Script
Name |
Description |
D/L
Count |
Apache2Dot.pl |
This script reads Apache web server logs and generates
dot files usable in GraphViz. |
|
avParser.pl |
This script reads Symantec A/V logs in syslog format and
converts to CSV for processing with visualization tools like Advisor
Analyst. |
|
avStats.pl |
This script reads Symantec A/V logs in syslog format and
generates a report of most infected hosts by day. Very handy
for locating 'Infested machines'. |
|
CleanTree.pl |
This is a temp directory scrubber for the paranoid. |
|
DiskUsage.pl |
This script is handy when trying to get a handle on
network disk space and who is burning it up. |
|
IpWatchdog.pl |
If you are having trouble managing networks with DHCP
ranges
or just want to know what IP addresses are really being used, this
script can help by ping sweeping your network and keeping track of what
is out there. |
|
LDAPDump.pl |
This is a simple perl wrapper for extracting data from
LDAP |
|
LogActiveX.pl |
This is a wrapper script for tcpflow
that will tell you who is using ActiveX on your network. It
is
handy to get a handle on what business related sides require ActiveX so
you can give them the bad news before you start blocking it at the
perimeter. |
|
LogBrowser.pl |
This is a wrapper script for tcpflow
that tracks the browser strings. This can be helpful in identifying
malicious software |
|
LogReporter.c
reporter.exe
|
Sucks host and user information out of a Windows system
and sends it to a syslog server. Very handy in a login
script. If you don't feel like compiling it yourself
(reporter.exe
MD5=5dce36f029a1c667198bfba12b260473) |
|
MyDoomCommander.pl |
While doing some malware analysis of MyDoom I put
together a primitive control program |
|
MytoborIRC.pl |
An effective way to supress BOT systems that depend on
IRC for command and control, is to hyjack that C&C |
|
OspfParser.pl |
Tired of scanning your entire class-b network with
nmap?
Why not just dump your routing table and use this script to
make
an nmap friendly network list. |
|
PassPolicyCheck.pl |
This script reads in John the Ripper crack reports and
generates a pretty report based on a generic password policy. |
|
pwMarkov.pl | This script reads a list of passwords and generates derivative passwords using Markov chains. | |
SnmpInventory.pl |
Collect and process SNMP data |
|
SortDict.pl |
This script will sort your password dictionaries from
weakest to strongest. |
|
SysAudit.pl |
This overly complex script will generate handy report
of a
Sun Solaris box that can be used to auditing or configuration tracking. |
|
SyslogMailStatFilter.pl |
This script will chew on syslog from you mail relays
and tell you all kinds of interesting things. |
|
TarPitMonitor.pl |
Everyone should go out and buy a Soekris box and
build a tarpit!
This script will let you know when someone is spanking your
network. |
|
vmd.c |
The volume monitor daemon (vmd) is the poor mans
removable
drive monitoring tool for OS/X. It won't stop the bad guys
from copying
all of your data onto their iPod, but it will prove that they did it. |
|