incidentals.
Reverss can analyze executables, URLs and PCAP files. It also show statistical data about found infections and the affected countries.
You can send the samples anonymously or logged in with Google to scan it privately.
malwares.com is a service to analyze various advanced, new-born, mutated malicious codes and URLs. You can upload any suspicious files and URLs through desktop or mobile device to check whether malicious or not.
AVCaesar is a malware analysis engine and repository, developed by malware.lu within the FP7 project CockpitCI.
AVCaesar can be used to: Perform an efficient malware analysis of suspicious files based on the results of a set of antivirus solutions, bundled together to reach the highest possible probability to detect potential malware; Search for malware samples in a progressively increasing malware repository. The basic functionalities can be extended by: Download malware samples (15 samples/day for registered users and 100 samples/day for premium users); Perform confidential malware analysis (reserved to premium users)
Malware analysis process
The malware analysis process is kept as easy and intuitive as possible for AVCaesar users: Submit suspicious file via AVCaesar web interface. Premium users can choose to perform a confidential analysis. Receive a well-structured malware analysis report.
A tool to block viruses in USB flash/disk from auto-running. When a USB disk is inserted, this tool not only locks the "autorun.inf" file, but also locks all the autorun-related virus and other suspicious files.
Protects PC against viruses from infected removable drives.
Shiela USB Shield (formely Shiela Rescue Shield) is a powerful first line defense against virus from infected removable drives. it locks autorun.inf and associate executable files in multiple instance, Delete/Freeze the shortcut file or clone file, and restores the original automatically. Features: Absolutely free, Open source, Lightweight and fast, Full first-line protection against virus, Automatic file fixing for the files affected by a virus, Multiple locking of autorun.inf and its associate executable file, USB write protection and USB mass storage control, Includes USB vaccination tool, Equipped with file and folder unhiding tool
Malice's mission is to be a free open source version of VirusTotal that anyone can use at any scale from an independent researcher to a fortune 500 company. VirusTotal Wanna Be - Now with 100% more Hipster. Contribute to maliceio/malice development by creating an account on GitHub.
AdwCleaner is an easy-to-use OS security utility that allows you to get rid of adware on your computer in seconds, by quickly scanning the system.
The program detects and brings to light any adware, PUP / LPI (Potentially Unwanted Software), toolbars and programs that gain control over your computer.
The program interface and ease of use deserve attention. You do not need to install anything, just double-click on the application icon and the program is ready to use. Another click - and your computer may forget about unwanted programs.
AdwCleaner will greatly improve the security of your computer. Download the program and write it to your flash drive. Using AdwCleaner you will save the computer from many problems.
Kaspersky Virus Removal Tool is a free software intended to disinfect infected computers, removing viruses, Trojans, and spyware, as well as any other types of malware. Kaspersky Virus Removal Tool 2011 uses the same highly efficient algorithms for detecting malware as Kaspersky Anti-Virus. Algorithms include a full-functional anti-virus scanner, technologies developed for detecting vulnerabilities in installed applications and operating systems, and a technology for running scripts intended for removing complex and compound viruses. The utility can be used as a free anti-virus software.
Kaspersky Virus Removal Tool is not intended for real-time protection of computer. After the disinfection of the computer is complete, the application should be uninstalled from the hard drive and replaced with the real-time protection anti-virus:
Simple tool to configure Windows Filtering Platform (WFP) which can configure network activity on your computer.
The lightweight application is less than a megabyte, and it is compatible with Windows Vista and higher operating systems. You can download either the installer or portable version. For correct working, need administrator rights.
- Simple interface without annoying pop ups.
- Rules editor (create your own rules).
- Internal blocklist rules (block Windows spy / telemetry).
- Dropped packets information with notification and logging to a file feature (win7+).
- Allowed packets information with logging to a file feature (win8+).
- Windows Subsystem for Linux (WSL) support (win10).
- Windows Store support (win8+).
- Windows services support.
- Free and open source.
- Localization support.
- IPv6 support.
Gufw is an easy, intuitive way to manage your Linux firewall. It supports common tasks such as allowing or blocking pre-configured, common p2p, or individual ports port(s), and many others! Gufw is powered by Uncomplicated Firewall (ufw).
"Download Virus Checker" provides automatic check for all your downloads through 68 online anti-virus solutions. Basically the extension sends your download link to VirusTotal service and wait for its response. If number of positive responses is over defined number (default is 3), a warning window pops-up with information about the link. A complete list of scan reports provided in this window as well. image
Features • Very powerful and reliable virus scanner • No user-action is required • Only bring your attention when the downloaded or still downloading link is suspicious
Linux Malware Detect (LMD) is a malware scanner for Linux released under the GNU GPLv2 license, that is designed around the threats faced in shared hosted environments. It uses threat data from network edge intrusion detection systems to extract malware that is actively being used in attacks and generates signatures for detection. In addition, threat data is also derived from user submissions with the LMD checkout feature and from malware community resources. The signatures that LMD uses are MD5 file hashes and HEX pattern matches, they are also easily exported to any number of detection tools such as ClamAV.
The driving force behind LMD is that there is currently limited availability of open source/restriction free tools for Linux systems that focus on malware detection and more important that get it right. Many of the AV products that perform malware detection on Linux have a very poor track record of detecting threats, especially those targeted at shared hosted environments.
KicomAV is an open source (GPL v2) antivirus engine designed for detecting malware and disinfecting it. In fact, Since 1995, it has been written in C/C++ and it was integrated into the ViRobot engine of HAURI, 1998. I decided to re-create a new KicomAV. So, this is developed in Python. Anyone can participate in the development easily.
Security Onion is a free and open source Linux distribution for intrusion detection, enterprise security monitoring, and log management. It includes Elasticsearch, Logstash, Kibana, Snort, Suricata, Zeek (formerly known as Bro), Wazuh, Sguil, Squert, CyberChef, NetworkMiner, and many other security tools. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes!
AIDE (Advanced Intrusion Detection Environment) is a file and directory integrity checker.
It creates a database from the regular expression rules that it finds from the config file(s). Once this database is initialized it can be used to verify the integrity of the files. It has several message digest algorithms (see below) that are used to check the integrity of the file. All of the usual file attributes can also be checked for inconsistencies. It can read databases from older or newer versions.
Open Source Tripwire software is a security and data integrity tool useful for monitoring and alerting on specific file change(s) on a range of systems.
The Samhain host-based intrusion detection system (HIDS) provides file integrity checking and log file monitoring/analysis, as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes.
Samhain been designed to monitor multiple hosts with potentially different operating systems, providing centralized logging and maintenance, although it can also be used as standalone application on a single host.
Samhain is an open-source multiplatform application for POSIX systems (Unix, Linux, Cygwin/Windows).
Grsecurity® is an extensive security enhancement to the Linux kernel that defends against a wide range of security threats through intelligent access control, memory corruption-based exploit prevention, and a host of other system hardening that generally require no configuration.
It has been actively developed and maintained for the past 17 years. Commercial support for grsecurity is available through Open Source Security, Inc.
osquery is an operating system instrumentation framework for Windows, OS X (macOS), Linux, and FreeBSD. The tools make low-level operating system analytics and monitoring both performant and intuitive.
osquery exposes an operating system as a high-performance relational database. This allows you to write SQL queries to explore operating system data. With osquery, SQL tables represent abstract concepts such as running processes, loaded kernel modules, open network connections, browser plugins, hardware events or file hashes.
Maltrail is a malicious traffic detection system, utilizing publicly available (black)lists containing malicious and/or generally suspicious trails, along with static trails compiled from various AV reports and custom user defined lists, where trail can be anything from domain name (e.g. zvpprsensinaix.com for Banjori malware), URL (e.g. hXXp://184.108.40.206/harsh02.exe for known malicious executable), IP address (e.g. 220.127.116.11 for known attacker) or HTTP User-Agent header value (e.g. sqlmap for automatic SQL injection and database takeover tool). Also, it uses (optional) advanced heuristic mechanisms that can help in discovery of unknown threats (e.g. new malware).
PacketFence is a Free and Open Source network access control (NAC) system. PacketFence is actively maintained and has been deployed in numerous large-scale institutions over the past years. It can be used to effectively secure networks - from small to very large heterogeneous networks.
Vistumbler is a wireless network scanner and mapping utility designed for Windows Vista and above
Find Wireless access points - Uses the Vista command 'netsh wlan show networks mode=bssid' to get wireless information GPS Support Export/Import access points from Vistumbler TXT/VS1/VSZ or Netstumbler TXT/Text NS1 Export access point GPS locations to a google earth kml file or GPX(GPS eXchange format) Live Google Earth Tracking - Auto KML automatically shows access points in google earth. Speaks Signal Strength using sound files, windows sound api, or MIDI Open Source (GPLv2 License / Written in AutoIt Scripting Language) Importable databases from Kismet and WigleWiFi
amavisd-new is a high-performance interface between mailer (MTA) and content checkers: virus scanners, and/or SpamAssassin. It is written in Perl for maintainability, without paying a significant price for speed. It talks to MTA via (E)SMTP or LMTP, or by using helper programs.
Sysdig is open source, system-level exploration: capture system state and activity from a running Linux instance, then save, filter and analyze. Think of it as strace + tcpdump + lsof + awesome sauce. With a little Lua cherry on top.
SHADE Sandbox is an alternative for antivirus and a tool for virtualization. It locally virtualizes applications (i.e. internet browsers) and locks all incoming internet files and possible viruses in its safe virtual environment - a “sandbox”, keeping them isolated from the Operating System to maintain it clean from malware.