Security Tools

Everything listed on this page is free, unless otherwise noted (or unless I goofed). I'll add more to this page as I have time.

Security Tools


Disk/File Wiping

Password Databases

You need to use a password database because humans are bad a remembering good passwords, you can't share passwords among sites, and so you need to have a lot of passwords. Some useful thoughts on this include:

There are a great many password databases out there these days. I personally don't trust any of the cloud or browser-based ones, because anything automated is that much easier to crack in to. It's a few extra steps to manually copy & paste the password from the manager into the correct fields, but it's a lot more secure.

  • Password Safe is a free utility originally from Bruce Schneier and Counterpane Labs which allows you to keep your passwords securely encrypted on your computer. A single Safe Combination--just one thing to remember--unlocks them all. Check Password Safe's releases to find the newest version.
  • KeePass seems to be another good one, and it has many cross-platform variations to chose from.
  • See my random password/pin generator (written in Perl). It also creates unpronounceable names for aliens, for when you're writing SciFi and get stuck for a name... ;-)


There's a more up-to-date list at 2019 Best Packet Sniffers (10 Packet Analyzers Reviewed)@lahmstache UPDATED: June 21, 2019.


Port Databases

Network Streams Detection

Secure Shell (ssh)

UNIX Clients and Servers

Windows Clients and Servers


Other Lists of Ports



(1) Winpcap is a libpcap-compatible library for Windows. Libpcap is the basis for most UNIX sniffer and packet tools, such as namp, nc, tcpdump and dsniff.

Firewalls & Firewall Tools

Check out the OpenBSD FAQ relating to IPFilter for a VERY good and clear example of IPFiltering, which is similar to the Linux IPTables or IPChains, and which is a great example of firewall rules in action! See also:

  • The OpenBSD project produces a FREE, multi-platform 4.4BSD-based UNIX-like operating system. Our efforts emphasize portability, standardization, correctness, proactive security and integrated cryptography. OpenBSD supports binary emulation of most programs from SVR4 (Solaris), FreeBSD, Linux, BSD/OS, SunOS and HP-UX.
  • IPFilter, the IP Filter HOWTO, ipf(8) and ipnat(8)

Check Point Firewall-1

  • I have combined my LogSwap and CPFWBack tools, and added my extract_patch tool into CPFW1TK--the Check Point Firewall-1 Tool Kit. LogSwap and CPFWBack work under both Windows and UNIX. Extract_patch is unnecessary under UNIX.

CPFW1TK-3.2.0-2.exe (288,965 bytes) has the scripts and all other binaries needed to run. It also includes the UNIX scripts just for fun, and it has some other bonus stuff. It is a self-extracting ZIP archive.
CPFW1TK-3.2.0-1.tgz (10,251 bytes) just has the UNIX scripts and ReadMe files.

Extract_patch was created for extracting Check Point patches under Windows, without installing WinZip, since Check Point are now distributing all patches in TGZ format. But it will work for any TGZ (or .tar.gz, or .gz or .tar) you wish to extract under Windows, without having to install WinZip. It combines Win32 ports of the GNU tar.exe, gzip.exe and md5sum.exe utilities, so you can unpack and verify *.tgz files.

LogSwap archives or "rolls" Firewall-1 logs. It includes Logswap.cmd,, and gzip.exe for Win32.

CPFWBack greatly automates the annoying process of backing up Firewall-1 configurations. It includes CPFWBack.cmd, zip.exe, unzip.exe and vdate.exe for Win32 and for UNIX.

  • I've also created an add-on called jpcshrc for the default csh configuration in Nokia's IPSO 3.4.1-FCS5. It sets the csh prompt to your current working directory, and add some aliases (mostly DOS commands, since I can't remember what OS I'm using).
  • The Check Point User Group including the old Phoneboy site.
  • Essential Check Point FireWall-1, ISBN 0201699508, written by Dameon D. Welch-Abernathy (AKA PhoneBoy), owner/operator of the above FireWall-1 FAQ site. There is also Essential Check Point FireWall-1 NG in the works, probably available in early 2004.
  • Tom Horsley's NTP Time for Windows is a nice NTP client program. It is free, but is a client only, and can be configured to talk to only one NTP server at a time. NTP works much better when referencing a pool of servers. BUT, it allows you to use NTP to time-sync a hardened NT Firewall server. The NT Resource kit TimeServ will not run with the NT Workstation service disabled or removed (which it should be on a firewall!!!)
  • fwlogsum "is a perl script to summarise FW1 logs making it easier to see what services are being blocked or allowed through your firewall."

WatchGuard Firebox II with the Live Security Service (LSS)

  • Fix-wls converts those annoying WatchGuard *.WLS files to Self-Extracting archives.

Securing or Hardening Systems

I have much more information on this topic, and will post references as I have time.


Win 2000