FWAuto v1.1 – Firewall Auditing & Ruleset Analyzer Tool

Outsmart Malicious Hackers


FWAuto (Firewall Rulebase Automation) is a Perl script and should work on any system with Perl installed. Provide the running config of a PIX firewall to fwauto. It will analyze and give you a list of weak rules in your rule base and store the result in multiple output files.

Maybe there have been times when you have pentested a firewall. As part of a grey box engagement you were assigned the task of auditing that HUGE firewall rulebase and were stuck on how to proceed, just because of the sheer volume of information. This tool in Perl is created to help in auditing a rulebase and helping you to narrow down on the weak rules. Current support is just for Cisco PIX though the framework was designed to scale across multiple firewalls and no major changes need to be made.

Updates

  • Outputs now available in reasonably neat HTML format
  • No more complex command line arguments, everything’s in a config file
  • More ports added in vulnerable ports section
  • Options available to obtain detailed/non detailed output

You can download fwauto v.1.1 here:

fwauto_v1.1.zip

Or read more here.

Posted in: Networking Hacking, Security Software

, , ,


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


3 Responses to FWAuto v1.1 – Firewall Auditing & Ruleset Analyzer Tool

  1. Changlinn July 20, 2008 at 11:03 pm #

    Now if only they could do checkpoint too, it is supposedly the most common firewall in enterprise.

  2. zupakomputer July 21, 2008 at 4:03 pm #

    Regarding firewalls – found two unrelated websites become unloadable when running a Firestarter config. Other sites were fine. But the interesting part being – the same IP B block showed up as loading alongside the various traffic on those two websites when the firewall was turned off. And it only shows up the first time you try to connect – cache emptying is needed (if the browser saves the pages)to get it to show up again….which made me think ‘DNS then’ – but, why only on pages that can’t get by the firewall?

    So of course I had to see who that was, and the router trace won’t go past 15 hops which just gets you the info you had already, that it belongs to a big B block of IPs (24.64.*.*) and only some vague ARIN info on the owner details of that and a bunch of other IP blocks.

    What does this smell like – both sites could certainly be having their visitors monitored given what kind of sites they were (hacking, and ecology / green), but it definitely sounds dodgy to me – the same unexact-traceable IP block shows up in both, and both can’t get past a standard firewall config – somones thar is doing some probing and they don’t want to be probed back themselves. I think that calls for some How Not To Be Seen treatment going their way.

    Two e-mail providers don’t get past the firewall either, which in some ways sounds ok because you’re logging in – but it’s the login screens that get blocked. And guess what IP block shows up on one of them.

    & it just showed up again right before my connection dialed off. Always different host numbers each time it shows up.

    And also since I began writing this – the firewall is now blocking all webpages, on the same setting that was fine for them before (see above) – and that IP block 24.64.*.* is showing up again.

    What does a high-speed Canadian internet company have to do with my firewall settings? It connects directly to my ISP with ICMP and UDP traffic.

  3. zupakomputer July 22, 2008 at 11:08 am #

    Look who popped up during a scan of the aforementioned B block – and they ‘just happen’ to have exactly the same services running on the same ports,

    http://centralops.net/co/DomainDossier.aspx?addr=218.10.111.106&dom_dns=true&dom_whois=true&net_whois=true&go=Submit