Jan 12

Nmap Simple Introduction

By jason Security Tools 1 Comment »

Nmap (“Network Mapper”) is an open source tool for network exploration and security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. While Nmap is commonly used for security audits, many systems and network administrators find it useful for routine tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.

The output from Nmap is a list of scanned targets, with supplemental information on each depending on the options used. Key among that information is the “interesting ports table”. That table lists the port number and protocol, service name, and state. The state is either open, filtered, closed, or unfiltered. Open means that an application on the target machine is listening for connections/packets on that port. Filtered means that a firewall, filter, or other network obstacle is blocking the port so that Nmap cannot tell whether it is open or closed. Closed ports have no application listening on them, though they could open up at any time. Ports are classified as unfiltered when they are responsive to Nmap’s probes, but Nmap cannot determine whether they are open or closed. Nmap reports the state combinations open|filtered and closed|filtered when it cannot determine which of the two states describe a port. The port table may also include software version details when version detection has been requested. When an IP protocol scan is requested (-sO), Nmap provides information on supported IP protocols rather than listening ports.

In addition to the interesting ports table, Nmap can provide further information on targets, including reverse DNS names, operating system guesses, device types, and MAC addresses.

A typical Nmap scan is shown in Example 1. The only Nmap arguments used in this example are -A, to enable OS and version detection, script scanning, and traceroute; -T4 for faster execution; and then the two target hostnames.

Example 1. A representative Nmap scan

nmap -A -T4 221.194.128.175

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2009-01-12 17:32 CST
Interesting ports on 221.194.128.175:
Not shown: 1670 closed ports
PORT     STATE    SERVICE        VERSION
22/tcp   open     ssh            OpenSSH 3.9p1 (protocol 1.99)
53/tcp   open     domain         ISC Bind 9.X
80/tcp   open     http           Apache httpd 2.2.9 ((Unix) PHP/5.2.6)
135/tcp  filtered msrpc
137/tcp  filtered netbios-ns
139/tcp  filtered netbios-ssn
445/tcp  filtered microsoft-ds
593/tcp  filtered http-rpc-epmap
3306/tcp open     mysql          MySQL (unauthorized)
4444/tcp filtered krb524
Device type: general purpose
Running: Linux 2.4.X|2.5.X
OS details: Linux 2.4.0 – 2.5.20

Options Summary

Nmap 4.11 ( http://www.insecure.org/nmap/ )
Usage: nmap [Scan Type(s)] [Options] {target specification}
TARGET SPECIFICATION:
  Can pass hostnames, IP addresses, networks, etc.
  Ex: scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.0-255.1-254
  -iL <inputfilename>: Input from list of hosts/networks
  -iR <num hosts>: Choose random targets
  –exclude <host1[,host2][,host3],…>: Exclude hosts/networks
  –excludefile <exclude_file>: Exclude list from file
HOST DISCOVERY:
  -sL: List Scan – simply list targets to scan
  -sP: Ping Scan – go no further than determining if host is online
  -P0: Treat all hosts as online — skip host discovery
  -PS/PA/PU [portlist]: TCP SYN/ACK or UDP discovery to given ports
  -PE/PP/PM: ICMP echo, timestamp, and netmask request discovery probes
  -n/-R: Never do DNS resolution/Always resolve [default: sometimes]
  –dns-servers <serv1[,serv2],…>: Specify custom DNS servers
  –system-dns: Use OS’s DNS resolver
SCAN TECHNIQUES:
  -sS/sT/sA/sW/sM: TCP SYN/Connect()/ACK/Window/Maimon scans
  -sN/sF/sX: TCP Null, FIN, and Xmas scans
  –scanflags <flags>: Customize TCP scan flags
  -sI <zombie host[:probeport]>: Idlescan
  -sO: IP protocol scan
  -b <ftp relay host>: FTP bounce scan
PORT SPECIFICATION AND SCAN ORDER:
  -p <port ranges>: Only scan specified ports
    Ex: -p22; -p1-65535; -p U:53,111,137,T:21-25,80,139,8080
  -F: Fast – Scan only the ports listed in the nmap-services file)
  -r: Scan ports consecutively – don’t randomize
SERVICE/VERSION DETECTION:
  -sV: Probe open ports to determine service/version info
  –version-intensity <level>: Set from 0 (light) to 9 (try all probes)
  –version-light: Limit to most likely probes (intensity 2)
  –version-all: Try every single probe (intensity 9)
  –version-trace: Show detailed version scan activity (for debugging)
OS DETECTION:
  -O: Enable OS detection
  –osscan-limit: Limit OS detection to promising targets
  –osscan-guess: Guess OS more aggressively
TIMING AND PERFORMANCE:
  Options which take <time> are in milliseconds, unless you append ’s’
  (seconds), ‘m’ (minutes), or ‘h’ (hours) to the value (e.g. 30m).
  -T[0-5]: Set timing template (higher is faster)
  –min-hostgroup/max-hostgroup <size>: Parallel host scan group sizes
  –min-parallelism/max-parallelism <time>: Probe parallelization
  –min-rtt-timeout/max-rtt-timeout/initial-rtt-timeout <time>: Specifies
      probe round trip time.
  –max-retries <tries>: Caps number of port scan probe retransmissions.
  –host-timeout <time>: Give up on target after this long
  –scan-delay/–max-scan-delay <time>: Adjust delay between probes
FIREWALL/IDS EVASION AND SPOOFING:
  -f; –mtu <val>: fragment packets (optionally w/given MTU)
  -D <decoy1,decoy2[,ME],…>: Cloak a scan with decoys
  -S <IP_Address>: Spoof source address
  -e <iface>: Use specified interface
  -g/–source-port <portnum>: Use given port number
  –data-length <num>: Append random data to sent packets
  –ttl <val>: Set IP time-to-live field
  –spoof-mac <mac address/prefix/vendor name>: Spoof your MAC address
  –badsum: Send packets with a bogus TCP/UDP checksum
OUTPUT:
  -oN/-oX/-oS/-oG <file>: Output scan in normal, XML, s|<rIpt kIddi3,
     and Grepable format, respectively, to the given filename.
  -oA <basename>: Output in the three major formats at once
  -v: Increase verbosity level (use twice for more effect)
  -d[level]: Set or increase debugging level (Up to 9 is meaningful)
  –packet-trace: Show all packets sent and received
  –iflist: Print host interfaces and routes (for debugging)
  –log-errors: Log errors/warnings to the normal-format output file
  –append-output: Append to rather than clobber specified output files
  –resume <filename>: Resume an aborted scan
  –stylesheet <path/URL>: XSL stylesheet to transform XML output to HTML
  –webxml: Reference stylesheet from Insecure.Org for more portable XML
  –no-stylesheet: Prevent associating of XSL stylesheet w/XML output
MISC:
  -6: Enable IPv6 scanning
  -A: Enables OS detection and Version detection
  –datadir <dirname>: Specify custom Nmap data file location
  –send-eth/–send-ip: Send using raw ethernet frames or IP packets
  –privileged: Assume that the user is fully privileged
  -V: Print version number
  -h: Print this help summary page.
EXAMPLES:
  nmap -v -A scanme.nmap.org
  nmap -v -sP 192.168.0.0/16 10.0.0.0/8
  nmap -v -iR 10000 -P0 -p 80
SEE THE MAN PAGE FOR MANY MORE OPTIONS, DESCRIPTIONS, AND EXAMPLES

Nmap Examples

Here are some Nmap usage examples, from the simple and routine to a little more complex and esoteric. Some actual IP addresses and domain names are used to make things more concrete. In their place you should substitute addresses/names from your own network.. While I don’t think port scanning other networks is or should be illegal, some network administrators don’t appreciate unsolicited scanning of their networks and may complain. Getting permission first is the best approach.

For testing purposes, you have permission to scan the host scanme.nmap.org. This permission only includes scanning via Nmap and not testing exploits or denial of service attacks. To conserve bandwidth, please do not initiate more than a dozen scans against that host per day. If this free scanning target service is abused, it will be taken down and Nmap will report Failed to resolve given hostname/IP: scanme.nmap.org. These permissions also apply to the hosts scanme2.nmap.org, scanme3.nmap.org, and so on, though those hosts do not currently exist.

nmap -v nmap.test.com

This option scans all reserved TCP ports on the machine scanme.nmap.org . The -v option enables verbose mode.

nmap -sS -O nmap.test.com/24

Launches a stealth SYN scan against each machine that is up out of the 255 machines on “class C” network where Scanme resides. It also tries to determine what operating system is running on each host that is up and running. This requires root privileges because of the SYN scan and OS detection.

nmap -sV -p 21,53,110,123,4564 198.116.0-255.1-127

Launches host enumeration and a TCP scan at the first half of each of the 255 possible eight-bit subnets in the 198.116 class B address space. This tests whether the systems run SSH, DNS, POP3, or IMAP on their standard ports, or anything on port 4564. For any of these ports found open, version detection is used to determine what application is running.

nmap -v -iR 100000 -PN -p 80

Asks Nmap to choose 100,000 hosts at random and scan them for web servers (port 80). Host enumeration is disabled with -PN since first sending a couple probes to determine whether a host is up is wasteful when you are only probing one port on each target host anyway.

nmap -PN -p80 -oX logs/port80scan.xml -oG logs/port80scan.gnmap 221.194.128.0/20

This scans 4096 IPs for any web servers (without pinging them) and saves the output in grepable and XML formats.

Tagged with:
Jan 06

Web Load Testing Tools (3) web-bench

By jason Web Tools No Comments »

Web Bench is very simple tool for benchmarking WWW or proxy servers. Uses fork() for simulating multiple clients and can use HTTP/0.9-HTTP/1.1 requests. This benchmark is not very realistic, but it can test if your HTTPD can realy handle that many clients at once (try to run some CGIs) without taking your machine down. Displays pages/min and bytes/sec. Can be used in more aggressive mode with -f switch.

INSTALL:

wget http://www.goitworld.com/download/webbench-1.5.tar.gz
tar -zxvf webbench-1.5.tar.gz
cd webbench-1.5
make && make install

Options:

webbench [option]… URL
  -f|–force               Don’t wait for reply from server.
  -r|–reload              Send reload request – Pragma: no-cache.
  -t|–time <sec>          Run benchmark for <sec> seconds. Default 30.
  -p|–proxy <server:port> Use proxy server for request.
  -c|–clients <n>         Run <n> HTTP clients at once. Default one.
  -9|–http09              Use HTTP/0.9 style requests.
  -1|–http10              Use HTTP/1.0 protocol.
  -2|–http11              Use HTTP/1.1 protocol.
  –get                    Use GET request method.
  –head                   Use HEAD request method.
  –options                Use OPTIONS request method.
  –trace                  Use TRACE request method.
  -?|-h|–help             This information.
  -V|–version             Display program version.

Test Result:

#webbench -c 500 -t 30 http://localhost

Webbench – Simple Web Benchmark 1.5
Copyright (c) Radim Kolar 1997-2004, GPL Open Source Software.

Benchmarking: GET http://localhost/
500 clients, running 30 sec.

Speed=350 pages/min, 356755 bytes/sec.
Requests: 175 susceed, 0 failed.

Tagged with:
Jan 06

Network Security with Linux Kernel

By jason Application Security 1 Comment »

The proc filesystem offers some significant enhancements to your network security settings. Unfortunately, most of us are unaware of anything beyond the vague rumors. In the article, we’ll review some of the basic essentials of the kernel parameters necessary by altering /proc filesystem to add to the overall network security of your Linux server.

The proc filesystem is a area of more frequently being neglected. The pseudo file structure within proc allows you to interface with the internal data structures in the kernel, either obtaining information about the system or changing specific settings.

IP Specific Settings

IP forwarding of packets between interfaces is enabled by default on many systems.  If you’re not intending for your box to forward traffic between interfaces, or if you only have a single interface, it would probably be a good idea to disable forwarding. Note that altering this value resets all configuration parameters to their default values. you’ll want to modify this one before all other /proc settings.

if [ -r /proc/sys/net/ipv4/ip_forward ]; then
  echo "Disabling IP forwarding"
  echo "0" > /proc/sys/net/ipv4/ip_forward

fi 

If your operating system is RedHat AS3/4/5 or CentOS3/4/5,you can edit sysctl.conf file.

net.ipv4.ip_forward = 0


If instead you decide to enable forwarding, you will also be able to modify the rp_filter setting; something which is often misunderstood by network administrators. The rp_filter can reject incoming packets if their source address doesn’t match the network interface that they’re arriving on, which helps to prevent IP spoofing. Turning this on, however, has its consequences: If your host has several IP addresses on different interfaces, or if your single interface has multiple IP addresses on it, you’ll find that your kernel may end up rejecting valid traffic. It’s also important to note that even if you do not enable the rp_filter, protection against broadcast spoofing is always on. Also, the protection it provides is only against spoofed internal addresses; external addresses can still be spoofed.. By default, it is disabled. To enable it, run the following:

if [ -r /proc/sys/net/ipv4/conf/all/rp_filter ]; then
  echo "Enabling rp_filter"
  echo "1" > /proc/sys/net/ipv4/conf/all/rp_filter
fi

If your operating system is RedHat AS3/4/5 or CentOS3/4/5,you can edit sysctl.conf file.

net.ipv4.conf.all.rp_filter = 1

You may have also noticed the "all" subdirectory in this last example. In /proc/sys/net/ipv4/conf there is one subdirectory for each interface on your system along with one directory called "all". Changing specific interface directories only affects that specific interface, while changes made to the "all" directory affects all interfaces on the system.

If you have compiled your kernel with CONFIG_SYNCOOKIES, you will be able to optionally turn on or off protection against SYN flood attacks. Note the emphasis, as compiling the kernel with this value does not enable it by default. It works by sending out ’syncookies’ when the syn backlog queue of a socket overflows. What is often misunderstood is that socket backlogging is not supported in newer operating systems, which means that your error messages may not be correctly received by the offending system. Also, if you see synflood warnings in your logs, make sure they are not the result of a heavily loaded server before enabling this setting. They can also cause connection problems for other hosts attempting to reach you. However, if you do want to enable this setting, perform the following:

if [ -r /proc/sys/net/ipv4/tcp_syncookies ]; then
  echo "Enabling tcp_syncookies"
  echo "1" > /proc/sys/net/ipv4/tcp_syncookies
fi

If your operating system is RedHat AS3/4/5 or CentOS3/4/5,you can edit sysctl.conf file.

net.ipv4.tcp_syncookies = 1

Normally, a host has no control over the route any particular packet takes beyond its first hop. It is up to the other hosts on the network to complete the delivery. IP Source Routing (SRR) is a method of specifying the exact path that a packet should take among the other hosts to get to its destination. This is generally a bad idea for the security conscious, as someone could direct packets to you through a trusted interface and effectively bypass your security in some cases. A good example is traffic, such as SSH or telnet, that is blocked on one interface might arrive on another of your host’s interfaces if source routing is used, which you might not have anticipated in your firewall settings. You’ll probably want to disable this setting with:

if [ -r /proc/sys/net/ipv4/conf/all/accept_source_route ]; then
  echo "Disabling source routing"
  echo "0" > /proc/sys/net/ipv4/conf/all/accept_source_route
fi

If your operating system is RedHat AS3/4/5 or CentOS3/4/5,you can edit sysctl.conf file.

net.ipv4.conf.all.accept_source_route = 0

Packets that have source addresses with no known route are referred to as "martians". For example, if you have two different subnets plugged into the same hub, the routers on each end will see each other as martians. To log such packets to the kernel log, which should never show up in the first place, you’ll need to issue:

if [ -r /proc/sys/net/ipv4/conf/all/log_martians ]; then
  echo "Enabling logging of martians"
  echo "1" > /proc/sys/net/ipv4/conf/all/log_martians
fi

If your operating system is RedHat AS3/4/5 or CentOS3/4/5,you can edit sysctl.conf file.

net.ipv4.conf.all.log_martians = 1

 
ICMP Specific Settings

Ping scanning is typically used to determine which hosts on a network are up. Typically this is done by sending ICMP ECHO request packets to the target host. This is seemingly innocent behavior, however often network administrators will block such traffic to increase their obscurity. The choices involve blocking ICMP ECHO requests to broadcast/multicast addresses and directly to the host itself. The respective commands to disable protection are:

echo "0" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo "0" > /proc/sys/net/ipv4/icmp_echo_ignore_all

ICMP redirect messages can also be a pain. If your box is not acting as a router, you’ll probably want to disable them:

echo "0" > /proc/sys/net/ipv4/conf/all/accept_redirects

Sometimes you will come across routers that send out invalid responses to broadcast frames. This is a violation of RFC 1122, "Requirements for Internet Hosts — Communication Layers". As a result, these events are logged by the kernel. To avoid filling up your logfile with unnecessary clutter, you can tell the kernel not to issue these warnings:

echo "1" > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses

 
Additional Resources

For more information regarding the /proc filesystem, you can refer to the documentation that comes with the Linux kernel source. Of specific help is Documentation/filesystems/proc.txt by Bowden, Bauer & Nerin. Additionally,
you can refer to Documentation/networking/ip-sysctl.txt by Kuznetsov & Savola.

Tagged with:
Jan 06

Web Load Testing Tools (2) siege

By jason Web Tools No Comments »

Siege is an http/https regression testing and benchmarking utility. It was designed to let web developers measure the performance of their code under duress, to see how it will stand up to load on the internet. It lets the user hit a web server with a configurable number of concurrent simulated users. Those users place the webserver "under siege." The duration of the siege is measured in transactions, the sum of simulated users and the number of times each simulated user repeats the process of hitting the server. Thus 20 concurrent users 50 times is 1000 transactions, the length of the test. Performance measures include elapsed time of the test, the amount of data transferred ( including headers ), the response time of the server, its transaction rate, its throughput, its concurrency and the number of times it returned OK. These measures are quantified and reported at the end of each run. Their meaning and significance is discussed below. Siege has essentially three modes of operation, regression, internet simulation and brute force. It can read a large number of URLs from a configuration file and run through them incrementally ( regression ) or randomly ( internet simulation ). Or the user may simply pound a single URL with a runtime configuration at the command line ( brute force ).

Install

wget ftp://ftp.joedog.org/pub/siege/siege-latest.tar.gz
tar zxvf siege-latest.tar.gz
cd siege-2.67(version)
./configure
make && make install

Options:

‘ -V ‘
‘ –version’
Print version information to the screen.

‘ -h ‘
‘ –help’
Print the help section. This presents a summary of the options discussed in this section of the manual.

‘ -C ‘
‘ –config’
Print the current configuration. This option reads your .siegerc file and prints the settings. You can change those settings by editing $HOME/.siegerc. If you don’t have a .siegerc file, then you can generate one by running "siege.config"

‘ -v ‘
‘ –verbose ‘
Verbose output. With this option selected, siege will print transaction information to the screen. This includes HTTP protocol type, the return code and the page it requested:
HTTP/1.1 200 OK: /cgi-bin/whoohoo.cgi?first=Homer&last=simpson
This option is especially useful for charting progress in regression or internet modes when the program is hitting a large number of assorted URLs.

‘ -g URL ‘
‘ –get URL ‘
Get an HTTP transaction. Pull down headers from the server and display HTTP transaction. Great for web application debugging. [Example]

‘ -c NUM ‘
‘ –concurrent=NUM ‘
Concurrent users ( requires argument ). This option allows the user to stress the web server with NUM number of simulated users. The amount is limited only by the computing resources available, but realistically a couple of hundred simulated users is equal to many times that that number in actual user sessions. The number you select represents the number of transactions your server is handling. It does NOT represent the number of concurrent sessions. Remember, real users take some time to actually read the page that they’ve requested….

‘ -i ‘
‘ –internet ‘
This option is used with a configuration file, that is a file containing many URLs. With this option in place, each user randomly hits any one of the URLs in the file each time it hits the server. Much like you can’t tell the users of your website which pages they can view, you have no control over which pages siege will hit in internet mode. With this option set, there is no guarantee that every page in the file will be hit.

‘ -t NUMm ‘
‘ –time=NUMm ‘
TIME, allows you to run the test for a selected period of time. The format is "NUMm", where NUM is a time unit and the "m" modifier is either S, M, or H for seconds, minutes and hours. To run siege for an hour, you could select any one of the following combinations: -t3600S, -t60M, -t1H. The modifier is not case sensitive, but it does require no space between the number and itself.

‘ -f FILE ‘
‘ –file=FILE ‘
The default configuration file, the file with all your URLs is SIEGE_HOME/etc/urls.txt. You can use this option to instruct siege to use a different configuration file: siege –file=serverb.txt

‘ – l ‘
‘ –log ‘
This option instructs siege to log the statistics to SIEGE_HOME/var/siege.log. Each new statistics set is appended to the log.

‘ – m MESSAGE ‘
‘ –mark=MESSAGE ‘
This option allows you to mark the log file with a separator, to differentiate your log file entries with header information. It is not necessary to use both the -m option and the -l option. -m assumes -l so it marks and logs the transaction. If the MESSAGE has spaces in it, make sure that you put it in quotes.

‘ -d NUM ‘
‘ –delay=NUM ‘
Each siege simulated user is delayed for a random number of seconds between one and NUM. If you are benchmarking performance, it is recommended that you use a 1 second delay ( -d1 ). The default value is three (3 ). This delay allows for the transactions to stagger rather then to allow them to pound the server in waves.

Performance Statistics:

Edit $HOME/.siegerc modify
url = http://localhost/index.php  save and quit.
If you have a url list, you can altring Parameters
file = /tmp/urls.txt

#siege -r 2 -c 10 

Transactions:                     20 hits
Availability:                 100.00 %
Elapsed time:                  17.62 secs
Data transferred:               0.27 MB
Response time:                  2.19 secs
Transaction rate:               1.14 trans/sec
Throughput:                     0.02 MB/sec
Concurrency:                    2.49
Successful transactions:          20
Failed transactions:               0
Longest transaction:           16.43
Shortest transaction:           0.87

 More Detail

Tagged with:
Jan 06

Web Load Testing Tools (1) ab

By jason Web Tools No Comments »

ab is a tool for benchmarking the performance of your WWW HyperText Transfer Protocol (HTTP) server. It does this by giving you an indication of how many requests per second your Apache installation can serve.

Options

-A auth-username:password
Supply BASIC Authentication credentials to the server. The username and password are separated by a single : and sent on the wire base64 encoded. The string is sent regardless of whether the server needs it (i.e., has sent an 401 authentication needed).

-b windowsize
Size of TCP send/receive buffer, in bytes.

-c concurrency
Number of multiple requests to perform at a time. Default is one request at a time.

-C cookie-name=value
Add a Cookie: line to the request. The argument is typically in the form of a name=value pair. This field is repeatable.

-d
Do not display the "percentage served within XX [ms] table". (legacy support).

-e csv-file
Write a Comma separated value (CSV) file which contains for each percentage (from 1% to 100%) the time (in milliseconds) it took to serve that percentage of the requests. This is usually more useful than the ‘gnuplot’ file; as the results are already ‘binned’.

-f protocol
Specify SSL/TLS protocol (SSL2, SSL3, TLS1, or ALL).

-g gnuplot-file
Write all measured values out as a ‘gnuplot’ or TSV (Tab separate values) file. This file can easily be imported into packages like Gnuplot, IDL, Mathematica, Igor or even Excel. The labels are on the first line of the file.

-h
Display usage information.

-H custom-header
Append extra headers to the request. The argument is typically in the form of a valid header line, containing a colon-separated field-value pair (i.e., "Accept-Enooding: zip/zop;8bit").

-i
Do head requests instead of GET.

-k
Enable the HTTP KeepAlive feature, i.e., perform multiple requests within one HTTP session. Default is no KeepAlive.

-n requests
Number of requests to perform for the benchmarking session. The default is to just perform a single request which usually leads to non-representative benchmarking results.

-p POST-file
File containing data to POST. Remember to also set -T.

-P proxy-auth-username:password
Supply BASIC Authentication credentials to a proxy en-route. The username and password are separated by a single : and sent on the wire base64 encoded. The string is sent regardless of whether the proxy needs it (i.e., has sent an 407 proxy authentication needed).

-q
When processing more than 150 requests, ab outputs a progress count on stderr every 10% or 100 requests or so. The -q flag will suppress these messages.

-r
Don’t exit on socket receive errors.

-s
When compiled in (ab -h will show you) use the SSL protected https rather than the http protocol. This feature is experimental and very rudimentary. You probably do not want to use it.

-S
Do not display the median and standard deviation values, nor display the warning/error messages when the average and median are more than one or two times the standard deviation apart. And default to the min/avg/max values. (legacy support).

-t timelimit
Maximum number of seconds to spend for benchmarking. This implies a -n 50000 internally. Use this to benchmark the server within a fixed total amount of time. Per default there is no timelimit.

-T content-type
Content-type header to use for POST data, eg. application/x-www-form-urlencoded. Default: text/plain.

-v verbosity
Set verbosity level – 4 and above prints information on headers, 3 and above prints response codes (404, 200, etc.), 2 and above prints warnings and info.

-V
Display version number and exit.

-w
Print out results in HTML tables. Default table is two columns wide, with a white background.

-x <table>-attributes
String to use as attributes for <table>. Attributes are inserted <table here >.

-X proxy[:port]
Use a proxy server for the requests.

-y <tr>-attributes
String to use as attributes for <tr>.

-z <td>-attributes
String to use as attributes for <td>.

-Z ciphersuite
Specify SSL/TLS cipher suite (See openssl ciphers).

Test Result

#ab -n 20 -c 10 -t 60 http://www.localhost.com/

Benchmarking www.localhost.com (be patient)
Finished 154 requests

Server Software:        Apache/2.2.3
Server Hostname:        www.localhost.com
Server Port:            80

Document Path:          /
Document Length:        56611 bytes

Concurrency Level:      10
Time taken for tests:   60.5793 seconds
Complete requests:      154
Failed requests:        0
Write errors:           0
Total transferred:      8933962 bytes
HTML transferred:       8906422 bytes
Requests per second:    2.57 [#/sec] (mean)
Time per request:       3896.480 [ms] (mean)
Time per request:       389.648 [ms] (mean, across all concurrent requests)
Transfer rate:          145.39 [Kbytes/sec] received

Connection Times (ms)
                       min  mean[+/-sd] median   max
Connect:      257  610 1192.0    258    9256
Processing:  1037 2848 2052.2   2076   13469
Waiting:      258  454 872.4    259   10038
Total:       1296 3459 2368.4   2591   14335

Percentage of the requests served within a certain time (ms)
  50%   2591
  66%   3892
  75%   4672
  80%   5163
  90%   6588
  95%   7761
  98%   9361
  99%  13729
100%  14335 (longest request)

Refrence:       http://httpd.apache.org/
Tagged with:
Jan 05

Deny Password Crack Script

By jason Shell Script No Comments »
What is Deny_Passorwd_Crack?

Deny_Password_Crack is a simple  script progam of parsing /var/log/secure to find all login attempts and filters failed and successful attempts.Intended to be run by Linux system administrators to help thwart SSH server attacks.

If you’ve ever looked at your ssh log, you may be alarmed to see how many hackers attempted to gain access to your server. Hopefully, none of them were successful. Wouldn’t it be better to automatically prevent that attacker from continuing to gain entry into your system?
Deny_Password_Crack attempts to address the above.

Where can I download Deny_Password_Crack from?

Deny_Passorwd_Crack is available for download from here.

How do I configure cron for Deny_Password_Crack use?

Presumably, you will need to run deny_password_crack as root , so you first must become root. Once you have either logged in as root you can then run the following command:

# crontab -e

The above command will launch the crontab editor. To launch deny_password_crack every 10 minutes you would then add the following line to the crontab:

*/10 * * * /path/deny_password_crack.sh

For more information regarding the crontab format please see the crontab man page (man 5 crontab).

Will Deny_Password_Crack support  VSFTPD?

No, But I will add the feature next version. If you want to support the feature, you can rss my blog.

Will Deny_Password_Crack work with FreeBSD?

No, But I will add the feature next version. If you want to support the feature, you can rss my blog.

Need help?

If Deny_Password_Crack is unable to correctly parse your ssh server log when you run it, please email me(jason#goitworld.com,please replace # to @) the following information:

  1. SSH log entry showing a successful login
  2. SSH log entry showing a failed attempt of a valid user account (eg. root)
  3. SSH log entry showing a failed attempt of a non-existent user account (eg. blah)

I will try to respond to each support request that I receive. If I am able to help you I will be very glad.

Jan 03

Paid Analytics Tools

By jason Web Tools No Comments »
Cheap  Analytics Tools
  • Clicky – cheap web based tool similar to Google Analytics. A few less features, but you are not giving all your data to Google either. Also offers a cheap white label analytics package convenient for SEO firms looking to add another revenue stream to their businesses.
  • Mint – affordable downloadable analytics program that you set up on your own server. Unlike most other paid analytics programs in Mint does not track conversions.
    •  
    Affordable Analytics Tools
  • ClickTracks – Downloadable software and hosted options. Starting at $99 a month.
  • Indextools – Starts at $50 a month.
  • Weblog Expert – Downloadable log analyzer. Starts at $75.
    •  
    Expensive / Premium Tools
  • Omniture
  • VisualSciences / WebSideStory
  • WebTrends
    • Tagged with:
    Jan 03

    Free Analytics Tools

    By jason Web Tools No Comments »

    The 9 tools you need will help you easily and automatically track your rankings.

    Google Analytics – powerful full featured analytics tool. Even allows you to track your ROI by keyword for each AdWords ad position. Google AdWords also has internal split testing and conversion tracking software. Google Analytics now makes the features that experts demand easy to use for everyone. Gain rich insights into your website traffic with Advanced Segmentation, Custom Reporting, Motion Charts, and more.

    Google Website Optimizer -  Google’s free website testing and optimization tool, allows you to increase the value of your existing websites and traffic without spending a cent. Using Website Optimizer to test and optimize site content and design, you can quickly and easily increase revenue and ROI whether you’re new to marketing or an expert. Allows you to A/B split test landing pages and track how well Google AdWords traffic converts.

    Microsoft adCenter Analytics – not publicly launched yet, but accepting invite requests.

    Piwik – Piwik is a downloadable, open source web analytics software program. It provides you with detailed reports on your website visitors: the search engines and keywords they used, the language they speak, your popular pages…

    Webalizer – Default log analyzer on many servers.  The Webalizer is a fast, free web server log file analysis program. It produces highly detailed, easily configurable usage reports in HTML format, for viewing with a standard web browser.

    Analog – Default log analyzer on many servers. Analog is a program to measure the usage on your web server. It tells you which pages are most popular, which countries people are visiting from, which sites they tried to follow broken links from, and all sorts of other useful information.

    Awstats – Another popular default log analyzer on many servers.  AWStats is a free powerful and featureful tool that generates advanced web, streaming, ftp or mail server statistics, graphically. This log analyzer works as a CGI or from command line and shows you all possible information your log contains, in few graphical web pages. It uses a partial information file to be able to process large log files, often and quickly. It can analyze log files from all major server tools like Apache log files (NCSA combined/XLF/ELF log format or common/CLF log format), WebStar, IIS (W3C log format) and a lot of other web, proxy, wap, streaming servers, mail servers and some ftp servers.

    Tagged with:
    Jan 02

    Top 10 free wordpress theme sites

    By jason Wordpress Themes No Comments »

    Today I will recommend 10 website of providing free wordpress theme for everyone.

    Wordpress Official Website.  There are more than 500 templates,and more than more than 2,136,215 downloads
    http://wordpress.org/extend/themes/

    There are more than 1000 templates.  Here you can find it what you want.
    http://www.wpthemes360.com/

    There are more than 140 wp templates.  The number is not many,but there are many beautiful templates.
    http://wordpressthemesbase.com/

    There are all kinds of wordpress templates to choose from and they are all for free to download.
    Free Wordpress Theme Site started in 2008 as a resource for anyone who wanted to find a template for their wordpress website. All wordpress templates here are all in CSS and are all “table-less” which means they contain no tables to create their layout. All of Free Wordpress Theme Site’s Templates are free to download at anytime for any website. http://www.freewordpressthemesite.com/

    Here at Rock-kitty.net are in the process of a complete overhall of the website to include categories and tags to all themes that are uploaded.
    http://themes.rock-kitty.net/

    Download free wordpress themes for your Wordpress blog themes.
    http://themespack.com/

    First of all, wordpress templates should be elegant, appealing, exceptional, and stylish. The second criterion is their functionality. You can find literally thousands of wordpress themes on the Internet.
    http://tagwarrior.com/

    High quality free WordPress themes. Check the theme details for author’s demo as well.
    http://themebot.com/website-templates/wordpress-themes

    There are 405 wonderful Themes.
    http://www.wordpress-themes.ws/browse.php

    This online generator creates your own custom unique WordPress Theme. Without any need for HTML, JS, PHP, or CSS knowledge.
    http://www.yvoschaap.com/wpthemegen/

    Tagged with:
    preload preload preload