ip-masq-log is a patch that can be used on a masquerading firewall (NAT) to keep a log of all the outgoing masqueraded TCP connections.
IP Stack Integrity Checker tests the stability of an IP Stack and its component stacks (TCP, UDP, ICMP et. al.) It does this by generating random packets of the desired protocol.
John the Ripper
John the Ripper is a password cracker, currently available for UNIX, DOS, WinNT/Win95. Its primary purpose is to detect weak UNIX passwords.
Johnny is a graphical user interface for John the Ripper. It was proposed by Shinnok.
Kippo is a medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker.
KIside is a message digest computing and displaying tool. It computes and shows the hash code of any file as a string of hexadecimal numbers. KIside implements standard algorithms such as MD4, MD5, SHA1, SHA256, SHA384, SHA512, TIGER, RIPEMD160.
lightbar is a login enhancement for FreeBSD and Linux. It adds features from BSD4.4 SunOS(solaris) and HP-UX into a Linux, FreeBSD portable and simple login program.
Linux Unified Key Setup easy-to-use-drive-encryptor (Luksus) is a script that makes it quick and easy to create encrypted volumes such as hard drives, USB sticks, and SD cards on on Linux .
Malheur is a tool for automatic analysis of program behavior recorded from malicious software (malware). It has been designed to support the regular analysis of malicious software and the development of detection and defense measures.
MAPDAV (More Accurate Password Dictionary Attack Vector) is designed to use what is known about users via the /etc/passwd file on Unix/Linux systems to generate a dynamic dictionary of more accurate guesses as to what their possible password may be.
MASTIFF is a static analysis framework that automates the process of extracting key characteristics from a number of different file formats. To ensure the framework remains flexible and extensible, a community-driven set of plug-ins is used to perform file analysis and data extraction. While originally designed to support malware, intrusion, and forensic analysis, the framework is well-suited to support a broader range of analytic needs.
Mobius Forensic Toolkit
Mobius Forensic Toolkit is a set of forensic tools written in Python/GTK. It is application-centered instead of being file-centered, which means it gathers information throughout evidence disks and directories and shows it in an integrated way.
The Monkeysphere enables you to use the OpenPGP web of trust to verify ssh connections. SSH key-based authentication is tried-and-true, but it lacks a true public key infrastructure for key certification, revocation, and expiration. Monkeysphere is a framework that uses the OpenPGP web of trust for these PKI functions. It can be used in both directions: for users to get validated host keys, and for hosts to authenticate users.
The Network Obfuscation and Virtualized Anti-Reconnaissance (Nova) system is an open-source software tool developed to detect network based reconnaissance efforts, to deny the attacker access to real network data while providing false information regarding the number and types of systems connected to the network.
Nstreams analyzes the streams that occur on a network. It displays which streams are generated by the users between several networks, and between the networks and the outside. It can optionally generate the ipchains or ipfw rules that will match these streams, thus only allowing what is required for the users, and nothing more.
The OATH Toolkit attempts to collect several tools that are useful when deploying technologies related to Open AuTHentication (OATH), such as the event-based HOTP and time-based TOTP one-time passwords. It is a fork of the earlier HOTP Toolkit.
Open Computer Forensics Architecture
The Open Computer Forensics Architecture (OCFA) is a modular computer forensics framework to automate the digital forensic process, to speed up the investigation and give tactical investigators direct access to the seized data through an easy to use search and browse interface. The architecture forms an environment where existing forensic tools and libraries can be easily plugged into the architecture and can thus be made part of the recursive extraction of data and metadata from digital evidence. It aims to be highly modular, robust, fault tolerant, recursive, and scalable in order to be usable in large investigations that spawn numerous terabytes of evidence data and cover hundreds of evidence items.
OpenSCAP is a set of open source libraries providing an easier path for integration of the SCAP line of standards.
OpenSSH-2.3.0p1 SecurID patch
OpenSSH-2.3.0p1 SecurID patch is an integrated SecurID authentication support for OpenSSH
OpenSSL-based signcode utility
OpenSSL-based signcode utility is used for Authenticode signing of EXE/CAB files. It also supports timestamping.
Ossim stands for Open Source Security Information Management. Its goal is to provide a comprehensive compilation of tools which, when working together, grant a network/security administrator with detailed view over each and every aspect of his networks/hosts/physical access devices/server/etc.
(commercial) P-Synch is a password management software toolkit that can: synchronize user passwords across all systems and platforms; enforce enterprise-wide password strength policies; allow help desk staff to reset passwords on every system, with no special administrative rights; allow authenticated users to reset their own forgotten passwords.
(commercial) PacketDam is a software solution against Denial-of-service attacks.
PAIP is a universal filter application. It uses plugins to transmit and convert data. They can be nested, so the inner structures can become quite complex.
The pam_ccreds module provides the means for Linux workstations to locally authenticate using an enterprise identity when the network is unavailable. Used in conjunction with the nss_updatedb utility, it provides a mechanism for disconnected use of network directories.
Panoptis plans to create a network security tool (N-IDS) to detect and block DoS and DDoS attacks.
Parano is a GNOME program to create, edit and verify hashfiles. For now MD5 and SFV formats are supported.
PGSSAPI lets you selectively plug external GSSAPI security libraries into applications without having to recompile the application each time.
portreserve aims to help services with well-known ports that lie in the bindresvport() range. It prevents portmap (or other programs using bindresvport()) from occupying a real service's port by occupying it itself, until the real service tells it to release the port (generally in its init script).
pppit allows one to tunnel through a firewall which only allows proxy telnet, such as SWAN. It is a modified, special-purpose ppp daemon.
Privbind is a small tool that allows unprivileged programs to be run securely, while still allowing them to bind to privileged ports.
ProShield is a security program for Debian Linux. It helps insure your system is secure and up-to-date by checking many different aspects of your system.
ptSCP seeks to create an easy front-end to secure file transfers using scp and ssh. It remotely resembles a popular Windows FTP client.
pyCA tries to make it easier for people to set up and run a organizational certificate authority which fulfills the need for a fairly secure certification processing.
raddump interprets captured RADIUS packets to print a timestamp, packet length, RADIUS packet type, source and destination hosts and ports, and included attribute names and values for each packet.
rdd is a forensic copy program developed at and used by the Netherlands Forensic Institute (NFI). Read more
The rsbac-init tool is part of the Adamantix RSBAC support tools, which make RSBAC easier to administrate. It is automatically started at system bootup and sets RSBAC kernel options through the RSBAC /proc interface. RSBAC is a Linux kernel patch providing advanced security functionality.
rwsecure parses the /var/log/secure file for invalid usernames or failed passwords to help protect against brute force and similar attacks. If there are more than three invalid or failed attempts by one IP, it will add that IP to your /etc/hosts.deny file.
SafeRelay is a certificate authority center, based on OpenSSL, for network administrators who want to deploy certificates on a LAN (local area network). SafeRelay is written in CURSEL.
Slackware Administrators Security tool kit is a set of tools and utilities to install and maintain a reasonable level of security for the Slackware Linux distribution.
Secure Network Forwarding Tunnel
SNFT is a small program that creates a double encrypted (tunnel in a tunnel, using 2 different SSH supported encryption algorithms) SSH tunnel, as well as automatically forwarding commonly used ports to your local computer through the second tunnel.
SEFlow uses the SELinux technology to provide security centered on individual data objects in a running system instead of focusing on static system facilities. Thus it is suitable to prevent accidental linking of code under open source licenses with proprietary code, making a tainting mechanism similar to the one used in the Linux kernel possible in userspace.
sha_digest is an implementation of the secure hash algorithms SHA-1, SHA-224, SHA-256, SHA 384, and SHA-512 as described in the FIPS 180-3 standard.
Shark Cypher (Volume Gamma) is a strong cypher with unique recursive algorithm of bitwise gamma with great avalanche and diffusion.
Shishi is a free implementation of the Kerberos 5 network security system. Goals are full standards compliance, thread safe library and internationalization.
sigs provides secure digital signatures with verification at secret-key speeds. 2048-bit verification on a Pentium-100 takes under 150 microseconds.
single-honeypot simulates many services like SMTP, HTTP, POP-3, shell, and FTP.
skipfish is a high-performance, easy, and sophisticated Web application security testing tool.
Slurchin is a Web interface to a Quickcam for Notebooks Deluxe connected to a NSLU2 running Linux. (It might work for other webcams, hardware, and OSes, but it hasn't been tested.) The application allows the user to take pictures and see them through the Web. It also allows the user to check if the necessary drivers to make the camera work are installed and loaded. It requires w3camd to be installed in the device.
SMTarPit is a combined SMTP honeypot and tarpit released under the GPL. It is written in Perl so it should work on virtually any platform that supports Perl (except Windows). It uses xinetd which looks at port 25 and when someone calls it, smtarpit is launched and then it chroots itself.
Prev 50 Next 50