Lynis is an auditing and hardening tool for Unix derivatives like Linux/BSD/Solaris. It scans systems to detect software and security issues. Besides security-related information, it will also scan for general system information, installed packages, and possible configuration mistakes. The software is aimed at assisting automated auditing, software patch management, and vulnerability and malware scanning of Unix-based systems.
Kernel Security Checker is a useful tool to locate attackers residing within a system by employing a direct analysis of the kernel through /dev/kmem and bypassing the hiding techniques of the intruder (kernel static recompilation or use of LKMs). It can find the modified syscalls from userspace, detect the promiscuous interfaces, and find the modifications applied to a protocol.
INSERT (the Inside Security Rescue Toolkit) aims to be a multi-functional, multi-purpose disaster recovery and network analysis system. It boots from a credit card-sized CD-ROM and is basically a stripped-down version of Knoppix. It features good hardware detection, fluxbox, emelfm, links-hacked, ssh, tcpdump, nmap, chntpwd, and much more. It provides full read-write support for NTFS partitions (using ntfs-3g), and the ClamAV virus scanner (including a fairly recent signature database and a GUI). It provides partition handling with gParted and also has a network boot facility.
scanmem is a simple interactive debugging utility for Linux that can be used to locate the address of a variable in an executing program. scanmem can then be used to modify the variable once, or continually over a period of time. It is similar to the "pokefinders" used to cheat at video games.
dietsniff is a tiny tool for analyzing traffic on a network. It's not intended to replace well-known tools like tcpdump or ethereal. It's intended for the case when a small and especially static sniffer is required. Accordingly, it's also by far not that powerful, and is also bound to Linux as a platform. While it doesn't use or need the libpcap, it produces pcap-logs that can be analyzed by more sophisticated tools like tcpdump or Ethereal.
Alerttail monitors a given file and executes a list of actions when a user-defined text pattern has been written to the file. For example, the user can pop up a GTK notification window when a certain message is written to a log file. Actions can be alerttail built in actions (GTK notify action, geoipLocalization action, or filtering text action) or a custom user defined shell command action. A Qt 4 GUI frontend helps with configuration.
RFDUMP is a GUI to edit the "User Data Fields" on RFID tags and to test if a tag is protected against reading or writing. It implements a real life cookie on RFID tags. The tags that are supported for reading, writing, and editing are ISO 15693, ISO 14443 A, ISO 14443 B, SR176(1,2), Tag-it®, and I-Code®.
ProviderTool Internet server administration program with email protection. The software is divided into a subcomponent Admin Tool, Customer Tool, and a Reseller Tool. Each subcomponent tool manages a separate zone that is setup for the specific needs of your administrator, end user, and reseller. If you have a Red Hat, SuSE, or Debian Internet or intranet server, you will be able to add, delete, and change settings and users with just a couple of clicks. ProviderTool is delivered with a separate Apache and PHP server environment. There is also an email protection tool included.