SMTarPit is a combined SMTP honeypot and tarpit released under the GPL. It is written in Perl so it should work on virtually any platform that supports Perl (except Windows). It uses xinetd which looks at port 25 and when someone calls it, smtarpit is launched and then it chroots itself.
SoftHSM is an implementation of a cryptographic store accessible through a PKCS#11 interface.
sonar aims to provide automatic tools which network administrators may use to help check and test the security of their network.
squidefender is a Perl script which parses a squid log file in native format for attacks. If it finds an attack is sends a complaint email to the ISP of the attacker.
Squidwall is a fast, small, and secure squid redirector. It is written with security in mind. It enables the administrator to build an easy to use Web interface for controlling user-, host-, or IP-based access to squid. It also does pass-through antivirus scanning with clamav.
SSHatter uses a brute force technique to determine the how to log into an SSH server. It simply tries each combination in a list of usernames and passwords to determine which ones successfully log in.
sshdfilter blocks the frequent brute force attacks on ssh daemons, it does this by directly reading the sshd logging output and generating iptables rules, the process can be quick enough to block an attack before they get a chance to enter any password at all.
sshguard protects hosts from the plague of brute force attacks against ssh. Unlike many similar tools written in interpreted languages, it's independent, fast, and lightweight because it's completely written in C. Among the rest, it supports IPv6 and flexible whitelisting.
sslexpire provides remote check for ssl certificate expiration date. It connects to hosts:port, retrieves the expiration date and show you if it's going to expire. It can retrieve multiple host:ports from a config file to do mass daily checks.
SSLsplit is a tool that performs man-in-the-middle attacks against SSL/TLS encrypted network connections for network forensics and penetration testing.
ssss is an implementation of Shamir's secret sharing scheme for UNIX systems.
sydbox is a ptrace-based sandbox implementation. It intercepts system calls, checks for allowed filesystem prefixes, and denies them when checks fail.
Synspam uses Netfilter queue to catch the source IP address of any machine connecting to your mail server, running multiple tests against it (RBL check, regexp on the reverse name, etc.) before forwarding the connection to the MTA.
System for Internet-Level Knowledge
SiLK (System for Internet-Level Knowledge) is a collection of traffic analysis tools developed by the CERT Network Situational Awareness Team (CERT NetSA) to facilitate security analysis of large networks. The SiLK tool suite supports the efficient collection, storage and analysis of network flow data, enabling network security analysts to rapidly query large historical traffic data sets. SiLK is ideally suited for analyzing traffic on the backbone or border of a large, distributed enterprise or mid-sized ISP.
Systrace enforces system call policies for applications by constraining the application's access to the system. The policy is generated interactively. Operations not covered by the policy raise an alarm, allowing the user to refine the currently configured policy. After a policy has been sufficiently constructed, further alarms often indicate security problems. Policies can also be generated automatically for sandboxing purposes.
TACACS+ plugin for pppd
This "plugin" add to pppd authentication, authorization and accounting.
TFTPgrab is a TFTP (Trivial File Transfer Protocol) stream extractor that reads from tcpdump/libpcap capture files. It attempts to reconstruct data that has been transferred via TFTP, and may be useful in some network forensics situations.
The Autopsy Forensic Browser
The Autopsy Forensic Browser is a graphical interface to the command line digital investigation tools in The Sleuth Kit. The two together enable users to investigate volumes and file systems including NTFS, FAT, UFS1/2, and Ext2/3 in a 'File Manager' style interface and perform key word searches. Read more
ThePacketMaster Linux Security Server
ThePacketMaster Linux Security Server is a CD- based security auditing tool that boots and runs penetration testing and forensic analysis tools.
Tor is a toolset for a wide range of organizations and people that want to improve their safety and security on the Internet. Using Tor can help you anonymize web browsing and publishing, instant messaging, IRC, SSH, and more. Tor also provides a platform on which software developers can build new applications with built-in anonymity, safety, and privacy features.
trapdoor2 allows remote users to execute local commands by sending 'magic cookies'. this can e.g. be used to alter local firewalling rules so people can connect to local services after sending the magick cookie.
triggers is a lightweight, asynchronous notification mechanism to set off events in and across systems.
txtorcon is a Twisted-based asynchronous Tor control protocol implementation. Twisted is an event-driven networking engine written in Python and Tor is an onion-routing network designed to improve people's privacy and anonymity on the Internet.
uevalrun is a self-contained computation sandbox, using User-mode Linux for both compilation and execution of the program to be sandboxed.
Unhide is a forensic tool to find hidden processes and TCP/UDP ports by rootkits / LKMs or by another hidden technique.
UrlCrazy is for the study of domain name typos and URL hijacking. It can detect typo domain squatters and help protect your domain security by identifying domain names to preemptively register.
userv is a Unix system facility to allow one program to invoke another when only limited trust exists between them.
uuturn allows you to detect someone remotely logging in to one of your boxen and then going on to another, without even logging into the box, by only analyzing the packets on the network.
webNIS is a simple authentication mechanism. It provides a server, or inetd service which simply takes in a login and a password, and responds with the user's real name (as listed in the gecos records) or nothing in case of failure.
Wellenreiter is a GTK/Perl program that makes the discovery, penetration and auditing of 802.11b wireless networks as easy as possible. All three major wireless cards (Prism2, Lucent, and Cisco) are supported. Usability is one of the main goals.
Weplab is a tool to review the security of WEP encryption in wireless networks from an educational point of view. Several attacks are available so it can be measured the effectiveness and minimum requirements of each one.
WiKID Strong Authentication System
The WiKID Strong Authentication System is a highly scalable, secure two-factor authentication system consisting of a server, a token client, and network clients that connect a service such as a VPN or Web page to the WiKID server to validate one-time passcodes. The user enters their PIN into the token client, where it is encrypted and sent to the server. If the PIN is correct, the encryption valid, and account active, the one-time passcode is generated, encrypted, and returned to the user. It is simple to implement and maintain, allows users to be validated automatically, requires no hardware tokens, has a simple API for application support via a COM object and Java component, supports multiple domains, and supports replication for fault tolerance and scalability.
WormWarner is a tool designed to warn hosts that are probably infected by worms. his is done by scanning the Apache log files and sending email to the host or the ISP when an worm or attack is detected. Wormwarner has a simple pattern database which makes it easy to add new worm patterns as they appear.
x509watch is a simple command line application that can be used to list soon expiring or already expired X.509 certificates, such as SSL certificates.
Yersinia is a network tool designed to take advantage of some weakness in different network protocols. It pretends to be a solid framework for analyzing and testing the deployed networks and systems. Read more