Network Security Toolkit

Network Security Toolkit is an open source Linux operating system designed with network security in mind. It can be used for network security monitoring and analysis. Based on the Fedora Core Linux distribution, Network Security Toolkit or NST can be used to easily transform an old computer into an efficient system for network traffic analysis, wireless network monitoring, network packet generation, and intrusion detection. Linux experts can also use it to build a complex network and host scanner, or a virtual system service server.

Distributed as a 32-bit Live DVD

Network Security Toolkit is distributed as a single Live DVD ISO image. It supports only the 32-bit architecture. The operating system provides users with easy access to the best open source network security applications.

Features at a glance

It features multi-tap network packet capture, web-based network security tools management, host/IPv4 address geolocation, network and system monitoring, network intrusion detection, multi-port terminal server. In addition, VNC session management, network interface bandwidth monitor, active connections monitor, network segment ARP scanner, and network packet capture CloudShark upload support is also provided in this distribution. The boot menu offers many choices, from running the graphical or text-mode live environment and rescue mode, to the ability to test your computer’s RAM or boot the operating system that is already installed on the disk drive.

MATE is in charge of the graphical session

The graphical environment is powered by the lightweight MATE desktop environment, which loads quite fast in this Live media. MATE is a fork of the now deprecated GNOME 2 desktop environment. Besides the standard applications like Mozilla Firefox and Midori web browsers, FileZilla and gFTP FTP clients, Claws Mail and Evolution email clients, the Network Security Toolkit operating system includes a wide range of network-related apps. These include Wireshark, Airsnort, Angry IP Scanner, Creepy, Driftnet, EtherApe, Ettercap, Net Activity Viewer, Netwag, NetworkMiner, Ostinato, packETH, PDD, TcpTrack, TCPcTract, TigerVNC Viewer, w3af, and WiFi Radar to name a few.

Bottom line

All in all, Network Security Toolkit is the perfect tool for network security specialists and enthusiasts alike. However, we don’t recommended it for the regular desktop user.

What is new in this release:

• NST will now be delivered as a 64 bit image only. 32 bit images have been retired.
• A new Multi-Traceroute (MTR) networking tool has been developed for NST 24. This tool provides an interactive Traceroute visual using Scapy similar to the Traceroute Command and has been integrated into the NST WUI. Results from the tool can expose load balance tiers and NAT. NST uses the Python 3 version of Scapy known as Scapy3k. MTR includes new networking features such as running multiple queries with each target, display of Round Trip Time (RTT), selection of using Network Protocols: TCP, UDP and ICMP and enhanced SVG graphical results. Key NST WUI integration features include GUI options interface, an interactive MTR SVG graphic, NST IPv4 Address Tools integration, IPv4 Address Geolocation, MTR session Packet Capture, ASN lookup, MTR historical session selection and management, MTR SVG graphic editing, MTR session console output access and SVG Graphic image conversion.
• The MTR graphic below shows the results of running a TCP Multi-Traceroute session to both the "www.networksecuritytoolkit.org" and "www.bing.com" sites using ports: "80" and "443" with a query count of "2". This results in a total of "8" trace routes. See the "Document on MTR" at the NST Wiki site for additional usage examples and a reference guide.
• A new interactive 3D Pie Chart depicting the results from a ntop Deep Packet Inspection (nDPI) is now an integral part of the NST WUI Network Packet Capture protocol decode. An example nDPI Decode visual is shown below. See the "Document on 3D Pie Chart of nDPI Detected Protocols" at the NST Wiki site for a reference diagram.
• Added the "SSLyze" project for analyzing a server's SSL configuration to the NST Networking Tools Widget.
• A darkness/lightness Google Map control has been added the the NST Map Tools. This control allows to one to make the background map image less intrusive.
• As always, the networking and security applications included have been updated to their latest version which can be found in the manifest.

What is new in version 24-7977:

• NST will now be delivered as a 64 bit image only. 32 bit images have been retired.
• A new Multi-Traceroute (MTR) networking tool has been developed for NST 24. This tool provides an interactive Traceroute visual using Scapy similar to the Traceroute Command and has been integrated into the NST WUI. Results from the tool can expose load balance tiers and NAT. NST uses the Python 3 version of Scapy known as Scapy3k. MTR includes new networking features such as running multiple queries with each target, display of Round Trip Time (RTT), selection of using Network Protocols: TCP, UDP and ICMP and enhanced SVG graphical results. Key NST WUI integration features include GUI options interface, an interactive MTR SVG graphic, NST IPv4 Address Tools integration, IPv4 Address Geolocation, MTR session Packet Capture, ASN lookup, MTR historical session selection and management, MTR SVG graphic editing, MTR session console output access and SVG Graphic image conversion.
• The MTR graphic below shows the results of running a TCP Multi-Traceroute session to both the "www.networksecuritytoolkit.org" and "www.bing.com" sites using ports: "80" and "443" with a query count of "2". This results in a total of "8" trace routes. See the "Document on MTR" at the NST Wiki site for additional usage examples and a reference guide.
• A new interactive 3D Pie Chart depicting the results from a ntop Deep Packet Inspection (nDPI) is now an integral part of the NST WUI Network Packet Capture protocol decode. An example nDPI Decode visual is shown below. See the "Document on 3D Pie Chart of nDPI Detected Protocols" at the NST Wiki site for a reference diagram.
• Added the "SSLyze" project for analyzing a server's SSL configuration to the NST Networking Tools Widget.
• A darkness/lightness Google Map control has been added the the NST Map Tools. This control allows to one to make the background map image less intrusive.
• As always, the networking and security applications included have been updated to their latest version which can be found in the manifest.

What is new in version 22-7334:

• Refactored NST WUI navigation anchor elements.
• Fixed the broken NST Maps Ruler Tool exposed by a new version of the Google Maps.

What is new in version 20-6535:

• Development of the NST Mapping Tools which includes the following overlays and widgets (The Image below depicts some of the mapping tools.):
• The display of a dynamic Latitude/Longitude grid overlay on the Google Maps.
• A widget for displaying one or more Distance Measurement Tool Rulers. Units can be displayed in Km, Mi, NM, px, coordinates and round-trip times (msecs).
• A Distance Measurement Tool Ruler Editor is provided for manual ruler endpoint positioning with precision vernier controls.
• An NST Ruler Tool widget for map and web page distance and area measurements.
• A Drawing Manager widget for creating basic geometric shape overlays and markers.
• A Drawing Manager Editor widget for overlay characteristic management and displaying distance and area calculations.
• A Vertex Editor for precise Polyline and Polygon overlay shape creation and placement.
• A grid of shape overlay positioning controls for geolocation network entity placement.
• A Drawing Overlay Storage Manager for saving and restoring overlays on each NST integrated geolocation map.
• A Map Label Editor widget for the creation and management of labeling network entities on NST maps.
• Creation of Marker Overlay Waypoints for inventorying network entity geolocations.
• Integration of Google Place Search for correlation with geolocated network entities.
• Ntopng geolocation integration with the Mercator Map and Google Earth.
• nstnetcfg enhancements including Network Bonding Management (See the NST article on: "Managing a 'Bonding' Network Interface").
• Creation of an Import/Export Management tool for saving and restoring NST specific configuration and settings between different NST systems. This tool can be advantageous when migrating to a new NST release.
• As always, the networking and security applications included have been updated to their latest version which can be found in the manifest.

What is new in version 20-5663:

• Added a new drag zoom feature to the "NST Ntopng IPv4 Hosts" application. Ntopng is a network traffic probe used for high-speed web-based traffic analysis and flow collection. This drag zoom feature implements a traditional method for zooming in on a particular area of interest on Google Maps by positioning and sizing a zoom rectangle with the mouse. One can easily use this feature to zoom into an area of clustered Ntopng IPv4 Hosts for further investigation which is depicted in this Annotated Image.
• Integration of the "Mate Desktop" and the "LightDM GTK Desktop" login screen greeter are now the preferred defaults for NST.
• Added a new NST WUI page for the network utility script: "getipaddr".
• Added a new "Network Interface Renaming" mode to the NST script: "nstnetcfg" that creates Predictable Network Interface Names which will survive each system reboot. This capability is beneficial to an NST system equipped with multiple Network Interface adapters.
• Integration of "IPv4 Alias Address Management" into the NST script: "nstnetcfg" that allows for the creation and removal of IPv4 Alias Addresses.
• A number of new articles on getting NST 20 up and running on a system have been written at the NST Wiki site:
• Upgrade to NST 20
• NST 20 Getting Started
• NST 20 Hard Disk Installation
• Copying ISO Images To USB
• As always, the networking and security applications included have been updated to their latest version which can be found in the manifest.

What is new in version 18-5413:

• The next generation NST WUI Network Interface Bandwidth Monitor 2 application is available. It includes the following new features and enhancements:
• Graph Zoom & Pan - Allows for different graph monitor views and fine-grain data rate measurements.
• Selectable Sample Buffer Size - Allows for the generation of very long duration (i.e., days) monitoring graphs.
• Data Rate Buffering - Allows for data rate capture while a monitor is paused.
• Archive & Loading - Allows for historical review or data analysis from a monitor collected on a different NST system.
• Monitor Snapshotting - Generate a Read-Only bandwidth monitoring graph clone for quick data rate measurements.
• Trigger Event Graph Color - Create a Visual Alarm Display when a defined trigger event occurs.
• Trigger Event Snapshot - Create a Monitor Snapshot each time a defined trigger event occurs.
• Monitor Appearance - Customize the look of each monitoring graph.
• An NST WUI Network Interface Bandwidth Monitor 2 screenshot is shown here monitoring Network Interface: "p1p1" with the Ruler Measurement Tool enabled.
• Integrated the next generation ntop application: "ntopng" into the NST WUI. Ntopng is a network traffic probe used for high-speed web-based traffic analysis and flow collection.
• A new NST WUI Geolocation Application: "Ntopng IPv4 Hosts" is available using host information derived from ntopng. This application includes the following features:
• Periodically query the ntopng server for Host information and then try to Geolocate each Host on a Google Map.
• Map marker management allows one to extend the Geolocation Lifetime of each Host Marker for a user specified time duration.
• One can choose from a large collection of transparent Host Markers for the generation of "Geolocated Hosts Heat Maps".
• Integration of the NST IPv4 Address Tools widget and the ntopng Web-Based GUI to perform additional Network Surveillance with each ntopng detected Host.
• An IPv4 Host Simulator is available to generate Random World-Wide Host Geolocations.
• An IPv4 Host Simulator Mode using the GeoIPgen tool with the MaxMind Country WhoIs Database is available to produce Country Level Geolocation Isolation.
• Use the IPv4 Host Simulator to expose Networks and Hosts for Global Network Exploration with the vast collection of integrated NST tools.
• An NST Ntopng IPv4 Hosts screenshot is shown here with integrated NST tools focusing on host: "lga15s28-in-f4.1e100.net".
• Several new tools were added to the NST WUI that allow you to convert files to different formats. These tools can be found under the 'Tools | Convert' menu and include the following abilities:
• Convert from PostScript to PDF
• Download a URL and render a PDF
• Convert ASCII source code files to colorized HTML
• Convert image files from one type to another
• A new tool was added to the NST WUI that allows you to easily browse the RPM packages installed on the system. To bring up the index of all RPM packages, select 'Tools | WUI Widgets | NST RPM Index' from the menu. If the RPM index was not recently generated it will take a few moments for the system to determine the list of installed RPM packages. Once the index is displayed, you can click on any entry to easily examine information about each installed package.
• As always, the networking and security applications included have been updated to their latest version which can be found in the manifest.

What is new in version 18-4509:

• Created a more friendly and intuitive user experience when booting NST Live and performing a Hard Disk installation.
• Added a new NST script: "nstipconf" which provides management to easily setup IPv4 Address and stealth network configurations in an NST system equipped with multiple network interface adapters for performing network surveillance tasks.
• Many new NST WUI enhancements and refinements including:
• The NST WUI network monitoring management pages (i.e., Nagios Core, Zabbix and Argus Monitor) have been refactored for ease of use, enhanced management and setup capability.
• The "Snort" network Intrusion Detection System (IDS) page now uses Barnyard2 integration for Unified2 IDS event data storage to the MySQL database.
• A new system SCSI storage device information page was added.
• SSH access using the Google Chrome Secure Shell has now been integrated into the NST IPv4 Tools widget. This allows SSH access using the Google Chrome Browser on any OS platform without the need to install a native SSH client.
• Many new NST Network Interface Bandwidth Monitor features including:
• Added a Query Update Rate Monitor.
• Significantly increased the query update rate performance.
• Added the ability to create two Custom Bandwith Monitors. This will allow one to simultaneously display network bandwidth rate graphs from two different network interfaces. This can be quite useful for displaying bandwidth network traffic at full line rates when using a non-aggregational network TAP (See the example network diagram below.).
• Each Bandwidth Monitor can now have its appearance customized using a NST Options Widget popup. One can adjust the background color and the color of each monitor graph. The opacity levels can also be adjusted on a per graph basis. These controls use to be global and applied to all monitors, but now they can be applied individually.
• Now optionally collecting Bandwidth Monitor Data Rates when the monitor is hidden from view.
• Added clearer Threshold Pause State Change information in each status area.
• A Threshold Pause Session can now be automatically enabled upon page load.
• The Bandwidth Monitor Background Color can change when a Threshold Pause Trigger Event occurs. This can be used in conjunction with the "Auto ReArm" option for a Visual Alarm Display when a Threshold Pause Trigger Event occurs.
• You can now download or export Bandwidth Monitor Data Rates as a CSV formatted file which can then be used by most data analysis applications.
• A new Threshold Pause Trigger Event Action has been added: The Bandwidth Monitor Data Rates can now be exported as a CSV formatted file to the NST system when a Threshold Pause Trigger Event occurs. A selection of Pause NICs and their associated data rate values can be included in the file.

What is new in version 2.16.0-4104:

• This release is based on Fedora 16 using Linux Kernel: "3.4.9-2.fc16". This is a interim release which includes all of the NST and Fedora 16 package updates since 2012-Feb-27 rolled into a fresh ISO image. If you are building your own NST yum repository or have a subscription to the NST PRO yum repository, you may not need this ISO image as you should be able to simply yum update you NST system(s).
• Here are some of the highlights for this release:
• The NST project team has worked with the CloudShark folks to facilitate uploading and viewing network packet captures generated by an NST system to either "CloudShark.org" or a "CloudShark Appliance". A new CloudShark Upload Manager tool was created and embedded within the NST WUI to accomplish this. See also the HowTo Use The NST CloudShark Upload Manager NST Wiki page: http://wiki.networksecuritytoolkit.org/nstwiki/index.php/HowTo_Use_The_NST_[..] for more information.
• The NST WUI ARP Scan page, which utilizes the arp-scan utility, has been completed. This allows you to quickly scan and inventory each attached network segment throughout your network infrastructure and also perform additional security auditing on each discovered host. See the article: HowTo Use The NST WUI arp-scan page: http://wiki.networksecuritytoolkit.org/nstwiki/index.php/HowTo_Use_The_NST_[..] for additional information.
• A separate NST WUI ARP Scan monitoring page was added. This web page is designed to periodically run the arp-scan command. Results are accumulated from each run allowing you to keep track of what systems enter and leave your network throughout the day.
• Many new NST WUI enhancements and refinements including:
• Most NST WUI pages have been enhanced to use an NST Shell Command Console for resultant output. This allows for extreme flexibility when using the results for analysis or reports. See the NST Shell Command Console Reference page: http://wiki.networksecuritytoolkit.org/nstwiki/index.php/HowTo_Use_The_NST_[..] for additional information.
• New pop-up network tools widgets have been created for IPv4, IPv6, Host Names, and MAC addresses. NST WUI pages which display network addresses or host names will allow you to click on the network entity to bring up the appropriate tools widget. Once the widget is displayed, you can perform a variety of related actions using the network entity. Each widget has an integrated NST Shell Command Console for results. See the NST Network Tools Widgets Reference page: http://wiki.networksecuritytoolkit.org/nstwiki/index.php/HowTo_Use_The_NST_[..] for additional information.
• Both the Single and Multi-Tap Network Packet Capture pages now support the new PCAP Next Generation Dump File Format.
• The NST Network Interface Bandwidth Monitor Ruler Measurement Tool has been enhanced with Peak/Trough Detection and a Ruler Guide Movement Control feature. This feature helps during bandwidth rate analysis by making it easier to position the left and right ruler tool guides when performing data rate measurements. See the NST Bandwidth Monitor Reference Diagram page: http://wiki.networksecuritytoolkit.org/nstwiki/index.php/NST_Network_Interf[..] for more information.
• As always, the networking and security applications included have been updated to their latest version which can be found in the manifest.

What is new in version 2.16.0:

• Major enhancements to the Network Interface Bandwidth Monitor application including a Threshold Pause feature with bandwidth rate state notifications.
• Developed a new NST WUI ARP Scan AJAX application which utilizes the arp-scan network tool. One can quickly scan and inventory each attached network segment throughout your network infrastructure and also perform additional security auditing on each discovered host. See the NST Wiki page: "HowTo Use The NST WUI arp-scan Page To Quickly Locate Hosts" for further information.
• Integrated the w3af (Web Application Attack and Audit Framework) into the NST distribution for searching and exploiting web application vulnerabilities.
• Added the netsniff-ng high performance Linux network analyzer and networking toolkit. It is featured in the NST Wiki article: LAN Ethernet Maximum Rates, Generation, Capturing & Monitoring.
• The NST WUI is now touch device friendly and now works well with the Apple iPad. See the NST Wiki article: HowTo Use A Touch Device (iPad) with NST.
• Developed many new systemd service controls and improved NST boot management with GRUB2 integration.
• Many new NST WUI enhancements and refinements including a new CPU usage monitor and DNS name resolver popup widget.
• As always, the networking and security applications included have been updated to their latest version which can be found in the manifest.

What is new in version 2.11.0:

• The entire NST distribution is RPM based and an NST system can be maintained using reduntant RPM repositories.
• NST is now extensible. Add new applications with YUM install.
• "NST Live" allows for read/write rootfs file system access so that new applications can be installed even though it was booted from a DVD device.
• "NST Live" can be installed to a USB device for creation of a "NST Live USB Disk". One can then boot the "NST Live USB Disk" from a system capable of booting from USB devices.
• An "NST Live USB Disk" may contain data persistence allowing session information to be maintained across system reboots and/or system moves.
• For systems that lack a DVD device or can not boot from USB devices, the following solution was created for installation of NST to the system hard disk. The "NST Live" distribution is too big to fit on a CD. An "NST Minimal" ISO is provided and was designed to fit on CD media. One can boot the "NST Minimal" ISO, perform a hard disk installation using the NST script: "nstliveinst" and then YUM install the "nst-live" RPM package to completely build out the full NST distribution.
• A new NST script: "nsttraceroute" has been created that Geocodes output from the traceroute utility in KML format for rendering with Google Earth.
• Added 2 network content capture applications: "driftnet" and "tcpxtract". Driftnet is used to capture and display graphic images (i.e., GIF, JPEG and PNG). TCPxTract is used to capture complete documents including PDF or Microsoft Word docs.
• The Multi-Tap Network Packet Capture page has been enhanced with the integration of ngrep and dsniff.
• Many new applications have been added to this distribution release. Previous existing networking and security applications have been updated to their latest revision.

What is new in version 1.8.1:

• This release is based on Fedora 8 using the Linux Kernel 2.6.26.8. Here are some of the highlights for this release: enhanced the management of snort IDS systems via the NST WUI; the addition of the WebDAV Resources packages; major updates to Nmap and its related tools including better support in the NST WUI for managing Nmap results; added access terminal server functionality using minicom from the NST WUI; enhanced the monitoring of serial data streams using the NST WUI; support for saving and loading packet capture and display filters in the single and multi-tap network packet capture sections of the NST WUI....