Softpedia >Linux >Linux Distributions >Network Security Toolkit >  Changelog

Network Security Toolkit Changelog

What's new in Network Security Toolkit 30-11210

Jul 23, 2019
  • The NST WUI now supports geolocation of photos or videos that have embedded geotagged information. This provides the security professional with potential location and speed discovery when conducting a forensic analysis. The combination of using the ExifTool utility for metadata extraction with the NST Mapping Tools provides this geolocation capability.
  • The NST WUI Directory Browser page has been enhanced to facilitate the entry point for photo and video geolocation. At first, if many images appear to overlap at the same location on the Google Map, a thumbnail representation will be presented. One can then zoom in to provide better image location separation to reveal individual photo or video detail. If a video image can be geolocated (e.g., One generated by a Garmin Dash Cam 55), one can view and control the video with a new NST Map Data Layer Editor tool. This tool has many features including video frame segment location identification, speed colorization, measurement tools and video jump to control.
  • The nstnetcfg utility has been completely refactored to work with the Network Manager service. Support for adding IPv4 / IPv6 secondary addressing has been included.
  • Added a new NST WUI page to find all domains hosted on a web server. This makes use of the Reverse IP Domain Check tool provided at the you get signal website.
  • Added a new NST WUI page for the presentation of the ExifTool HtmlDump utility for exploring embedded Exchangeable Image File (Exif) format data found within an image.
  • Now building a GeoLite2 Country CSV (WhoIs) dataset for global host geolocation simulation.
  • Many NST WUI bug fixes were completed and enhancements were added including and new NST Shell Administration console menu.
  • As always, the networking and security applications included have been updated to their latest version which can be found in the manifest.

New in Network Security Toolkit 24-7977 (Jul 4, 2016)

  • NST will now be delivered as a 64 bit image only. 32 bit images have been retired.
  • A new Multi-Traceroute (MTR) networking tool has been developed for NST 24. This tool provides an interactive Traceroute visual using Scapy similar to the Traceroute Command and has been integrated into the NST WUI. Results from the tool can expose load balance tiers and NAT. NST uses the Python 3 version of Scapy known as Scapy3k. MTR includes new networking features such as running multiple queries with each target, display of Round Trip Time (RTT), selection of using Network Protocols: TCP, UDP and ICMP and enhanced SVG graphical results. Key NST WUI integration features include GUI options interface, an interactive MTR SVG graphic, NST IPv4 Address Tools integration, IPv4 Address Geolocation, MTR session Packet Capture, ASN lookup, MTR historical session selection and management, MTR SVG graphic editing, MTR session console output access and SVG Graphic image conversion.
  • The MTR graphic below shows the results of running a TCP Multi-Traceroute session to both the "www.networksecuritytoolkit.org" and "www.bing.com" sites using ports: "80" and "443" with a query count of "2". This results in a total of "8" trace routes. See the "Document on MTR" at the NST Wiki site for additional usage examples and a reference guide.
  • A new interactive 3D Pie Chart depicting the results from a ntop Deep Packet Inspection (nDPI) is now an integral part of the NST WUI Network Packet Capture protocol decode. An example nDPI Decode visual is shown below. See the "Document on 3D Pie Chart of nDPI Detected Protocols" at the NST Wiki site for a reference diagram.
  • Added the "SSLyze" project for analyzing a server's SSL configuration to the NST Networking Tools Widget.
  • A darkness/lightness Google Map control has been added the the NST Map Tools. This control allows to one to make the background map image less intrusive.
  • As always, the networking and security applications included have been updated to their latest version which can be found in the manifest.

New in Network Security Toolkit 22-7334 (Oct 30, 2015)

  • Refactored NST WUI navigation anchor elements.
  • Fixed the broken NST Maps Ruler Tool exposed by a new version of the Google Maps.

New in Network Security Toolkit 22-7248 (Oct 3, 2015)

  • Development of a new geolocation map presentation using technology from the WebGL Globe project. This allows for gelocated IPv4 Addresses to be rendered on a globe within your browser using WebGL. See the live demo on the NST Wiki site: NST WebGL (View Globe).
  • One can now populate the NST Networking Tools Widgets with results from many of the NST integrated applications. The Graphic below demonstrates populating IPv4 Addresses derived from a Network ARP Scanner session into the NST IPv4 Address Tools widget.
  • Each NST Networking Tools Widget has an associated Storage Manager for loading and saving IPv4, IPv6 and MAC Addresses as well as Host Names. An import / export feature is also availble for transferring these saved addresses and hosts between different NST systems.
  • A new Host Map Marker Cloning mapping tool feature is available. This allows one to take a snapshot of a host geolocation map and then perform additional analysis tasks with the cloned map and markers.
  • The NST Network Interface Bandwidth Monitor 2 has been updated to support the use of Secure WebSockets for reducing the load on the web browser and provide significantly higher query update rate performance.
  • The Promiscuous State of a network interface device can be manually controlled by the nstnetcfg script. A Promiscuous Service can be used to enable the Promiscuous mode on one or more network interface adapters during a system boot. This service is useful for an application like the NST Network Interface Bandwidth Monitor 2 that requires a network interface device to be put in Promiscuous mode for monitoring all network traffic on the device.
  • The professional version of ntopng is now bundled with the 64 bit version of NST. A separate license from ntop is required to activate its advanced features.
  • The NST Shell Console now supports ANSI color decode and custom color output results.
  • The NST WUI and associated NST integrated applications have been upgraded to support DNF, the new package manager used by Fedora. This is a replacement of the Yum package manager.
  • A new Javascript-based NST WUI Systemd widget has been developed to help manage NST system and network services throughout the WUI. This is a completely new rewrite of the retired Bash-based CGI implementation.
  • The NST WUI web service now runs as a separate instance of the HTTPD service on ports: "9980" (local HTTP) and "9943" (HTTPS). This allows one to run a typical web server on NST without the interference of the WUI on standard ports: "80" (HTTP) and "443" (HTTPS).
  • As always, the networking and security applications included have been updated to their latest version which can be found in the manifest.

New in Network Security Toolkit 20-6535 (Feb 10, 2015)

  • Development of the NST Mapping Tools which includes the following overlays and widgets (The Image below depicts some of the mapping tools.):
  • The display of a dynamic Latitude/Longitude grid overlay on the Google Maps.
  • A widget for displaying one or more Distance Measurement Tool Rulers. Units can be displayed in Km, Mi, NM, px, coordinates and round-trip times (msecs).
  • A Distance Measurement Tool Ruler Editor is provided for manual ruler endpoint positioning with precision vernier controls.
  • An NST Ruler Tool widget for map and web page distance and area measurements.
  • A Drawing Manager widget for creating basic geometric shape overlays and markers.
  • A Drawing Manager Editor widget for overlay characteristic management and displaying distance and area calculations.
  • A Vertex Editor for precise Polyline and Polygon overlay shape creation and placement.
  • A grid of shape overlay positioning controls for geolocation network entity placement.
  • A Drawing Overlay Storage Manager for saving and restoring overlays on each NST integrated geolocation map.
  • A Map Label Editor widget for the creation and management of labeling network entities on NST maps.
  • Creation of Marker Overlay Waypoints for inventorying network entity geolocations.
  • Integration of Google Place Search for correlation with geolocated network entities.
  • Ntopng geolocation integration with the Mercator Map and Google Earth.
  • nstnetcfg enhancements including Network Bonding Management (See the NST article on: "Managing a 'Bonding' Network Interface").
  • Creation of an Import/Export Management tool for saving and restoring NST specific configuration and settings between different NST systems. This tool can be advantageous when migrating to a new NST release.
  • As always, the networking and security applications included have been updated to their latest version which can be found in the manifest.

New in Network Security Toolkit 20-5663 (Feb 21, 2014)

  • Added a new drag zoom feature to the "NST Ntopng IPv4 Hosts" application. Ntopng is a network traffic probe used for high-speed web-based traffic analysis and flow collection. This drag zoom feature implements a traditional method for zooming in on a particular area of interest on Google Maps by positioning and sizing a zoom rectangle with the mouse. One can easily use this feature to zoom into an area of clustered Ntopng IPv4 Hosts for further investigation which is depicted in this Annotated Image.
  • Integration of the "Mate Desktop" and the "LightDM GTK Desktop" login screen greeter are now the preferred defaults for NST.
  • Added a new NST WUI page for the network utility script: "getipaddr".
  • Added a new "Network Interface Renaming" mode to the NST script: "nstnetcfg" that creates Predictable Network Interface Names which will survive each system reboot. This capability is beneficial to an NST system equipped with multiple Network Interface adapters.
  • Integration of "IPv4 Alias Address Management" into the NST script: "nstnetcfg" that allows for the creation and removal of IPv4 Alias Addresses.
  • A number of new articles on getting NST 20 up and running on a system have been written at the NST Wiki site:
  • Upgrade to NST 20
  • NST 20 Getting Started
  • NST 20 Hard Disk Installation
  • Copying ISO Images To USB
  • As always, the networking and security applications included have been updated to their latest version which can be found in the manifest.

New in Network Security Toolkit 18-5413 (Nov 19, 2013)

  • The next generation NST WUI Network Interface Bandwidth Monitor 2 application is available. It includes the following new features and enhancements:
  • Graph Zoom & Pan - Allows for different graph monitor views and fine-grain data rate measurements.
  • Selectable Sample Buffer Size - Allows for the generation of very long duration (i.e., days) monitoring graphs.
  • Data Rate Buffering - Allows for data rate capture while a monitor is paused.
  • Archive & Loading - Allows for historical review or data analysis from a monitor collected on a different NST system.
  • Monitor Snapshotting - Generate a Read-Only bandwidth monitoring graph clone for quick data rate measurements.
  • Trigger Event Graph Color - Create a Visual Alarm Display when a defined trigger event occurs.
  • Trigger Event Snapshot - Create a Monitor Snapshot each time a defined trigger event occurs.
  • Monitor Appearance - Customize the look of each monitoring graph.
  • An NST WUI Network Interface Bandwidth Monitor 2 screenshot is shown here monitoring Network Interface: "p1p1" with the Ruler Measurement Tool enabled.
  • Integrated the next generation ntop application: "ntopng" into the NST WUI. Ntopng is a network traffic probe used for high-speed web-based traffic analysis and flow collection.
  • A new NST WUI Geolocation Application: "Ntopng IPv4 Hosts" is available using host information derived from ntopng. This application includes the following features:
  • Periodically query the ntopng server for Host information and then try to Geolocate each Host on a Google Map.
  • Map marker management allows one to extend the Geolocation Lifetime of each Host Marker for a user specified time duration.
  • One can choose from a large collection of transparent Host Markers for the generation of "Geolocated Hosts Heat Maps".
  • Integration of the NST IPv4 Address Tools widget and the ntopng Web-Based GUI to perform additional Network Surveillance with each ntopng detected Host.
  • An IPv4 Host Simulator is available to generate Random World-Wide Host Geolocations.
  • An IPv4 Host Simulator Mode using the GeoIPgen tool with the MaxMind Country WhoIs Database is available to produce Country Level Geolocation Isolation.
  • Use the IPv4 Host Simulator to expose Networks and Hosts for Global Network Exploration with the vast collection of integrated NST tools.
  • An NST Ntopng IPv4 Hosts screenshot is shown here with integrated NST tools focusing on host: "lga15s28-in-f4.1e100.net".
  • Several new tools were added to the NST WUI that allow you to convert files to different formats. These tools can be found under the 'Tools | Convert' menu and include the following abilities:
  • Convert from PostScript to PDF
  • Download a URL and render a PDF
  • Convert ASCII source code files to colorized HTML
  • Convert image files from one type to another
  • A new tool was added to the NST WUI that allows you to easily browse the RPM packages installed on the system. To bring up the index of all RPM packages, select 'Tools | WUI Widgets | NST RPM Index' from the menu. If the RPM index was not recently generated it will take a few moments for the system to determine the list of installed RPM packages. Once the index is displayed, you can click on any entry to easily examine information about each installed package.
  • As always, the networking and security applications included have been updated to their latest version which can be found in the manifest.

New in Network Security Toolkit 18-4509 (Apr 15, 2013)

  • Created a more friendly and intuitive user experience when booting NST Live and performing a Hard Disk installation.
  • Added a new NST script: "nstipconf" which provides management to easily setup IPv4 Address and stealth network configurations in an NST system equipped with multiple network interface adapters for performing network surveillance tasks.
  • Many new NST WUI enhancements and refinements including:
  • The NST WUI network monitoring management pages (i.e., Nagios Core, Zabbix and Argus Monitor) have been refactored for ease of use, enhanced management and setup capability.
  • The "Snort" network Intrusion Detection System (IDS) page now uses Barnyard2 integration for Unified2 IDS event data storage to the MySQL database.
  • A new system SCSI storage device information page was added.
  • SSH access using the Google Chrome Secure Shell has now been integrated into the NST IPv4 Tools widget. This allows SSH access using the Google Chrome Browser on any OS platform without the need to install a native SSH client.
  • Many new NST Network Interface Bandwidth Monitor features including:
  • Added a Query Update Rate Monitor.
  • Significantly increased the query update rate performance.
  • Added the ability to create two Custom Bandwith Monitors. This will allow one to simultaneously display network bandwidth rate graphs from two different network interfaces. This can be quite useful for displaying bandwidth network traffic at full line rates when using a non-aggregational network TAP (See the example network diagram below.).
  • Each Bandwidth Monitor can now have its appearance customized using a NST Options Widget popup. One can adjust the background color and the color of each monitor graph. The opacity levels can also be adjusted on a per graph basis. These controls use to be global and applied to all monitors, but now they can be applied individually.
  • Now optionally collecting Bandwidth Monitor Data Rates when the monitor is hidden from view.
  • Added clearer Threshold Pause State Change information in each status area.
  • A Threshold Pause Session can now be automatically enabled upon page load.
  • The Bandwidth Monitor Background Color can change when a Threshold Pause Trigger Event occurs. This can be used in conjunction with the "Auto ReArm" option for a Visual Alarm Display when a Threshold Pause Trigger Event occurs.
  • You can now download or export Bandwidth Monitor Data Rates as a CSV formatted file which can then be used by most data analysis applications.
  • A new Threshold Pause Trigger Event Action has been added: The Bandwidth Monitor Data Rates can now be exported as a CSV formatted file to the NST system when a Threshold Pause Trigger Event occurs. A selection of Pause NICs and their associated data rate values can be included in the file.

New in Network Security Toolkit 2.16.0-4104 (Sep 5, 2012)

  • This release is based on Fedora 16 using Linux Kernel: "3.4.9-2.fc16". This is a interim release which includes all of the NST and Fedora 16 package updates since 2012-Feb-27 rolled into a fresh ISO image. If you are building your own NST yum repository or have a subscription to the NST PRO yum repository, you may not need this ISO image as you should be able to simply yum update you NST system(s).
  • Here are some of the highlights for this release:
  • The NST project team has worked with the CloudShark folks to facilitate uploading and viewing network packet captures generated by an NST system to either "CloudShark.org" or a "CloudShark Appliance". A new CloudShark Upload Manager tool was created and embedded within the NST WUI to accomplish this. See also the HowTo Use The NST CloudShark Upload Manager NST Wiki page: http://wiki.networksecuritytoolkit.org/nstwiki/index.php/HowTo_Use_The_NST_[..] for more information.
  • The NST WUI ARP Scan page, which utilizes the arp-scan utility, has been completed. This allows you to quickly scan and inventory each attached network segment throughout your network infrastructure and also perform additional security auditing on each discovered host. See the article: HowTo Use The NST WUI arp-scan page: http://wiki.networksecuritytoolkit.org/nstwiki/index.php/HowTo_Use_The_NST_[..] for additional information.
  • A separate NST WUI ARP Scan monitoring page was added. This web page is designed to periodically run the arp-scan command. Results are accumulated from each run allowing you to keep track of what systems enter and leave your network throughout the day.
  • Many new NST WUI enhancements and refinements including:
  • Most NST WUI pages have been enhanced to use an NST Shell Command Console for resultant output. This allows for extreme flexibility when using the results for analysis or reports. See the NST Shell Command Console Reference page: http://wiki.networksecuritytoolkit.org/nstwiki/index.php/HowTo_Use_The_NST_[..] for additional information.
  • New pop-up network tools widgets have been created for IPv4, IPv6, Host Names, and MAC addresses. NST WUI pages which display network addresses or host names will allow you to click on the network entity to bring up the appropriate tools widget. Once the widget is displayed, you can perform a variety of related actions using the network entity. Each widget has an integrated NST Shell Command Console for results. See the NST Network Tools Widgets Reference page: http://wiki.networksecuritytoolkit.org/nstwiki/index.php/HowTo_Use_The_NST_[..] for additional information.
  • Both the Single and Multi-Tap Network Packet Capture pages now support the new PCAP Next Generation Dump File Format.
  • The NST Network Interface Bandwidth Monitor Ruler Measurement Tool has been enhanced with Peak/Trough Detection and a Ruler Guide Movement Control feature. This feature helps during bandwidth rate analysis by making it easier to position the left and right ruler tool guides when performing data rate measurements. See the NST Bandwidth Monitor Reference Diagram page: http://wiki.networksecuritytoolkit.org/nstwiki/index.php/NST_Network_Interf[..] for more information.
  • As always, the networking and security applications included have been updated to their latest version which can be found in the manifest.

New in Network Security Toolkit 2.16.0 (Feb 28, 2012)

  • Major enhancements to the Network Interface Bandwidth Monitor application including a Threshold Pause feature with bandwidth rate state notifications.
  • Developed a new NST WUI ARP Scan AJAX application which utilizes the arp-scan network tool. One can quickly scan and inventory each attached network segment throughout your network infrastructure and also perform additional security auditing on each discovered host. See the NST Wiki page: "HowTo Use The NST WUI arp-scan Page To Quickly Locate Hosts" for further information.
  • Integrated the w3af (Web Application Attack and Audit Framework) into the NST distribution for searching and exploiting web application vulnerabilities.
  • Added the netsniff-ng high performance Linux network analyzer and networking toolkit. It is featured in the NST Wiki article: LAN Ethernet Maximum Rates, Generation, Capturing & Monitoring.
  • The NST WUI is now touch device friendly and now works well with the Apple iPad. See the NST Wiki article: HowTo Use A Touch Device (iPad) with NST.
  • Developed many new systemd service controls and improved NST boot management with GRUB2 integration.
  • Many new NST WUI enhancements and refinements including a new CPU usage monitor and DNS name resolver popup widget.
  • As always, the networking and security applications included have been updated to their latest version which can be found in the manifest.

New in Network Security Toolkit 2.11.0 (Sep 23, 2009)

  • The entire NST distribution is RPM based and an NST system can be maintained using reduntant RPM repositories.
  • NST is now extensible. Add new applications with YUM install.
  • "NST Live" allows for read/write rootfs file system access so that new applications can be installed even though it was booted from a DVD device.
  • "NST Live" can be installed to a USB device for creation of a "NST Live USB Disk". One can then boot the "NST Live USB Disk" from a system capable of booting from USB devices.
  • An "NST Live USB Disk" may contain data persistence allowing session information to be maintained across system reboots and/or system moves.
  • For systems that lack a DVD device or can not boot from USB devices, the following solution was created for installation of NST to the system hard disk. The "NST Live" distribution is too big to fit on a CD. An "NST Minimal" ISO is provided and was designed to fit on CD media. One can boot the "NST Minimal" ISO, perform a hard disk installation using the NST script: "nstliveinst" and then YUM install the "nst-live" RPM package to completely build out the full NST distribution.
  • A new NST script: "nsttraceroute" has been created that Geocodes output from the traceroute utility in KML format for rendering with Google Earth.
  • Added 2 network content capture applications: "driftnet" and "tcpxtract". Driftnet is used to capture and display graphic images (i.e., GIF, JPEG and PNG). TCPxTract is used to capture complete documents including PDF or Microsoft Word docs.
  • The Multi-Tap Network Packet Capture page has been enhanced with the integration of ngrep and dsniff.
  • Many new applications have been added to this distribution release. Previous existing networking and security applications have been updated to their latest revision.

New in Network Security Toolkit 1.8.1 (Jan 9, 2009)

  • This release is based on Fedora 8 using the Linux Kernel 2.6.26.8. Here are some of the highlights for this release: enhanced the management of snort IDS systems via the NST WUI; the addition of the WebDAV Resources packages; major updates to Nmap and its related tools including better support in the NST WUI for managing Nmap results; added access terminal server functionality using minicom from the NST WUI; enhanced the monitoring of serial data streams using the NST WUI; support for saving and loading packet capture and display filters in the single and multi-tap network packet capture sections of the NST WUI....