HiddenWall - Tool to generate a Linux kernel module for custom rules with Netfilter hooking. (block ports, Hidden mode, rootkit functions etc)

  •        33

HiddenWall is a Linux kernel module generator for custom rules with netfilter. (block ports, Hidden mode, rootkit functions etc). The motivation: on bad situation, attacker can put your iptables/ufw to fall... but if you have HiddenWall, the attacker will not find the hidden kernel module that block external access, because have a hook to netfilter on kernel land(think like a second layer for firewall).

https://github.com/CoolerVoid/HiddenWall

Tags
Implementation
License
Platform

   




Related Projects

rootkit - Linux rootkit for Ubuntu 16

  •    C

A simple Linux kernel rootkit written for fun, not evil. The rootkit was tested to work on Linux kernels 2.6.32-38 and 4.4.0-22 as provided by Ubuntu in Ubuntu 10.04.4 LTS and Ubuntu 16.04 LTS respectively, but it should be very easy to port to kernels in-between, as well as newer ones.

Devil Linux - Linux for Sys Admin

  •    C

Devil-Linux is a CD-based Linux distribution for firewalls and routers. The goal of Devil-Linux is to have a small, customizable and secure Linux. It could boot from CDROM or USB flash drive. Its main purpose is to be used as server for many applications. It doesn't have any GUI or XServer related stuff. It is mainly targeted for Sys Admin.

Ipfcontrol

  •    Erlang

IPFC is a distributed management solution for security module (firewall, nids). Security module can be packet-filtering (ipfw,netfilter,ipf ...), NIDS or any other servers (syslog...) or embedded devices.

bastion-firewall

  •    C

bastion-firewall is a Netfilter based firewall for Linux. It can generate graphical stats of all the rules traffic in the firewall with Rrdtool and it's integrated with the Snort Inline IPS. It's written in the bash and C programming languages.


CopperheadOS - A security and privacy focused mobile operating system compatible with Android apps

  •    Java

CopperheadOS is a security and privacy focused mobile operating system compatible with Android apps. It provides Protection from zero-days, Hardened C standard library and compiler toolchain, Hardened kernel, Stronger sandboxing and isolation for apps & services, Firewall & network hardening and lot more.

Cerber -- security module for FreeBSD

  •    C

Cerber -- system firewall mechanism. It's a kernel module, which is a complete security solution for FreeBSD.

MISP - MISP (core software) - Open Source Threat Intelligence Platform (formely known as Malware Information Sharing Platform)

  •    PHP

MISP, is an open source software solution for collecting, storing, distributing and sharing cyber security indicators and threat about cyber security incidents analysis and malware analysis. MISP is designed by and for incident analysts, security and ICT professionals or malware reverser to support their day-to-day operations to share structured informations efficiently. The objective of MISP is to foster the sharing of structured information within the security community and abroad. MISP provides functionalities to support the exchange of information but also the consumption of the information by Network Intrusion Detection System (NIDS), LIDS but also log analysis tools, SIEMs.

wdbgark - WinDBG Anti-RootKit Extension

  •    C++

WDBGARK is an extension (dynamic library) for the Microsoft Debugging Tools for Windows. It main purpose is to view and analyze anomalies in Windows kernel using kernel debugger. It is possible to view various system callbacks, system tables, object types and so on. For more user-friendly view extension uses DML. For the most of commands kernel-mode connection is required. Feel free to use extension with live kernel-mode debugging or with kernel-mode crash dump analysis (some commands will not work). Public symbols are required, so use them, force to reload them, ignore checksum problems, prepare them before analysis and you'll be happy. Windows BETA/RC is supported by design, but read a few notes. First, i don't care about checked builds. Second, i don't care if you don't have symbols (public or private). IA64/ARM is unsupported (and will not).

WindowsRegistryRootkit - Kernel rootkit, that lives inside the Windows registry values data

  •    C

Rootkit uses the zero day vulnerability in win32k.sys (buffer overflow in function win32k!bInitializeEUDC()) to get the execution at the OS startup. NDIS-based network backdoor (+ meterpreter/bind_tcp).

Ufw - Uncomplicated Firewall

  •    Python

Ufw stands for Uncomplicated Firewall, and is program for managing a netfilter firewall. It provides a command line interface and aims to be uncomplicated and easy to use.

IPFire - An open source firewall solution

  •    C

IPFire is a server distribution with intended to use as a firewall. It focuses on flexibility, and scales from small to middle sized business networks and home networks. Beginning with a small firewall system of a few megabytes, it is possible to run IPFire as a file server or VPN gateway for staff, branches or customers. This modularity means that yor version of IPFire runs with exactly what you require and nothing more.

rootkit - Sample Rootkit for Linux

  •    TeX

This is sample rootkit implementation for Linux. It is able to hide processes, files and grants root privileges. It also have stealth mode (enabled by default) that prevents it from detecting. Just compile module (included Makefile does this against current kernel) and load it. There will be hidden file in /proc called rtkit. It's not visible when listing content of proc directory.

synsanity - netfilter (iptables) target for high performance lockless SYN cookies for SYN flood mitigation

  •    C

synsanity is a netfilter (iptables) target for high performance lockless SYN cookies for SYN flood mitigation, as used in production at GitHub.synsanity allows Linux servers running 3.x kernels to handle SYN floods with minimal (or at least less) performance impact. With default Linux kernel 3.x settings, a very small SYN flood causes complete CPU exhaustion as the kernel spinlocks on the LISTEN socket and in conntrack. synsanity moves much of this work into a netfilter (iptables) target and bypasses locks for this attack scenario, allowing high throughput syncookie generation before the packets hit the TCP stack.

SmoothWall - Express Open Source Firewall Project

  •    C

SmoothWall is a open source Firewall distribution. It Supports LAN, DMZ, and Wireless networks, Static Ethernet, DHCP Ethernet, PPPoE, PPPoA using various USB and PCI DSL modems. It provides traffic stats, POP3 email proxy with Anti-Virus, Web proxy for accelerated browsing and lot more.

IPCop - Linux firewall distribution

  •    C

IPCop provides secure and stable Linux Firewall Distribution. It is a complete Linux Distribution whose sole purpose is to protect the networks it is installed on. It is geared towards home and SOHO users. The IPCop web-interface is very user-friendly and makes usage easy.

pfSense - Firewall and Routing platform

  •    PHP

pfSense is a powerful, flexible firewalling and routing platform. It includes a long list of related features and a package system allowing further expandability without adding bloat and potential security vulnerabilities to the base distribution. pfSense is a stateful firewall, by default all rules are stateful. A Dynamic DNS client is included to allow you to register your public IP with a number of dynamic DNS service providers.

cilium - HTTP, gRPC, and Kafka Aware Security and Networking for Containers with BPF and XDP

  •    Go

Cilium is open source software for providing and transparently securing network connectivity and loadbalancing between application workloads such as application containers or processes. Cilium operates at Layer 3/4 to provide traditional networking and security services as well as Layer 7 to protect and secure use of modern application protocols such as HTTP, gRPC and Kafka. Cilium is integrated into common orchestration frameworks such as Kubernetes and Mesos. A new Linux kernel technology called BPF is at the foundation of Cilium. It supports dynamic insertion of BPF bytecode into the Linux kernel at various integration points such as: network IO, application sockets, and tracepoints to implement security, networking and visibility logic. BPF is highly efficient and flexible. To learn more about BPF, read more in our extensive BPF and XDP Reference Guide.

BrazilFW Firewall and Router

  •    Shell

A powerful network security tool, easy, safe and totally free.

SoftEther VPN - Cross-platform Multi-protocol VPN Program

  •    C

SoftEther VPN is a ?Cross-platform Multi-protocol VPN Program. It supports SSL-VPN protocol to penetrate any kinds of firewalls. Ultra-optimized SSL-VPN Protocol of SoftEther VPN has very fast throughput, low latency and firewall resistance. Virtualization of Ethernet devices is the key of the SoftEther VPN architecture. It virtualizes Ethernet devices in order to realize a flexible virtual private network for both remote-access VPN and site-to-site VPN.