These three tools build Checkpoint, Cisco ASA or Netscreen policys from logfiles. They write dbedit, access-list or set address, set service and set policy commands for the traffic seen in the logs, that can be cut and pasted into the firewalls. WOOT
Feature
- Build Checkpoint FW-1 policies from exported logs and output in DBEDIT format
- Build Netscreen policies from syslog and output in ScreenOS 6 format
- Build Cisco ASA ACL's from syslog and output in access-list format
- Cut and paste the commands output into the firewall to create a policy
- Or output the rules in CSV format to cross check them (Netscreen, Checkpoint)
- .
- Baseline a test network and build a policy for the test firewall in one command!!
- Close open or 'test' rules and secure management connections
- Cross check traffic is seen on the correct interfaces
- Two filters each of which can filter against any part of the log entry
- Names resolved in the logs are used in policies but no object cmds are output
- Rename ACL's and use the access group statements to filter further (Cisco)
- Easy method of ignoring headers added by syslog servers
- .
- FW-1: EASY TO EXECUTE ./choot logexport.log CMD Policy filter1 filter2
- DBEDIT cmd = Build rules and objects and output in DBEDIT format
- - DBEDIT mode requires a policy name before the filters.
- CSV cmd = Build rules and objects and output in CSV format
- DEBUG cmd = Output more verbose information - each entry grep | awk ...
- .
- CISCO: EASY TO EXECUTE ./woot logfile CMDorACL filter1 filter2
- SRCINT cmd = use the source interface as the ACL name
- ACLNAME cmd = use access-gr cmds in file ACLNAME in same dir as woot
- DEBUG cmd = Output more verbose information - each entry ... | sort -u etc
- A name, an Access list name of your choice to which all ACE's will be assigned
- .
- NETSCREEN: EASY TO EXECUTE ./nwoot logfile CMD filter1 filter2
- ZONE cmd = Build Rules and objects and output in Netscreen ScreenOS format
- CSV cmd = Build Rules and objects and output in CSV format
- DEBUG cmd = Output more verbose information - each entry grep | wc -l etc
- .
- CHECKPOINT FW-1 EXAMPLE COMMANDS:
- ./choot logexport.log DBEDIT PolicyName eth2c0 161
- ./choot logexport.log CSV ServerName domain-udp
- ./choot logexport.log DEBUG 10.0.0 eth1c0
- or just
- ./choot logexport.log DBEDIT PolicyName
- ...if you want a policy built for all traffic seen
- .
- CISCO EXAMPLE COMMANDS:
- cat access-groups-from-asa > ACLNAME
- ./woot ASA.log ACLNAME 10.10. \/53
- ./woot ASA.log SRCINT 12:01 10.10.10
- ./woot ASA.log testaclname 10.50. 10.10.10
- ./woot ASA.log DEBUG ServerName12 \/443
- or just
- ./woot ASA.log ACLNAME
- ...if you want all access lists built for all access group statements
- .
- NETSCREEN EXAMPLE COMMANDS:
- ./nwoot Netscreen.log DEBUG 10.10. dst_port=53
- ./nwoot Netscreen.log ZONE 12:01 ServerName
- ./nwoot Netscreen.log CSV ZoneName 443
- or just
- ./nwoot Netscreen.log ZONE
- ...if you want all policys built for all zones
- .
- !! I DONT RECOMMEND YOU USE THESE TOOLS ANYWHERE !! WOOT !!
- .
- WRITTEN IN SIMPLE Perl - NEEDS ONLY STANDARD MODULES
360-FAAR Firewall Analysis Audit Repair
360-FAAR (Firewall Analysis Audit and Repair) is an offline, command line, Perl firewall policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in Checkpoint dbedit, Cisco ASA or ScreenOS commands, and its one file!
Read Policy and Logs .........
Port Groper
Port Groper is an open source denial of service tool written in Java. It works by using proxies as bots.
Typical Port Groper Usage:
1. Can be used to benchmark firewalls for IP banning of DoS attacks to a specific port.
2. Can be used to distort website tracking information (such as Google Analytic.........
myAuxiliary.rb
This auxiliary module needs [metasploit] framework installed..
This module its a metasploit post-exploitation (after the targets get's exploited) auxiliary script,
so we need to exploit a target first in order to use it.
Affected platforms:
Windows OS
(all versions above windows vista)
Read my WIK.........
TRAK Metamodel
The definition of the metamodel for TRAK (defines allowed AD elements and relationships i.e. tuples/ triples for the TRAK viewpoints and views). TRAK is a general systems-thinkers'/system engineering enterprise architecture framework. It is simple, user-friendly, pragmatic and not limited to IT....
Z4 Phreak Tools 2.5
What's new in version 2.5?
- Fixed load profiles proxifier
- Add Create new profile Dial-Up (Right click on list profile Net Conn)
- Add Copy Profile, Rename, Delete, set as Default connection Dial-Up
- Add more properties network
- Add Change directory config
- Change import config to Load config
-.........
Scrollout F1
• Designed for Linux and Windows email system administrators, Scrollout F1 is an easy to use, already adjusted email firewall (gateway) offering free anti-spam and anti-virus protection aiming to secure existing email servers, old or new, such as Microsoft Exchange, Lotus Domino, Postfix, Exim, Send.........
Moqui Framework
Moqui Framework is a seamlessly integrated, enterprise-ready framework for building enterprise automation applications based on Java. It includes tools for database interaction (relational, graph, document), logic in local and web services, web and other UI with screens and forms, security, file/res.........
vboxsvc - VirtualBox SMF service wrapper
SMF service wrapper for Sun/Oracle VirtualBox under Sun/Oracle Solaris 10 and OpenSolaris builds (including OpenIndiana and illumos).
Detailed project description is available in the README file: http://vboxsvc.svn.sourceforge.net/viewvc/vboxsvc/usr/share/doc/vboxsvc/README-vboxsvc.txt
Discuss an.........
3proxy tiny free proxy server
Universal freeware proxy server with HTTP, HTTPS, SOCKS v4, SOCKS v4a, SOCKS v5, FTP, POP3, UDP and TCP portmapping, access control, bandwith control, traffic limitation and accounting based on username, client IP, target IP, day time, day of week, etc....
Anti-Spam SMTP Proxy Server
The Anti-Spam SMTP Proxy (ASSP) Server project aims to create an open source platform-independent SMTP Proxy server which implements auto-whitelists, self learning Bayesian, Greylisting, DNSBL, DNSWL, URIBL, SPF, SRS, Backscatter, Virus scanning, attachment blocking, Senderbase and multiple other fi.........
