"Тренируемся на кошках " Damn Vulnerable Linux (DVL)
офф сайт
https://www.damnvulnerablelinux.org
(нужна регистрация, после чего можно скачать дистрибутив "дырявого" linux'са)
более подробно на офф сайте
(!ресурс на анг. яз!)
##########################################
Damn Vulnerable Linux (DVL) is a Linux-based tool for IT-Security. It was initiated for training tasks during university lessons by the IITAC (International Institute for Training, Assessment, and Certification) and S²e - Secure Software Engineering in cooperation with the French Reverse Engineering Team. Visit their websites at http://www.iitac.org, http://www.Secure-Software-Engineering.com , and http://www.binary-reverser.org/ . Main authors are Univ.-Doz. Dr. Thorsten Schneider [IITAC, S²e] and Kryshaam [French Reverse Enginering Team].
##########################################
Дистрибутив, цель которого собрать в себе как можно больше программ с неисправленными проблемами безопасности. DVL - замечательная тестовая площадка для начинающих изучать проблемы безопасности и желающих обнаружить проблему самостоятельно (в состав дистрибутива входят разнообразные средства для отладки) или оценить в действии различные эксплоиты. Дистрибутив подготовлен несколькими преподавателями в качестве демонстрационного материала к лекциям.
------------------------------
Можно поставить виртуальный сервачек и тренироваться, испытывая на виртуальной тачке всякие ядо-химикаты без ущерба для здоровья
зы на сайте еще много всяких вкусностей туториалы и пр..

Miro for Linux 1.2.1 - Многоплатформенный мультимедийный плеер с опцией поиска и закачки видео с YouTube, Google Video, Yahoo Video, Blogdigger и других подобных сайтов. Имеется функция организации и управления мультимедийной коллекцией.



.....................

В Дебиане\Убунте давно в репозиторие есть.
sudo apt-get install miro

миро очь прикольная штука если инет скоростной, много интересного видео!
2 дня юзаю очь нравица

Burp Suite is an integrated platform for attacking and testing web applications. It contains the latest versions of all the Burp tools, including:
* Burp Proxy
* Burp Spider
* Burp Intruder
* Burp Repeater
* Burp Sequencer
* Burp Decoder
* Burp Comparer
All of the Suite tools are tightly integrated, with numerous interfaces designed to facilitate and speed up the process of attacking an application.
the use "/usr/bin/java -jar /usr/tools/burpsuite_v1.1.jar".
http://portswigger.net/suite/burpsuite_v1.1.tar.gz
---------------------------------------------------------------------
JBroFuzz is a stateless network protocol fuzzer that emerged from the needs of penetration testing. Written in Java, it allows for the identification of certain classess of security vulnerabilities, by means of creating malformed data and having the network protocol in question consume the data.
the use "/usr/bin/java -jar /usr/tools/jbrofuzz-08.jar".
http://sourceforge.net/projects/jbrofuzz
home http://www.owasp.org/index.php/Category:OWASP_JBroFuzz
-----------------------------------------------------------------------
onesixtyone -The SNMP protocol is a stateless, datagram oriented protocol. An SNMP scanner is a program that sends SNMP requests to multiple IP addresses, trying different community strings and waiting for a reply. Unfortunately SNMP servers don't respond to requests with invalid community strings and the underlying UDP protocol does not reliably report closed UDP ports. This means that 'no response' from the probed IP address can mean either of the following:
* machine unreachable
* SNMP server not running
* invalid community string
* the response datagram has not yet arrived

http://www.phreedom.org/solar/onesixtyone/
------------------------------------------------------------------------
WebScarab is a framework for analysing applications that communicate using the HTTP and HTTPS protocols. It is written in Java, and is thus portable to many platforms. WebScarab has several modes of operation, implemented by a number of plugins. In its most common usage, WebScarab operates as an intercepting proxy, allowing the operator to review and modify requests created by the browser before they are sent to the server, and to review and modify responses returned from the server before they are received by the browser. WebScarab is able to intercept both HTTP and HTTPS communication. The operator can also review the conversations (requests and responses) that have passed through WebScarab.
the use "/usr/bin/java -jar /usr/tools/webscarab.jar".
http://sourceforge.net/project/showfiles.php?group_id=64424&package_id=61823
home http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project
------------------------------------------------------------------------
w3af is a Web Application Attack and Audit Framework. w3af core and it's plugins are are fully written in =>> python. The project has more than 125 plugins, which check for sql injection, cross site scripting (xss), remote file inclusion and more.
http://w3af.sourceforge.net/
-----------------------------------------------------------------------
Yersinia is a network tool designed to take advantage of some weakeness in different network protocols. It pretends to be a solid framework for analyzing and testing the deployed networks and systems.
Currently, there are some network protocols implemented, but others are coming (tell us which one is your preferred). Attacks for the following network protocols are implemented (but of course you are free for implementing new ones):
* Spanning Tree Protocol (STP)
* Cisco Discovery Protocol (CDP)
* Dynamic Trunking Protocol (DTP)
* Dynamic Host Configuration Protocol (DHCP)
* Hot Standby Router Protocol (HSRP)
* IEEE 802.1Q
* IEEE 802.1X
* Inter-Switch Link Protocol (ISL)
* VLAN Trunking Protocol (VTP)
http://www.yersinia.net/
-----------------------------------------------------------------------
Xprobe2 allows you to determine what operating system is running on a
remote host. It sends several packets to a host and analyses the
returned answers.
Xprobe2's functionality is comparable to the OS fingerprinting feature
in nmap (written by a different Fyodor):
- Outputs its level of confidence about the OS on the remote host.
- Remains usable even if intermediate systems (routers, firewalls) make
slight modifications to the packets.
- Can list the type of intermediate device (e.g. "Linux IP masquerading").
- Modular architecture allows new fingerprinting tests and new OS
signatures to be added.
http://sys-security.com/blog/xprobe2/
----------------------------------------------------------------------
Netwox
Toolbox netwox helps to find and solve network problems.
It provides more than 200 tools :
- sniff, spoof
- clients, servers
- DNS, FTP, HTTP, IRC, NNTP, SMTP, SNMP, SYSLOG, TELNET, TFTP
- scan, ping traceroute
- etc.
http://www.laurentconstantin.com/en/netw/netwox/
-----------------------------------------------------------------------
Nast
Can sniff in normal mode or in promiscuous mode the packets on a network
interface and log it. It dumps the headers of packets and the payload in
ascii or ascii-hex format. You can apply a filter. The sniffed data can
be saved in a separated file.
As analyzer tool, it has many features like:
* Build LAN hosts list
* Follow a TCP-DATA stream
* Find LAN internet gateways
* Discover promiscuous nodes
* Reset an established connection
* Perform a single half-open portscanner
* Perform a multi half-open portscanner
* Find link type (hub or switch)
* Catch daemon banner of LAN nodes
* Control arp answers to discover possible arp-spoofings
* Byte counting with an optional filter
* Write reports logging
http://nast.berlios.de/
----------------------------------------------------------------------
dsniff-Various tools to sniff network traffic for cleartext insecurities
This package contains several tools to listen to and create network traffic:
* arpspoof - Send out unrequested (and possibly forged) arp replies.
* dnsspoof - forge replies to arbitrary DNS address / pointer queries
on the Local Area Network.
* dsniff - password sniffer for several protocols.
* filesnarf - saves selected files sniffed from NFS traffic.
* macof - flood the local network with random MAC addresses.
* mailsnarf - sniffs mail on the LAN and stores it in mbox format.
* msgsnarf - record selected messages from different Instant Messengers.
* sshmitm - SSH monkey-in-the-middle. proxies and sniffs SSH traffic.
* sshow - SSH traffic analyser.
* tcpkill - kills specified in-progress TCP connections.
* tcpnice - slow down specified TCP connections via "active"
traffic shaping.
* urlsnarf - output selected URLs sniffed from HTTP traffic in CLF.
* webmitm - HTTP / HTTPS monkey-in-the-middle. transparently proxies.
* webspy - sends URLs sniffed from a client to your local browser
(requires libx11-6 installed).
http://www.monkey.org/~dugsong/dsniff/
-----------------------------------------------------------------------
Ophcrack-Microsoft Windows password cracker using rainbow tables
Ophcrack is a Windows password cracker based on a time-memory trade-off
using rainbow tables. This is a new variant of Hellman's original trade-off,
with better performance. It recovers 99.9% of alphanumeric passwords in
seconds.
http://ophcrack.sourceforge.net/
--------------------------------------------------------------------
The Offline NT Password Editor
This little program will enable you to view some information and
change user passwords in a Windows NT SAM userdatabase file.
You do not need to know the old passwords.
It works for Windows NT/2000/XP/Vista.
http://home.eunet.no/~pnordahl/ntpasswd/binsrc.html
---------------------------------------------------------------------
MetaCoretex is an entirely JAVA vulnerability scanning framework which
puts special emphasis on databases. Probe objects are written in JAVA
by means of an easy to extend AbstractProbe class. Additionally, probe
generators make the process of writting simple probes almost automagic.
http://sourceforge.net/projects/metacoretex/
----------------------------------------------------------------------
Oracle Auditing Tools
The Oracle Auditing Tools is a toolkit that could be used to audit security within Oracle database servers.
http://www.cqure.net/wp/?page_id=2
----------------------------------------------------------------------
Lodowep is a tool for analyzing password strength of accounts on a Lotus Domino webserver system. The tool supports both session- and basic-authentication. It runs 20 simultaneous connection guessing passwords specified in a dictionaryfile against the supplied userfile. The tool is written in java and is released under.
http://www.cqure.net/wp/?page_id=17
----------------------------------------------------------------------
Passifist |Passifist is a tool for passive network discovery. It could be used for a number of different things, but was mainly written to discover hosts without actively probing a network. The tool analyzes broadcast traffic and has a plugin architecture through which it dissects and reports services found.
http://www.cqure.net/wp/?page_id=19
----------------------------------------------------------------------
SMBAT
The SMB Auditing Tool is a password auditing tool for the Windows-and the SMB-platform. It makes it possible to exploit the timeout architecture bug in Windows 2000/XP, making it extremly fast to guess passwords on these platforms. Running a large password file against Windows 2000/XP, shows statistics up to 1200 logins/sec. This means that you could run a commonly used English dictionary with 53 000 words against a server under a minute.
http://www.cqure.net/wp/?page_id=10
-----------------------------------------------------------------------
SIPcrack is a suite of tools to sniff and crack the digest authentications that are used within the SIP protocol.
The tools offer support for pcap files, wordlists and many more to extract all needed information and bruteforce the passwords for the sniffed accounts.

bed (aka 'Bruteforce Exploit Detector') is a plain-text protocol fuzzer that checks software for common vulnerabilities like buffer overflows, format string bugs, integer overflows, etc.
Supported protocols: finger, ftp, http, imap, irc, lpd, pjl, pop, smtp, socks4 and socks5

Wyd is a password profiling tool that extracts words/strings from supplied files and directories.
It parses files according to the file-types and extracts the useful information, e.g. song titles, authors and so on from mp3's or descriptions and titles from images.
It supports the following filetypes: plain, html, php, doc, ppt, mp3, pdf, jpeg, odp/ods/odp and extracting raw strings.

icmpshell is a client/server software that enables remote access to UNIX systems. It abuses ICMP for the communication to create a covert channel.
The used ICMP codes and types can be manually specified, e.g. ICMP_ECHO for one side and ICMP_ECHOREPLY for the other to hide the conversation more realistic.
The payload of the ICMP packet contains the actual data and is encrypted using the AES-256bit algorithm with a SHA-256bit hash of an user-given password.
http://www.codito.de/
-----------------------------------------------------------------------
Inguma
Free Penetration Testing and Vulnerability Research Toolkit.
p.s Inguma version 0.0.7.2 has been released. In this version I have added new modules and exploits, fixed many, many, many bugs as well as enhancing existing modules, such as the Oracle related stuff.
PyShellcodelib has been enhanced as well and now supports Mac OS X. But, for the moment, just BSD syscalls. Mach syscalls implementation is on the way. You will also notice that it is now object oriented as opossed to the previous versions.
Among with the aforementioned changes, I'm releasing 5 new Oracle modules: 4 modules for bugs fixed in the Critical Patch Update of January 2008 and one skr1pT k1|>i3 like module for the Oracle PL/SQL gateway flaw. Give to the module the target's address and port and run "oragateway". The module will automagically guess the correct DAD and bypass technique. After it an SQL terminal will be opened.
http://inguma.sourceforge.net/
-------------------------------------------------------------------------
WepLab is a tool designed to teach how WEP works, what different vulnerabilities it has, and how they can be used in practice to break a WEP protected wireless network. So far, WepLab more than a Wep Key Cracker, is a Wep Security Analyzer designed from an educational point of view. The author has tried to leave the source code as clear as possible, running away from optimizations that would obfuscate it.
http://weplab.sourceforge.net/
-----------------------------------------------------------------------
WiFitao injection tool through tun/tap device
http://sid.rstack.org/index.php/Wifitap_EN
-----------------------------------------------------------------------
Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and can sniff 802.11b, 802.11a, and 802.11g traffic.
Kismet identifies networks by passively collecting packets and detecting standard named networks, detecting (and given time, decloaking) hidden networks, and infering the presence of nonbeaconing networks via data traffic.
http://www.kismetwireless.net/

Название проги:
Websec
Тип проги:
Cледит за обновлениями сайтов
Подробное описание:
Websec («веб-секретарь») автоматизирует постоянное посещение сайта: он обычно запускается в задаче cron и сравнивает содержимое страницы с тем, что было получено в предыдущий раз. Если что-то поменялось, страница с выделенными добавлениями будет выслана вам по электронной почте.
Линк для закачки:
Домашняя страница http://baruch.ev-en.org/proj/websec/


Название проги:
MyTop
Тип проги:
top для MySQL
Подробное описание:
Это клон top, но он следит не за системой, а за потоками MySQL. Это отличная утилита командной строки, которая подключается к серверу MySQL, периодически выполняет команды SHOW PROCESSLIST, SHOW STATUS и отображает сводные результаты, к которым можно применять различные фильтры.
Линк для закачки:
есть в репозитариях Debian и Ubuntu


Название проги:
HTTrack
Тип проги:
Скачивание и зеркалирование сайтов
Подробное описание:
HTTrack обходит ссылки указанного ресурса, рекурсивно загружает страницы и меняет ссылки в гипертексте так, чтобы все можно было просматривать со своего компьютера. Функция рекурсивного зеркалирования, напротив, предполагает, что ссылки не меняются и продолжают указывать на удаленные ресурсы.
Линк для закачки:
http://httrack.com/


Название проги:
Clusterssh
Тип проги:
Работа с несколькими сеансами SSH через общий интерфейс
Подробное описание:
Clusterssh — программа с графическим интерфесом, позволяющая открыть несколько соединений по SSH и выполнять одновременно во всех них команды.
Линк для закачки:
есть в репозитариях Debian и Ubuntu


Название проги:
Trickle
Тип проги:
простой ограничитель пропускной способности
Подробное описание:
Trickle — пользовательский ограничитель пропускной способности. Он позволяет ограничить расходы соединения без каких-то патчей ядра, настроек фаерволла и прав суперпользователя. Trickle может ограничивать пропускную способность для нескольких программ одновременно или для одной указанной программы.
Линк для закачки:
http://monkey.org/%7Emarius/pages/?page=trickle

http://wiki.opennet.ru/Windows2Linux

Аналоги windows программ для Linux

Название проги:
ipcalc
Тип проги:
Расчета адресов в подсети и сетевых масок
Подробное описание:
На примере:
Домашняя страница:
jodies.de/ipcalc

cd /usr/ports/net-mgmt/ipcalc/ && make install clean
pacman -S ipcalc
apt-get install ipcalc
И т.д.

Вот нашел интересный проект - Turnkey (www.turnkeylinux.org)
Если в двух словах : 40 ISO-образов минимального размера , различной конфигурации для тех кто балуется виртуальными машинами и не только .....
Каждый образ заточенных под индивидуальную задачу.
Скачал образ (180 Мб) с установленым мускулом апачем и вордпресом ,запустил..
установка заняла 15 минут и вот в мох руках готовый мини-сервак с нужными мне приложениями..
В общем то для тех кто в" курсе" и нехочет терять свое драгоценное время .