LiFTeR: Changes for August 5, 2016
- opencl-headers-1.2-7.el6.noarch.rpm - OpenCL-Headers:
The OpenCL registry contains specifications of the core API and the OpenCL C language; a portable intermediate representation of
OpenCL programs; specifications of Khronos- and vendor-approved OpenCL extensions; and links to header files corresponding to the
specifications, which are now hosted in the OpenCL-Headers Github repository.
- hashcat-3.00-1.{fc20,fc21,fc22,fc23,fc24,el6,el7}.{i686,x86_64}.rpm - Hashcat is the world's fastest
and most advanced password recovery utility, supporting five unique modes of attack for over 160 highly-optimized hashing algorithms.
Hashcat currently supports CPUs, GPUs other hardware-accelerators on Linux, Windows and OSX, and has facilities to help enable distributed password cracking.
- fmem-kernel-modules-el7-x86_64-1.6-1.23.noarch.rpm - Support for the following kernels were added for
Fmem:
- 3.10.0-327.28.2 for EL7
- lime-kernel-modules-el7-x86_64-1.1.r17-23.noarch.rpm - Support for the following kernels were added for
LiME:
- 3.10.0-327.28.2 for EL7
- RPMForge -
According to this website: https://wiki.centos.org/AdditionalResources/Repositories,
the RPMForge and RepoForge repositories are dead and are no longer recommended for use.
To that end, all of the packages used by CentOS/RHEL 6 and 7 have been added to this repository.
To remove these packages and the RPMForge repository from your system and to install the needed replacement packages from the CERT Linux Forensics Tools Repository, do the following:
sudo yum -y erase `yum list installed | grep -i rpmforge | awk '{print $1}'`
sudo yum -y install CERT-Forensics-Tools
This is the list of tools that have been rebuilt and added to the CERT Linux Forensics Tools Repository.
- 2hash-0.2-1.el6.{i686,x86_64}.rpm - 2hash is a tool to calculate the md5 and sha1 hashes of a file in a single read.
If you’re regularly checking/calculating hashes of large files this’ll save you a lot of disk I/O.
- adns-0.2-1.el6.{i686,x86_64}.rpm - ADNS is a resolver library for C (and C++) programs, and a collection of useful DNS resolver utilities.
- cryptcat-1.2.1-1.1-{el6,el7}.{i686,x86_64}.rpm - Cryptcat is the standard netcat enhanced with twofish encryption
with ports for Windows NT, BSD and Linux. Twofish is courtesy of counterpane, and cryptix.
TCP/IP swiss army knife extended with twofish encryption - Cryptcat is a simple Unix utility which reads and writes data across network connections, using TCP or
UDP protocol while encrypting the data being transmitted.
It is designed to be a reliable "back-end" tool that can be used directly or easily driven by other programs and scripts.
At the same time, it is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need and has several interesting built-in capabilities.
Cryptcat has been added to the CERT Linux Forensics Tools (LFTR) Repository from the now defunct RPMForge repository.
- etherape-0.9.13-1.el6.{i386,x86_64} - etherape is a graphical network monitor for Unix modeled after
etherman. Featuring link layer, ip and TCP modes, it displays network activity graphically. Hosts and links change in size with traffic. Color coded protocols display.
It supports Ethernet, FDDI, Token Ring, ISDN, PPP and SLIP devices. It can filter traffic to be shown, and can read traffic from a file as well as live from the network.
Note: this version is the latest available from the Sourceforge website which is newer than the version available from the standard Fedora repositories.
- fatback-1.3-1.el6.{i686,x86_64}.rpm - Fatback is a tool that undeletes files from FAT filesystems.
- lame{,-libs}-3.99.5-1.el6.{i686,x86_64}.rpm - LAME > is an open source MP3 encoder whose quality and speed matches commercial encoders.
LAME handles MPEG1,2 and 2.5 layer III encoding with both constant and variable bitrates.
- missidentify-1.0-1.el6.{i686,x86_64}.rpm - missidentify is a program to find Win32 applications.
In its default mode it displays the filename of any executable that does not have an executable extension (i.e. exe, dll, com, sys, cpl, hxs, hxi, olb, rll, or tlb).
The program can also be run to display all executables encountered, regardless of the extension.
This is handy when looking for all of the executables on a drive.
Other options allow the user to record the strings found in an executable and to work recursively.
See the manual page for more information.
- mount_ewf-20090113-1.el6.noarch.rpm - Mount_ewf is a tool that mounts
EWF files as mounted images using the loopback capability.
- pasco-1.0-1.el6.{i686,x86_64}.rpm - Pasco is a tool that parses the information in an index.dat file and output the
results in a field delimited manner so that it may be imported into your favorite spreadsheet program.
Pasco is built to work on multiple platforms and will execute on Windows (through Cygwin), Mac OS X, Linux, and *BSD platforms.
- perl-Data-Hexify-1.00-1.el6.noarch.rpm - perl-Data-Hexify formats arbitrary (possible binary) data into a format suitable for hex dumps in the style of xdor hexl.
- perl-File-Mork-0.3-1.el6.{i686,x86_64}.rpm - perl-File-Mork is a module to read Mozilla URL history files.
- perl-Mac-PropertyList-1.33-1.el7.noarch.rpm - perl-Mac-PropertyList is a low-level interface to the Mac OS X Property List (plist) format.
- perl-Parse-Win32Registry-0.51-1.el6.noarch.rpm - perl-Parse-Win32Registry is a module for parsing Windows Registry files, allowing you to read the keys and values of a registry file without going through the Windows API. It provides an object-oriented interface to the keys and values in a registry file. Registry files are structured as trees of keys, with each key containing further subkeys or values. The module is intended to be cross-platform, and run on those platforms where Perl will run. It supports both Windows NT registry files (Windows NT, 2000, XP, 2003, Vista, 7) and Windows 95 registry files (Windows 95, 98, Millennium Edition). It is intended to be used to parse offline registry files. If a registry file is currently in use, you will not be able to open it. However, you can save part or all of a currently loaded registry file using the Windows reg command if you have the appropriate administrative access.
- python-tidy-0.2-1.{el6,el7}.noarch.rpm - Python-tidy pleans up, regularizes, and reformats the text of Python scripts.
- rar-5.3.0-1.{fc20,fc21,fc22,fc23,fc24,el6,el7}.{i686,x86_64}.rpm - Rar is a powerful archive manager. It can backup your data and reduce the size of email attachments, decompress RAR, ZIP and other files downloaded from Internet and create new archives in RAR and ZIP file format. See here for a list of changes in this version.
- socat-1.7.3.0-1.{fc20,fc21,fc22,fc23,fc24,el6,el7}.{i686,x86_64}.rpm - Socat is a relay for bidirectional data transfer between two independent data channels. Each of these data channels may be a file, pipe, device (serial line etc. or a pseudo terminal), a socket (UNIX, IP4, IP6 - raw, UDP, TCP), an SSL socket, proxy CONNECT connection, a file descriptor (stdin etc.), the GNU line editor (readline), a program, or a combination of two of these. These modes include generation of "listening" sockets, named pipes, and pseudo terminals. Socat can be used, e.g., as TCP port forwarder (one-shot or daemon), as an external socksifier, for attacking weak firewalls, as a shell interface to UNIX sockets, IP6 relay, for redirecting TCP oriented programs to a serial line, to logically connect serial lines on different computers, or to establish a relatively secure environment (su and chroot) for running client or server shell scripts with network connections. See the change log that is part of the RPM package for a list of changes.
- tcpflow-1.4.4-1.el7.x86_64.rpm - Tcpflow is a program that captures data transmitted as part of TCP connections (flows), and stores the data in a way that is convenient for protocol analysis and debugging. Each TCP flow is stored in its own file. Thus, the typical TCP flow will be stored in two files, one for each direction. Tcpflow can also process stored tcpdump packet flows.
- tre-0.8.0-1.el6.{i686,x86_64}.rpm - Tre is a lightweight, robust, and efficient POSIX compliant regexp matching library with some exciting features such as approximate (fuzzy) matching. The matching algorithm used in TRE uses linear worst-case time in the length of the text being searched, and quadratic worst-case time in the length of the used regular expression. In other words, the time complexity of the algorithm is O(M^2N), where M is the length of the regular expression and N is the length of the text. The used space is also quadratic on the length of the regex, but does not depend on the searched string. This quadratic behaviour occurs only on pathological cases which are probably very rare in practice.
- unrar-5.3.0-1.{fc20,fc21,fc22,fc23,fc24,el6,el7}.{i686,x86_64}.rpm - Unrar is a powerful archive manager. It can backup your data and reduce the size of email attachments, decompress RAR, ZIP and other files downloaded from Internet and create new archives in RAR and ZIP file format. See here for a list of changes in this version.
- perl-File-Mork-0.3-1.el6.{i686,x86_64}.rpm - perl-File-Mork is a module to read Mozilla URL history files.
- 2hash-0.2-1.el6.{i686,x86_64}.rpm - 2hash is a tool to calculate the md5 and sha1 hashes of a file in a single read.
If you’re regularly checking/calculating hashes of large files this’ll save you a lot of disk I/O.