Endpoint Defense

Defensive technologies that install directly on the endpoint (machine)


Beamgun is an open-source Windows application that mitigates against rogue USB devices. Beamgun runs in the background of your Windows PC and listens for USB device insertions. When a USB keyboard device is plugged in, Beamgun blocks all keystrokes until it is reset. If a USB Lan adapter is plugged in, it is disabled. It also has an option to disable USB Mass Storage devices.

Beamgun was designed specifically with Rubber Duckies, LAN Turtles, and PoisonTaps in mind.


Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF and its supporting vendors.


Kismet is a wireless network detector, sniffer, and intrusion detection system. Kismet works predominately with Wi-Fi (IEEE 802.11) networks, but can be expanded via plug-ins to handle other network types.

802.11 sniffing
Standard PCAP logging (compatible with Wireshark, TCPDump, etc)
Client/Server modular architecture
Plug-in architecture to expand core features
Multiple capture source support
Live export of packets to other tools via tun/tap virtual interfaces
Distributed remote sniffing via light-weight remote capture
XML output for integration with other tools


Orchid is a Tor client implementation and library written in pure Java.It was written from the Tor specification documents, Orchid runs on Java 5+ and the Android devices.

How can Orchid be used?
In a basic use case, running Orchid will open a SOCKS5 listener which can be used as a standalone client where Tor would otherwise be used.

Orchid can also be used as a library by any application running on the JVM. This is what Orchid was really designed for and this is the recommended way to use it. Orchid can be used as a library in any Java application, or any application written in a language that compiles bytecode that will run on the Java virtual machine, e.g., JRuby, Clojure, Scala..


Climber is an automated auditing tool to check UNIX/Linux systems misconfigurations which may allow local privilege escalation.

python >= 2.7

Climber needs Exscript, a Python module and a template processor for automating network connections over protocols such as Telnet or SSH.


This module is already included in Climber sources.


SSHeater is a program that infects the OpenSSH daemon in run-time in order to log all future sessions and implement a backdoor where a single password, chosen by the user, can log into all accounts in the system. There's a log parser included in the package that can display authentication information about sessions as well as play the session just like TTYrec/play.

Lazy-Kali Bash Script

Lazy-Kali Bash Script:
A bash script for when you feel lazy.
Adds quite a few tools to Kali Linux.

Bleeding Edge Repos
AngryIP Scanner
Nautilus Open Terminal
... and more!

Lazy-Kali will also update Kali, Start Metaploit Services, Start Stop And Update Open-Vas
This is the first version, script is self updating so more will be added in a short time. Will try to add requested features.

# LazyKali by Reaperz73
# Just made this for when I feel lazy
# Installs quite a few extras to a Fresh Kali:)
# questions comments or request email me @:
# [email protected]


Author: x90c
Designed the syswatch LKM that host-based intrusion protection
system that LKM in 2004-2005. It's a linux kernel protection to
support userland security from kernelland. The LKM protects race
condtion bug ptrace, gain root shell, chroot break, socketcall
listen ACL

the LKM support to protect general hacking attacks on userland, for
instance buffer overflow, heap overflow, and other local privilege
escalation exploits to gain root shell

I also tested isec's linux kernel exploits within do_brk exploit to be
protected by the LKM. It protected as well. In the meantime, the kernel
exploits are favorite to the script kiddies in the underground

The design goal is -to reduce the linux boxes security risk
via protect all general hacking attacks, to make the linux boxes
similar with secure OS

STEP 1) MySQL Server Install..
STEP 2) Create Databases of "syswatch"
STEP 3) Editing Source
root@testbed:~/wrap_en# ls
CHANGELOG README bin inst syswatch.c
root@testbed:~/wrap_en# cd bin
root@testbed:~/wrap_en/bin# ls
build_ldev drop_db.c logmon.c lshack.c make_db.c start

root@testbed:~/wrap_en/bin# head -n 4 drop_db.c
#define DB_HOST ""
#define DB_USER "root"
#define DB_PASS "1234"
#define DB_NAME "syswatch"

root@testbed:~/wrap_en/bin# head -n 4 lshack.c
#define DB_HOST ""
#define DB_USER "root"
#define DB_PASS "1234"
#define DB_NAME "syswatch"

root@testbed:~/wrap_en/bin# head -n 4 make_db.c
#define DB_HOST ""
#define DB_USER "root"
#define DB_PASS "1234"
#define DB_NAME "syswatch"

Editing DB information..

STEP 4) Mysqld start..

root@testbed:~/wrap_en# mysqld &
[1] 509
root@testbed:~/wrap_en# Starting mysqld daemon with databases from /usr/local/mysql/data


Lynis is an auditing tool for Unix/Linux. It performs a security scan and determines the hardening state of the machine. Any detected security issues will be provided in the form of a suggestion or warning. Beside security related information it will also scan for general system information, installed packages and possible configuration errors.

This software aims in assisting automated auditing, hardening, software patch management, vulnerability and malware scanning of Unix/Linux based systems. It can be run without prior installation, so inclusion on read only storage is possible (USB stick, cd/dvd).

Lynis assists auditors in performing Basel II, GLBA, HIPAA, PCI DSS and SOx (Sarbanes-Oxley) compliance audits.

Using Lynis : Basics
To run Lynis you should meet a few requirements:
- You have to be root (log in as normal user, su to root)
or have equivalent rights (for example by using sudo).
- Have write access to /var/log (for using a log/debug and report file)
- Have write access to /tmp (temporary files)

Depending on the installation or the path you run Lynis from, you can start it with 'lynis' (if installed and the file is available in
your binary path) or 'sh lynis' or './lynis'.

Without parameters, Lynis will give you a valid list of parameters and return back to the shell prompt. At least the '-c' (--check-all) parameter is needed, to start the scan process.

- For the update check, outgoing DNS requests should be allowed. Lynis will try to query a TXT record (for example lynis-lv.rootkit.nl).
- Lynis needs write access to /var/log/lynis.log (unless logging is disabled, which disables debugging information as well).

--auditor "Given name Surname"
Assign an auditor name to the audit (report)
Start the check
Check if Lynis is up-to-date
Run Lynis as cronjob (includes -c -Q)
Shows valid parameters
View man page


Grabber is a web application scanner. Basically it detects some kind of vulnerabilities in your website.
Grabber is simple, not fast but portable and really adaptable. This software is designed to scan small websites such as personals, forums etc. absolutely not big application: it would take too long time and flood your network.

author: Romain Gaucher
website: http://rgaucher.info/beta/grabber
email: [email protected]

Current features
Because it's a small tool, the set of vulnerabilities is small...
- Cross-Site Scripting
- SQL Injection (there is also a special Blind SQL Injection module)
- File Inclusion
- Backup files check
- Simple AJAX check (parse every JavaScript and get the URL and try to get the parameters)
- Hybrid analysis/Crystal ball testing for PHP application using PHP-SAT
- JavaScript source code analyzer: Evaluation of the quality/correctness of the JavaScript with JavaScript Lint
- Generation of a file [session_id, time(t)] for next stats analysis.

How do I use Grabber ?

You have a main script grabber.py which execute the modules (xss.py, sql.py, etc.).
Download Grabber
Download Grabber
The executable version produced by py2exe
Source code
For using Grabber you only need Python 2.4, BeautifulSoup and PyXML. You can download the packages on the websites given above.
You can configure the run with a configuration file like this:

Then launch the grabber.py script.
Or you can use the command line parameters:
$ python grabber.py --spider 1 --sql --xss --url

The two configuration are equivalents.
What you need to know ?

Syndicate content