xfocus logo xfocus title
首页 焦点原创 安全文摘 安全工具 安全漏洞 焦点项目 焦点论坛 关于我们
添加工具English Version


提交时间:2004-12-07 更新时间:2004-12-08
工具大小:69615 Bytes
文件MD5 :9e501a9b7baba2b995c1431f69622925
工具来源:Advanced Incident Response Tool

hey all,
    I'm proud to announce that the AIRT 0.1 is now available:

    AIRT (Advanced incident response tool) is a set of incident response assistant tools on linux platform. It's useful when you want to know what evil program is resident on your broken system and what the hell it is. It consists of 5 useful tools now:

mod_hunter: looks for hidden module on the suspect system.

process_hunter: looks for hidden process from kernel on the suspect system.

sock_hunter: looks for hidden port from kernel on the suspect system.

modumper: dumps the hidden module into file.

dismod: trys to analyze the dumped module.

Note: it only supports 2.6 kernel now, will support 2.4 kernel later.

We will be happy to get any suggestion and bug report ;-P


From: "madsys" <madsys@ercist.iscas.ac.cn>
To: "bugtraq" <bugtraq@securityfocus.com>,
    "full-disclosure" <full-disclosure@netsys.com>
Cc: "honeypots" <honeypots@securityfocus.com>,
    "forensics" <forensics@securityfocus.com>,
    "mkill" <mkill@linuxaid.com.cn>
Subject: Tool Announcement:  AIRT -- the Advanced Incident Response Tool (linux)

>> 下载 <<