The Mandossystem allowscomputers tohave encryptedroot filesystems and atthe same timebe capable ofremote orunattendedreboots. Thecomputers run asmall clientprogram in theinitial RAMdiskenvironmentwhich willcommunicatewith a serverover a network.All networkcommunicationis encryptedusing TLS. Theclients areidentified bythe serverusing a TLS keythat is uniqueto each client.The serversends theclients anencryptedpassword. Theencryptedpassword isdecrypted bythe c
Tomb is asystem to makestrongencryption easyfor everydayuse. A tomb islike a lockedfolder that canbe safelytransported andhidden in afilesystem. Itskeys can bekept separate;for example,you can keepthe tomb onyour computerand its key ona USB stick.Tomb is writtenin code that iseasy to reviewand linkssharedcomponents: itconsists of aZShell scriptand desktopintegrationapps; it usesstandard GNUtools and thecrypto API ofthe Linuxkernel(dm-crypt) viacryptsetup.
ALT is a set ofLinuxdistributionsbased onSisyphus, anAPT-enabled RPMpackagerepository thataims to achievefeaturecompleteness,usability, andsecurity in asensible andmanageablemixture.
pam_mapi is aPAM module forauthenticatingagainst aKopano orZarafa server.It is intendedto be used as abridge betweenSASL daemonsproviding SMTPauthenticationand aKopano/Zafarauserinformationdatabase.
The OpenBSDrpki-client isa free,easy-to-useimplementationof the ResourcePublic KeyInfrastructure(RPKI) forRelying Parties(RP) tofacilitatevalidation ofthe RouteOrigin of a BGPannouncement.The programqueries theRPKI repositorysystem,downloads andvalidates RouteOriginAuthorisations(ROAs) andfinally outputsValidated ROAPayloads (VRPs)in theconfigurationformat ofOpenBGPD, BIRD,and also as CSVor JSON objectsfor consumptionby otherrouting stacks.
Samhain is afile integrity / intrusion detection system that canbe used onsingle hosts aswell as onnetworks. Itbeen designedto monitormultiple hostswithpotentiallydifferentoperatingsystems,providingcentralizedlogging andbaselinedatabasestorage,although it canalso be used asstandaloneapplication ona single host.
Mimeguardallows theconfigurationof policyregardingfiletypesallowed inemail. It canunpackmultipartemails andexamine MSOffice filesfor macros,HTML, PDF andRTF files forillegal stringsand 'lookinto' .zipfiles to seewhat filetypesare withinthem. It uses asystem ofallowed/notallowedfiletypes thatare defined ina config file.It'sintended to beused within ascript orsystem-ed froma parentprocess andreturns andexit code thatindicates if afile/mail isconsidered safe
MOSP is aplatform tocreate, editand share JSONobjects. Thegoal of thisplatform is togather securityrelated JSONschemas andobjects. Youcan use anyavailableschemas inorder to createshareable JSONobjects. Italso possibleto keep anobject privateeven if ourgoal is topromote thesharing ofinformation. Integrationwiththird-partyapplications ispossible thanksto an API.
Due to thestructure ofpass, file- anddirectory namesare notencrypted inthe passwordstore.pass-tombprovides aconvenientsolution to putyour passwordstore in a tomband then keepyour passwordtree encryptedwhen you arenot using it. It uses thesame GPG key toencryptpasswords andtomb, thereforeyou don'tneed to managemore key orsecret.Moreover, youcan askpass-tomb toautomaticallyclose yourstore after agiven time.
A command-lineclient for thehaveibeenpwned.comAPI. RequireslibUseful andlibUseful-lua.Can listbreaches,breaches for aspecificaccount, andnumber of timea password hasoccured inbreached data.
An open sourcesoftwarerelease and CVEtracking.Additionallyincludes:vulnerabilitytracking (CVE),ATOM feeds forprojectreleases,repositorystatistics,project managercontacts.
I2Pd is alightweight C++implementationof a I2Pprivacy networklayer router.It providespseudonymityfor all routedapplicationprotocols, canbe used for webbrowsing, IRCconnections,and filetransfers.
BrowserNotebookdisplays,encrypts andstores noteslocally in theWeb browser.Unlike similarprograms, thetexts arestored nowhereelse than inyour browserand always inencrypted form.The plaintextis kept inmemory only. You can eitheruse the onlineversion withoutanyregistration orinstallation,or you candownload theoffline versionand use itwithoutInternetaccess.
Afick is a fastand portableintrusiondetection andintegritymonitoringsystem,designed towork on allplatforms (itonly needs Perland a fewstandardmodules),includingWindows, Linux,Unix. Theconfigurationsyntax is veryclose fromtripwire/aide.
Hashrat is acommand-lineutility thathashes thingsusing md5,sha1/256/512,whirlpool andjh hashalgorithms.It'swritten in Cwith fewdependancies(basically justthe standard Clibrary). Itcan read inputfrom standardin and hash it,either as acomplete file,orline-by-line. It canrecursivelyhash files ondisk, eitheroutputinghashes tostdout, orstoring them infilesystemattributes, orin a memcachedserver. It cancheck filesagainst a listof hashessupplied onstdin, or in t
GnuPG (the GNUPrivacy Guardor GPG) isGNU's toolfor securecommunicationand datastorage. It canbe used toencrypt dataand to createdigitalsignatures. Itincludes anadvanced keymanagementfacility and iscompliant withthe proposedOpenPGPInternetstandard asdescribed inRFC2440. Assuch, it ismeant to becompatible withPGP from NAI,Inc. Because itdoes not useany patentedalgorithms, itcan be usedwithout anyrestrictions.
Secrets can beused to split asecret textinto shares tobe distributedto friends.When allfriends agree,the shares canbe combined toretrieve theoriginal secrettext, forinstance togive consensualaccess to alost pin, apassword, alist ofpasswords, aprivatedocument or akey to anencryptedvolume. Secretsharing can beuseful in manydifferentsituations andthis tool is asimple and welldocumented freeand open sourceimplementationavailable foranyone to usefrom thiswebsite,
x509viewer is asimple commandlineapplication,written inPerl, that canbe used todecode one ormultiple X.509certificatesper given file,such as e.g.SSLcertificates,CSRs(certificatesigningrequests), butalso privatekeys.
x509watch is asimple commandlineapplicationthat can beused to listsoon expiringor alreadyexpired X.509certificates,such as SSLcertificates.Allcertificatesare searched bydefault in thestandard PKIdirectory, butany otherdirectory canbe specified asa parameter.Only Base64encoded DER andPEM X.509certificatesare supported.
pam_honeycreds.sois a pam modulethat watchesfor particularpasswords beingused in loginattempts.Simply watchingfor'wrong'passwords cangenerate a lotof noise, dueto peoplemistyping theirpasswords. Withpam_honeycredsan admin canleave fakepassword listsaround on theirnetwork, andthen get analert if any ofthose passwordsare ever used.It can also beused to monitorforbruteforcersusing the toppasswords, orfor internalpasswords beingused bybruteforcersagainstinternet-
Fort integratesitself into theWindows fileexplorer. Thisallows you toeasily encrypt(and decrypt)files via theExplorercontext menuand to protectthem with apassword. Allfile types aresupported. Fortcan be alsoused to encryptfiles inOnedrive,Dropbox andother similarservices. Forttakes securityseriously anduses AES with256bit keys. Ondecryption Fortchecks that thedata is nottampered in anyway and informsif datatampering isdetected. Foreach file, Fortgenerates a ra
sup is a verysmall andsecure Capplication. itis designed torun as root(with suid biton) tofacilitate theprivilegeescalation ofusers toexecute certainprograms assuperuser. allsettings in supare hard-codedat compiletime. sup isvery portableandself-contained,designed forproduction useas a staticbinary. sup isa sort ofhard-codedsudo: it is anideal companionfor artisansbuilding smallcontainers andembeddedsystems.
etherpoke is ascriptablenetwork sessionmonitor. etherpokedefines threeevents:SESSION_BEGIN,SESSION_END,SESSION_ERRORto which a hook(systemcommand) can beassigned. Theevent hook canbe any programinstalled inthe system. SESSION_BEGINis triggeredwhen the firstpacket matchingthe filter ruleis captured. SESSION_END istriggered whenthe time sincethe lastmatching packetwas capturedexceeds thesessiontimeout. SESSION_ERRORis triggeredwhen it is nolonger possibleto pro
A linux PAMmodule thatallows usingUSB flashdrivesasauthentcationtokens. Writtenmostly as alearningexercise, thecode has beencommented inthe hope ofproviding atemplate toothersinterested increating PAMmodules. It canbe used incombinationwith passwordauthenticationto preventlogin or'su'unless aparticularusb-key isplugged intothe system.
This is ascoring serverbuilt usingRuby on Railsby the MilitaryCyberProfessionalsAssociation(MCPA). It isfree to use andextend underthe MITlicense. Thegoal of thisproject is toprovide astandardgeneric scoringserver thatprovides aneasy way to addand modifyproblems andtrackstatistics of aCyber Capturethe Flag event.
sencrypt andsdecrypt areutilities forencrypting anddecrypting datawith the AES,DES, 3DES, andRC4 algorithms.It can readkeys from filesor ask for apassphrase anduse thattogether with asalt to derivea key using thePBKDF2 keyderivationfunction. sencrypt andsdecrypt areportable andcompatiblereimplementationsof the encryptand decryptutilities inSolaris/Illumos-basedoperatingsystems.
The RedMatrix(aka"red")is an opensource webappproviding acompletedecentralisedpublishing,sharing, andcommunicationssystem. Itcombinescommunications(privatemessaging, chatand socialnetworking),and mediamanagement(photos,events, files,web pages,shareable apps)with enoughfeatures tomake your headspin. Whatmakes theRedMatrixunique is whatwe call"magicauthentication"- which isbased on ourgroundbreakingwork indecentralisedidentityservices. Thisties all RedMa
The OpenSSLProject is acollaborativeeffort todevelop arobust,commercial-grade,fully featured,and Open Sourcetoolkitimplementingthe SecureSockets Layer(SSLv2/v3) andTransport LayerSecurity(TLSv1) as wellas afull-strengthgeneral-purposecryptographylibrary.
The WiKIDStrongAuthenticationSystem is ahighlyscalable,secure,self-hostedtwo-factorauthenticationsystem. It issimple toimplement andmaintain,allows users tobe validatedautomatically,requires nohardwaretokens, has asimple API forapplicationsupport (viaRuby, PHP,Java, COM,Python, etc.),supportsmultipledomains, andsupportsreplication. Italso supportsmutual/hostauthentication,wireless tokensonly domains,locked tokens(to your PC),anti-keystrokelogger keypadPIN
bWAPP is an"extremelybuggy wepapp"intended forresearching and discoveringcommon securityissues. Itdeliberatelycovers over 100 vulnerabilitiesranging fromSQL injection,to XSS, CGIexploits, SSL tampering,remote codeexecution, RFI,SSRF, CORS,bufferoverflows; and replicates manyhigh-profileexploits ofotherapplications(Drupal, Wordpress). It'simplemented inPHP, but ofcourse onlymeant to be run in a sandboxor with itsbee-box VMexposingfurther serverprocess vuln
Webfwlog is aWeb-basedfirewall logreporting andanalysis tool.It allows usersto designreports to useon loggedfirewall datain whateverconfigurationthey desire.Included aresample reportsas a startingpoint. Reportscan be sortedwith a singleclick, or"drilled-down"all the way tothe packetlevel, andsaved for lateruse. Supportedlog formats arenetfilter,ipfilter, ipfw,ipchains, Ciscorouters, Snort,and Windows XP.Netfiltersupportincludes ulogdMySQL orPostgreSQLdatabase