Access Road will help to model and to learn about the access rights in complex information systems, by the mean of user-friendly and powerful diagrams. It is a software in Java with a GPL license.
protects your privacy while you are connected and makes you not trackable, hiding your identity (ip) and crypting everything you are sending/receiving from others. Supports torrent downloads & auto-resume
Armitage is a graphical cyber attack management tool for Metasploit that visualizes your targets, recommends exploits, and exposes the advanced capabilities of the framework.
AuthenticRoast allows you to build highly flexible authentication mechanisms for the Java Web tier. This can be anything from HTTP Basic authentication to authenticating with openid, facebook, or your company's Kerberos setup. The authentication modules can be combined at will and even changed at runtime.
BlackHole is an data de-duplicating network block device that also supports mirroring, snapshots, and support for multiple LUNs using the same data store.
a tool to facilitate automated attacks against web-enabled applications. It is not a point-and-click tool: using burp intruder effectively requires a detailed knowledge of the target application, and an understanding of the HTTP protocol
Burp suite is an integrated platform for attacking web applications. It contains all of the burp tools (proxy, spider, intruder and repeater) with numerous interfaces between them designed to facilitate and speed up the process of attacking a web application. All plugins share the same robust framework for handling HTTP requests, authentication, downstream proxies, logging, alerting and extensibility.
a cleanroom implementation of Sun's Java Cryptography Extensions (JCE) version 1.1. In addition to that it contains the Cryptix Provider which delivers a wide range of algorithms and support for PGP 2.x. Cryptix 3 runs on both JDK 1.1 and JDK 1.2 (Java 2)
Digital Invisible Ink Toolkit
This project provides a simple Java-based steganography tool that can hide a message inside a 24-bit colour image so that knowing how it was embedded, or performing statistical analysis, does not make it any easier to find the concealed information.
Fast DES is a highly optimized, highly configurable implementation of the Data Encryption Standard (DES).
Fast MD5 Implementation in Java
a heavily optimized implementation of the MD5 hashing algorithm written in Java. It includes an optional native method for even greater speed improvements
FlexiCA is a certification authority tool. It is implemented using Java and the Eclipse Rich Client Platform. FlexiCA is extensible and supports RSA, DSA, and Elliptic Curve cryptography out of the box. Other crypto-systems may be added easily, if ASN.1 structures for encoding are available. All cryptographic functions are provided by FlexiProvider.
FlexiCrypt is a universal cryptography toolkit for managing certificates and symmetric keys. It can perform many kinds of encryption, decryption, signing, and several related tasks.
Ganzua is a cryptanalysis tool for monoalphabetic and polyalphabetic ciphers that can work with almost any set of characters.
a java implementation of the cryptography algorithm "one time pad" which is extremely secure
jBCrypt is a Java implementation of OpenBSD's Blowfish password hashing code, as described in "A Future-Adaptable Password Scheme" by Niels Provos and David Mazières. This system hashes passwords using a version of Bruce Schneier's Blowfish block cipher, with modifications designed to raise the cost of off-line password cracking and frustrate fast hardware implementation.
JCSI Kerberos is a pure Java implementation of the Kerberos protocol. It allows developers to integrate Kerberos functionality for authentication and single sign-on with Microsoft's Active Directory and MIT Kerberos servers into their applications. JCSI Kerberos is now part of Vintela Single Sign-On for Java (VSJ).
jEnkryptor is a Java Swing based, multi-threaded cross-platform encryption application. It uses the WizCrypt engine.
jFileCrypt encrypts and decrypts files and directories very fast and very secure. It is written in Java 5 and uses the JCE, it supports the following algorithms: Blowfish, DES, 3DES, AES and RC4.
JMap Port Scanner
JMap is a Java network port scanner, a security tool to identify open ports on any host or network subnet. It features the ability to scan every host in a given network segment for a range of ports or a specific service. Both TCP and UDP are supported.
JMd5Sum is a GUI MD5/SHA digest generator. It allows you to calculate an MD5 sum or SHA1 sum for any file to ensure that your download has worked correctly.
JMiddleMan will be an application vulnerability tool based on EXProxy HTTP/HTTPS proxy server library and on an expert system. It can be use in a passive way in order to preserve the targeted server. It aims to help security experts to detect security vulnerabilities
jPortScanner is a Java port scan utility.
JSummer is a tool to compute and check MD5, SHA-160, and SHA-256 message digest. There are console and GUI (SWT) versions. It features calculation of MD5, SHA160, and SHA256 message digest, recursion of directories, and checking of MD5, SHA160, and SHA256 message digest.
JWepGen is a simple interface to generate WEP keys that work with the standard WEP generators used by many wireless access point manufacturers.
creates an MD5 database of all files in a directory structure, and then allows you to easily recheck the contents of the directory and notify you if any files has changed
Network Access Control System
provides you a comfortable and secure way, to provide untrusted computers access to your TCP/IP-based (v4) LAN/WAN. The system guarantees that only registered users are able to use network-resources
on your LAN/WAN-infrastructure
NoNox watches log files for events such as "failed password". When such a pattern is seen several times within a specified time period (for example, 4 failed login attempts within 10 minutes) from the same source, NoNox can execute a command to mitigate the behavior, notify someone, or make a record of the event (or all these things). The supplied configuration file shows how to detect repeated failed logins and (if iptables is installed and running) how to add a new rule that instantly blocks a malicious host that's trying to break in.
PGPSigner helps you to manage, sign, and send out PGP keys after a PGP/GPG key signing event. This application uses strong cryptography.
RvSnoop is a Swing based GUI that provides developers and operations support personnel with a sophisticated, feature-rich, interface for tracing TIBCO Rendezvous" messages.
a Java Servlet Filter that mimics container managed security. It looks just like container managed security to your app, as you can call request.getRemoteUser(), equest.isUserInRole(), and request.getUserPrincipal() and get valid responses
Security Officers Best Friend (SOBF Tool)
The SOBF Management Tool is a Security Management and Analysis tool designed to be placed right ontop the SOMAP.org Repository.
SigTranslator is a project able to translate IDS signatures e.g. from Snort rules to Dragon rules and vice versa, as well as the common signatures standard (CIDSS - Common Intrusion Detection Signatures Standard).
SSHVnc is a standalone Java VNC viewer that secures VNC access by integrating the popular TightVNC viewer with the SSHTools Java SSH API. It features a clean and easy to use interface, simplifying the complicated processes currently used to secure the VNC protocol through SSH port forwarding.
ThreadFix is a software vulnerability aggregation and management system that helps organizations aggregate vulnerability data, generate virtual patches, and interact with software defect tracking systems.
Transec is a Java taglib component that provides a secure PIN/TAN/password input via untrusted, insecure Web browsers. Only images and coodinates are transferred to the browser.
TruPax is a utility for applying the TrueCrypt encryption solution. It offers you a convenient way to transfer arbitrary numbers of files and directories into a new volume file. The size of the final container will be exactly that of the space needed.
WizCrypt is a cross-platform encryption tool. It requires no configuration, uses industry standard RC4 and MD5 encryption, and can be used in scripts for batch operation.
Zed Attack Proxy
The Zed Attack Proxy (ZAP) is a penetration test tool designed to be used to make Web applications more secure. While ZAP can detect some security issues automatically, it is primarily designed to help you find security vulnerabilities manually.
ZedLog is a robust cross-platform input logging tool (or key logger). It is based on a flexible data logging system which makes it easy to get the required data.