Dave Bullock / eecue

photographer, director of engineering: crowdrise, photojournalist, hacker, nerd, geek, human

snarl 0.0.1a released

snarl is a bootable forensics ISO based on FreeBSD and using @stake's autopsy and task as well as scmoo's list of known good checksums.

read on for instructions

once you boot the iso just log in as root there is no password.

you will boot into a dialog driven menu. select the first option and choose the checksum set for the OS you are auditing. this will convert the schmoo checksum database into a format that autopsy understands.

then select the second option. this will configure and start autopsy.

then select the third option and links will be launched browsing the autopsy page.

you can also select exit and use the large collection of security related ports:

Hermes-1.3.2 Fast pixel formats conversion library
LaBrea-2.3 Defense mechanism against CodeRed
Mesa-3.4.2_2 A graphics library similar to SGI's OpenGL
XFree86-4.2.0_1,1 X11/XFree86 core distribution (complete, using mini/meta-po
XFree86-FontServer-4.2.0 XFree86-4 Font Server
XFree86-Server-4.2.1_3 XFree86-4 X server and related programs
XFree86-clients-4.2.1_1 XFree86-4 Client environments
XFree86-documents-4.2.0 XFree86-4 Document Files
XFree86-font100dpi-4.2.0 XFree86-4 bitmap 100 dpi fonts
XFree86-font75dpi-4.2.0 XFree86-4 bitmap 75 dpi fonts
XFree86-fontCyrillic-4.2.0_4 XFree86-4 Cyrillic Fonts
XFree86-fontDefaultBitmaps-4.2.0 XFree86-4 default bitmap fonts
XFree86-fontEncodings-4.2.0 XFree86-4 font encoding files
XFree86-fontScalable-4.2.0 XFree86-4 Scalable font files
XFree86-libraries-4.2.1_1 XFree86-4 include/(shared) library kit
aafid2-0.10 A distributed monitoring and intrusion detection system
adodb-1.90 A database library for PHP4
aescrypt-0.7 A command-line AES encryption/decryption suite
aide-0.7_1 A replacement and extension for Tripwire
analog-5.24,1 An extremely fast program for analysing WWW logfiles
apache-1.3.27 The extremely popular Apache http server. Very fast, very
apg-2.1.0 An automated password generator
argus-2.0.5 A generic IP network transaction auditing tool
arirang-1.6,1 Powerful webserver security scanner
arts++-1-1-a8_1 A network data storage and analysis library from CAIDA
audit-1.0 Tools for remote and centralized audit data collection
authforce-0.9.6 HTTP authentication brute forcer
autoconf-2.53_1 Automatically configure source code on many Un*x platforms
autoconf213-2.13.000227_2 Automatically configure source code on many Un*x platforms
autopsy-1.70 Autopsy - @Stake's Forensics Toolkit
avcheck-0.9 A simple antivirus solution for a mail system
bash-2.05b.004 The GNU Bourne Again Shell
bcwipe-0.2.4 BCWipe securely erase data from magnetic and solid-state me
beecrypt-2.1.0 BeeCrypt is an open source cryptography library
bfbtester-2.0.1 A security tool for testing binaries for overflows
biew-5.3.2 Binary vIEWer + editor for binary, hexadecimal and dis-asm
bison-1.35_1 A parser generator from FSF, (mostly) compatible with Yacc
bjorb-0.5.5p1 Secure TCP relay software with SSL
boclient-1.21 Client program for the Back Orifice Windows program
borzoi-1.0.1 An Elliptic Curve Cryptography Library
botan-1.0.1_1 A portable, easy to use, and efficient C++ crypto library
bounce-1.0 Bounce tcp connections to another machine/port
bsd-airtools-0.2 BSD Wireless Scanning Tools
c-nocem-3.6 NoCeM for C News and INN
ca-roots-1.0_1 A list of SSL CA root certificates
calife-2.8.4d A lightweight alternative to sudo
ccrypt-1.2_1 A command-line utility for encrypting and decrypting files
cdroot-1.2.5 Scripts to automate setting up a bootable CD-ROM based Free
cflowd-2-1-b1_5 Flow analysis tool used for analyzing Cisco's NetFlow switc
cfs-1.4.1 A cryptographic file system implemented as a user-space NFS
cfv-1.10 Utility to both test and create .sfv, .csv and md5sum files
cgiwrap-3.7.1_1 Securely execute ~user CGI scripts
chkrootkit-0.36 A tool to locally check for signs of a rootkit
chrootuid-1.3 A simple wrapper that combines chroot(8) and su(1) into on
cksfv-1.3 Create or manipulate Simple File Verification (SFV) checksu
clog-1.6 Tcp connection logger daemon
cops-1.04 A system secureness checker
crack-5.0 The "Sensible" Unix Password Cracker
cracklib-2.7_1 Password-checking library
crank-0.2.1 CRyptANalysis toolKit
cryptopp-4.1 A free C++ class library of cryptographic schemes
curl-7.9.8 Non-interactive tool to get files from FTP, GOPHER, HTTP(S)
cvsup-16.1f General network file distribution system optimized for CVS
cvsup-without-gui-16.1f General network file distribution system optimized for CVS
cvsupit-3.1 CVSup installation and setup front-end package (16.1 / GUI
ddos_scan-1.6 Scans for a limited set of distributed denial of service ag
despoof-0.9 Command-line anti-spoofing detection utility
digest-20010807_2 MD5/SHA-1/RIPEMD-160 checksumming utility
donkey-0.5 An alternative for S/KEY's key command
drweb-4.28.2_1 DrWeb antivirus suite
dsniff-2.3 Various sniffing utilities for penetration testing
dumpasn1-20011018 Dumps the contents of an ASN.1 encoded file, e.g. an SSL ce
ettercap-0.6.9 A network sniffer/interceptor/injector/logger for switched
expat-1.95.5 XML 1.0 parser written in C
find_ddos-4.2 Scans a host filesystem for distributed denial of service p
find_zlib-1.9 Scans files for statically linked zlib (libz) code
firewalk-1.0 A network auditing tool
flawfinder-1.01 Examines source code looking for security weaknesses
flowscan-1.006_5 Processes IP flows recorded in cflowd-format raw flow files
fragroute-1.2_1 A tool for intercepting, modifying and rewriting egress tra
fragrouter-1.6 Tool for testing network IDS implementations
freetype2-2.1.2 A free and portable TrueType font rendering engine
fuzz-0.6 Tool for testing software by bombarding the program with ra
fwanalog-0.6.1 A firewall log summarizer that uses Analog
gag-2.9 A stacheldraht (DOS attack) agent detector
gd-1.8.4_6 A graphics library for fast image creation
gettext-0.11.5_1 GNU gettext package
glib-1.2.10_7 Some useful routines of C programming (previous stable vers
gmake-3.79.1_3 GNU version of 'make' utility
gnupg-1.0.7 The GNU Privacy Guard
gpa-0.4.3 This is a graphical frontend for the GNU Privacy Guard
gtk-1.2.10_8 Gimp Toolkit for X11 GUI (previous stable version)
guile-1.4.1_2 GNU's Ubiquitous Intelligent Language for Extension
hafiye-1.0 Multi Platform Customizable TCP/IP Packet Sniffer
hashish-0.4b A file and string hashing utility
help2man-1.26 Automatically generating simple manual pages from program o
hping-2.0.0r1_1,1 Network auditing tool
imake-4.2.0_1 Imake and other utilities from XFree86
integrit-3.02.00 Integrit is a file integrity verification programs
iplog-2.2.3_1 TCP/IP traffic logging tool
john-1.6 Featureful Unix password cracker
jpeg-6b_1 IJG's jpeg compression utilities
l0pht-watch-1.1 A program to report on what goes on in /tmp
l0phtcrack-1.5 L0pht Heavy Industries' cracker for SAMBA or Windows NT pas
l5-1.2 File Integrity Assessment Tool
lcrzo-4.10 Lcrzo is a network library (used by Lcrzoex, network testin
lcrzoex-4.10 Lcrzoex contains over 300 functionnalities using network li
libdnet-1.4 A simple interface to level networking routines
libevent-0.4 Provides an API to execute callback functions on certain ev
libgmp-4.1_1 A free library for arbitrary precision arithmetic
libgnugetopt-1.2 GNU getopt library
libiconv-1.8_1 A character set conversion library
libmcrypt-2.5.3 Multi-cipher cryptographic library (used in PHP3)
libnet-1.0.2a A C library for creating IP packets
libnids-1.16_1 Network monitoring library with TCP/IP reassembly
libparanoia-1.4_1 Safe (in the mean of stack smashing) reincarnation of strcp
libtool-1.3.4_4 Generic shared library support script
libungif-4.1.0b1 Tools and library routines for working with GIF images
libxml2-2.4.24 Xml parser library for GNOME
libxslt-1.0.20 The XSLT C library for GNOME
links-2.0_1,1 Lynx-like text WWW browser
livecd-1.2.2 Tool Set to create custom FreeBSD LiveCD
logcheck-1.1.1 Auditing tool for system logs on Unix boxes
lxnb-0.4 NetBus client
lynx-2.8.4.1c A non-graphical, text-based World-Wide Web client
lzo-1.08_1 Portable speedy, lossless data compression library
m4-1.4_1 GNU's m4
mdcrack-1.2 Bruteforce password MD5 hashes
mhash-0.8.14 Library provides an easy way to access strong hashes such a
mkisofs-1.15.a27 Create iso9660/Rock Ridge/Joliet filesystems
mod_php4-4.2.3 PHP4 module for Apache
mysql-client-3.23.52 Multithreaded SQL database (client)
nbaudit-1.0 NetBIOS Auditing Tool / Security Kit
nbtscan-1.0.2 NetBIOS name network scanner
nemesis-1.32 Command-line UNIX network packet creation and injection sui
nessus-1.2.5 A security scanner: looks for vulnerabilities in a given ne
nessus-libnasl-1.2.5 Nessus Attack Scripting Language
nessus-libraries-1.2.5 Libraries for Nessus, the security scanner
nessus-plugins-1.2.5_1 Plugins for Nessus, the security scanner
net-snmp-5.0.3_2 An extendable SNMP implementation
netcat-1.10_1 Simple utility which reads and writes data across network c
netsed-0.01_1 Alters the contents of packets in real-time
ngrep-1.40.1 Network grep
nmap-3.00 Port scanning utility for large networks
ntl-5.3 Victor Shoup's Number Theory Library
openssl-0.9.6g SSL and crypto library
openvpn-1.3.0 Secure IP/Ethernet tunnel daemon
outguess-0.2 Steganographic tool
p5-Boulder-1.27 An API for hierarchical tag/value structures
p5-Cflow-1.051 Analyze raw flow files written by cflowd (Cisco NetFlow dat
p5-ConfigReader-0.5_1 Perl5 module to read directives from a configuration file
p5-DBI-1.28 The perl5 Database Interface. Required for DBD::* modules
p5-Data-ShowTable-3.3 Perl5 module to pretty-print arrays of data
p5-HTML-Table-1.15 Generate HTML tables for CGI scripts
p5-Mysql-modules-1.2216 Perl5 modules for accessing MySQL databases
p5-Net-Patricia-1.010 Perl module for fast IP address lookups
p5-String-CRC32-1.2 Perl interface for cyclic redundency check generation
p5-Time-101.062101 A collection of functions to convert and use time variables
p5-Tk-800.023 A re-port of a perl5 interface to Tk8.0p2
p5-XML-Parser-2.31_1 Perl extension interface to James Clark's XML parser, expat
pad-1.0.4,1 A command-line utility to encrypt files
pcsc-lite-1.1.1 A smartcard development library
pdksh-5.2.14p2 The Public Domain Korn Shell
perl-5.6.1_8 Practical Extraction and Report Language
pgpdump-0.17 PGP packet visualizer
php4-4.2.3 PHP4 commandline interpreter
pkgconfig-0.12.0 An utility used to retrieve information about installed lib
png-1.2.4 Library for manipulating PNG images
poc-1.2 Program for managing passwords on smartcards
py22-fchksum-1.6.1 find the checksum of files
python-2.2.1 An interpreted object-oriented programming language
radiusniff-0.2 Sniffer for RADIUS traffic
rain-1.2.9.b1 Rain is a packeting tool used for testing system stability
rats-2.0 Source code auditing tool
rid-1.0 Configurable remote distributed denial of service tool dete
rlytest-1.22 Test an SMTP host for third-party relay
rrdtool-1.0.39 Round Robin Database Tools
saint-3.4.11 Security Administrator's Integrated Network Tool
scanssh-1.60b Scanssh scans a subnet and reports the version of SSH insta
sing-1.1 Tool for sending customized ICMP packets
siphon-0.666 Passive host OS identifier using characteristics of sniffed
slurpie-2.0b A passwd file cracker (supports distributed nodes)
smurflog-2.1 A program to assist logging of smurf attacks
sniff-1.0 Program to sniff logins and passwords
sniffit-0.3.7b_1 A packet sniffer program. For educational use
snort-1.8.7 Lightweight network intrusion detection system
snort-rep-1.7 A Snort reporting tool that can produce text or HTML from l
snortsnarf-020516 Generate HTML report summaries from snort incident alerts
splint-3.0.1.6 A tool for statically checking sourcecode for security vuln
srm-1.2.2 Secure rm, a utility which destroys file contents before un
ssldump-0.9b3 SSLv3/TLS network protocol analyzer
stegdetect-0.5 An automated tool for detecting steganographic content in j
strobe-1.06 Fast scatter/gather TCP port scanner
subweb-1.0 SubWeb is a (reverse) proxy to inspect HTTP flows on the fl
task-1.60 Autopsy - @Stake's Forensics Toolkit
tcpshow-1.74 Decode tcpdump(1) output
tcptrace-6.0.0b2 A TCP dump file analysis tool
termlog-1.0.1 Monitor or log multiple system terminals synchronously (rea
tiff-3.5.7 Tools and library routines for working with TIFF images
towitoko-2.0.6 UNIX driver for Towitoko smartcard readers
trinokiller-1.0 Remotely kill trino nodes
unzip-5.50 List, test and extract compressed files in a ZIP archive
vlog-1.1f A curses based real-time logfile viewer esp. useful for ipf
vomit-0.2 Voice over misconfigured internet telephones
wget-1.8.2_1 Retrieve files from the 'net via HTTP and FTP
whisker-1.4_1 A sophisticated CGI (in)security scanner
windowmaker-0.80.1 GNUStep-compliant NeXTStep window manager clone
wmicons-1.0 Icons mainly for use in Window Maker
wrapper-1.0_2 Wrapper for XFree86-4 server
wxgtk-2.3.2_1 The wxWindows GUI toolkit with GTK+ bindings (unstable vers
xmlsec-0.0.9 XML Security Library
xprobe-0.0.1p1 ICMP active OS fingerprint scanner
zombiezapper-1.0 Send a terminate command to Trinoo/TFN/Stacheldracht DDoS a