7/17/08

Firewall Auditing & Ruleset Analyzer Tool

FWAuto (Firewall Rulebase Automation) is a Perl script and should work on any system with Perl installed. Provide the running config of a PIX firewall to fwauto. It will analyze and give you a list of weak rules in your rule base and store the result in multiple output files.

Maybe there have been times when you have pentested a firewall. As part of a grey box engagement you were assigned the task of auditing that HUGE firewall rulebase and were stuck on how to proceed, just because of the sheer volume of information. This tool in Perl is created to help in auditing a rulebase and helping you to narrow down on the weak rules. Current support is just for Cisco PIX though the framework was designed to scale across multiple firewalls and no major changes need to be made.

Updates

  • Outputs now available in reasonably neat HTML format
  • No more complex command line arguments, everything’s in a config file
  • More ports added in vulnerable ports section
  • Options available to obtain detailed/non detailed output

You can download fwauto v.1.1 here:

fwauto_v1.1.zip

Or read more here.

How to Change JKS KeyStore Private Key Password

Use following keytool command to change the key store password >keytool  -storepasswd  -new [new password ]  -keystore  [path to key stor...