The Mandossystem allowscomputers tohave encryptedroot filesystems and atthe same timebe capable ofremote orunattendedreboots. Thecomputers run asmall clientprogram in theinitial RAMdiskenvironmentwhich willcommunicatewith a serverover a network.All networkcommunicationis encryptedusing TLS. Theclients areidentified bythe serverusing a TLS keythat is uniqueto each client.The serversends theclients anencryptedpassword. Theencryptedpassword isdecrypted bythe c
Tomb is asystem to makestrongencryption easyfor everydayuse. A tomb islike a lockedfolder that canbe safelytransported andhidden in afilesystem. Itskeys can bekept separate;for example,you can keepthe tomb onyour computerand its key ona USB stick.Tomb is writtenin code that iseasy to reviewand linkssharedcomponents: itconsists of aZShell scriptand desktopintegrationapps; it usesstandard GNUtools and thecrypto API ofthe Linuxkernel(dm-crypt) viacryptsetup.
ALT is a set ofLinuxdistributionsbased onSisyphus, anAPT-enabled RPMpackagerepository thataims to achievefeaturecompleteness,usability, andsecurity in asensible andmanageablemixture.
pam_mapi is aPAM module forauthenticatingagainst aKopano orZarafa server.It is intendedto be used as abridge betweenSASL daemonsproviding SMTPauthenticationand aKopano/Zafarauserinformationdatabase.
The OpenBSDrpki-client isa free,easy-to-useimplementationof the ResourcePublic KeyInfrastructure(RPKI) forRelying Parties(RP) tofacilitatevalidation ofthe RouteOrigin of a BGPannouncement.The programqueries theRPKI repositorysystem,downloads andvalidates RouteOriginAuthorisations(ROAs) andfinally outputsValidated ROAPayloads (VRPs)in theconfigurationformat ofOpenBGPD, BIRD,and also as CSVor JSON objectsfor consumptionby otherrouting stacks.
Samhain is afile integrity / intrusion detection system that canbe used onsingle hosts aswell as onnetworks. Itbeen designedto monitormultiple hostswithpotentiallydifferentoperatingsystems,providingcentralizedlogging andbaselinedatabasestorage,although it canalso be used asstandaloneapplication ona single host.
Mimeguardallows theconfigurationof policyregardingfiletypesallowed inemail. It canunpackmultipartemails andexamine MSOffice filesfor macros,HTML, PDF andRTF files forillegal stringsand 'lookinto' .zipfiles to seewhat filetypesare withinthem. It uses asystem ofallowed/notallowedfiletypes thatare defined ina config file.It'sintended to beused within ascript orsystem-ed froma parentprocess andreturns andexit code thatindicates if afile/mail isconsidered safe
MOSP is aplatform tocreate, editand share JSONobjects. Thegoal of thisplatform is togather securityrelated JSONschemas andobjects. Youcan use anyavailableschemas inorder to createshareable JSONobjects. Italso possibleto keep anobject privateeven if ourgoal is topromote thesharing ofinformation. Integrationwiththird-partyapplications ispossible thanksto an API.
Due to thestructure ofpass, file- anddirectory namesare notencrypted inthe passwordstore.pass-tombprovides aconvenientsolution to putyour passwordstore in a tomband then keepyour passwordtree encryptedwhen you arenot using it. It uses thesame GPG key toencryptpasswords andtomb, thereforeyou don'tneed to managemore key orsecret.Moreover, youcan askpass-tomb toautomaticallyclose yourstore after agiven time.
A command-lineclient for thehaveibeenpwned.comAPI. RequireslibUseful andlibUseful-lua.Can listbreaches,breaches for aspecificaccount, andnumber of timea password hasoccured inbreached data.
An open sourcesoftwarerelease and CVEtracking.Additionallyincludes:vulnerabilitytracking (CVE),ATOM feeds forprojectreleases,repositorystatistics,project managercontacts.
I2Pd is alightweight C++implementationof a I2Pprivacy networklayer router.It providespseudonymityfor all routedapplicationprotocols, canbe used for webbrowsing, IRCconnections,and filetransfers.
BrowserNotebookdisplays,encrypts andstores noteslocally in theWeb browser.Unlike similarprograms, thetexts arestored nowhereelse than inyour browserand always inencrypted form.The plaintextis kept inmemory only. You can eitheruse the onlineversion withoutanyregistration orinstallation,or you candownload theoffline versionand use itwithoutInternetaccess.
Afick is a fastand portableintrusiondetection andintegritymonitoringsystem,designed towork on allplatforms (itonly needs Perland a fewstandardmodules),includingWindows, Linux,Unix. Theconfigurationsyntax is veryclose fromtripwire/aide.
Hashrat is acommand-lineutility thathashes thingsusing md5,sha1/256/512,whirlpool andjh hashalgorithms.It'swritten in Cwith fewdependancies(basically justthe standard Clibrary). Itcan read inputfrom standardin and hash it,either as acomplete file,orline-by-line. It canrecursivelyhash files ondisk, eitheroutputinghashes tostdout, orstoring them infilesystemattributes, orin a memcachedserver. It cancheck filesagainst a listof hashessupplied onstdin, or in t
GnuPG (the GNUPrivacy Guardor GPG) isGNU's toolfor securecommunicationand datastorage. It canbe used toencrypt dataand to createdigitalsignatures. Itincludes anadvanced keymanagementfacility and iscompliant withthe proposedOpenPGPInternetstandard asdescribed inRFC2440. Assuch, it ismeant to becompatible withPGP from NAI,Inc. Because itdoes not useany patentedalgorithms, itcan be usedwithout anyrestrictions.
Secrets can beused to split asecret textinto shares tobe distributedto friends.When allfriends agree,the shares canbe combined toretrieve theoriginal secrettext, forinstance togive consensualaccess to alost pin, apassword, alist ofpasswords, aprivatedocument or akey to anencryptedvolume. Secretsharing can beuseful in manydifferentsituations andthis tool is asimple and welldocumented freeand open sourceimplementationavailable foranyone to usefrom thiswebsite,
x509viewer is asimple commandlineapplication,written inPerl, that canbe used todecode one ormultiple X.509certificatesper given file,such as e.g.SSLcertificates,CSRs(certificatesigningrequests), butalso privatekeys.
x509watch is asimple commandlineapplicationthat can beused to listsoon expiringor alreadyexpired X.509certificates,such as SSLcertificates.Allcertificatesare searched bydefault in thestandard PKIdirectory, butany otherdirectory canbe specified asa parameter.Only Base64encoded DER andPEM X.509certificatesare supported.
pam_honeycreds.sois a pam modulethat watchesfor particularpasswords beingused in loginattempts.Simply watchingfor'wrong'passwords cangenerate a lotof noise, dueto peoplemistyping theirpasswords. Withpam_honeycredsan admin canleave fakepassword listsaround on theirnetwork, andthen get analert if any ofthose passwordsare ever used.It can also beused to monitorforbruteforcersusing the toppasswords, orfor internalpasswords beingused bybruteforcersagainstinternet-
Fort integratesitself into theWindows fileexplorer. Thisallows you toeasily encrypt(and decrypt)files via theExplorercontext menuand to protectthem with apassword. Allfile types aresupported. Fortcan be alsoused to encryptfiles inOnedrive,Dropbox andother similarservices. Forttakes securityseriously anduses AES with256bit keys. Ondecryption Fortchecks that thedata is nottampered in anyway and informsif datatampering isdetected. Foreach file, Fortgenerates a ra
sup is a verysmall andsecure Capplication. itis designed torun as root(with suid biton) tofacilitate theprivilegeescalation ofusers toexecute certainprograms assuperuser. allsettings in supare hard-codedat compiletime. sup isvery portableandself-contained,designed forproduction useas a staticbinary. sup isa sort ofhard-codedsudo: it is anideal companionfor artisansbuilding smallcontainers andembeddedsystems.
etherpoke is ascriptablenetwork sessionmonitor. etherpokedefines threeevents:SESSION_BEGIN,SESSION_END,SESSION_ERRORto which a hook(systemcommand) can beassigned. Theevent hook canbe any programinstalled inthe system. SESSION_BEGINis triggeredwhen the firstpacket matchingthe filter ruleis captured. SESSION_END istriggered whenthe time sincethe lastmatching packetwas capturedexceeds thesessiontimeout. SESSION_ERRORis triggeredwhen it is nolonger possibleto pro
A linux PAMmodule thatallows usingUSB flashdrivesasauthentcationtokens. Writtenmostly as alearningexercise, thecode has beencommented inthe hope ofproviding atemplate toothersinterested increating PAMmodules. It canbe used incombinationwith passwordauthenticationto preventlogin or'su'unless aparticularusb-key isplugged intothe system.
This is ascoring serverbuilt usingRuby on Railsby the MilitaryCyberProfessionalsAssociation(MCPA). It isfree to use andextend underthe MITlicense. Thegoal of thisproject is toprovide astandardgeneric scoringserver thatprovides aneasy way to addand modifyproblems andtrackstatistics of aCyber Capturethe Flag event.
sencrypt andsdecrypt areutilities forencrypting anddecrypting datawith the AES,DES, 3DES, andRC4 algorithms.It can readkeys from filesor ask for apassphrase anduse thattogether with asalt to derivea key using thePBKDF2 keyderivationfunction. sencrypt andsdecrypt areportable andcompatiblereimplementationsof the encryptand decryptutilities inSolaris/Illumos-basedoperatingsystems.
The RedMatrix(aka"red")is an opensource webappproviding acompletedecentralisedpublishing,sharing, andcommunicationssystem. Itcombinescommunications(privatemessaging, chatand socialnetworking),and mediamanagement(photos,events, files,web pages,shareable apps)with enoughfeatures tomake your headspin. Whatmakes theRedMatrixunique is whatwe call"magicauthentication"- which isbased on ourgroundbreakingwork indecentralisedidentityservices. Thisties all RedMa
The OpenSSLProject is acollaborativeeffort todevelop arobust,commercial-grade,fully featured,and Open Sourcetoolkitimplementingthe SecureSockets Layer(SSLv2/v3) andTransport LayerSecurity(TLSv1) as wellas afull-strengthgeneral-purposecryptographylibrary.
The WiKIDStrongAuthenticationSystem is ahighlyscalable,secure,self-hostedtwo-factorauthenticationsystem. It issimple toimplement andmaintain,allows users tobe validatedautomatically,requires nohardwaretokens, has asimple API forapplicationsupport (viaRuby, PHP,Java, COM,Python, etc.),supportsmultipledomains, andsupportsreplication. Italso supportsmutual/hostauthentication,wireless tokensonly domains,locked tokens(to your PC),anti-keystrokelogger keypadPIN
bWAPP is an"extremelybuggy wepapp"intended forresearching and discoveringcommon securityissues. Itdeliberatelycovers over 100 vulnerabilitiesranging fromSQL injection,to XSS, CGIexploits, SSL tampering,remote codeexecution, RFI,SSRF, CORS,bufferoverflows; and replicates manyhigh-profileexploits ofotherapplications(Drupal, Wordpress). It'simplemented inPHP, but ofcourse onlymeant to be run in a sandboxor with itsbee-box VMexposingfurther serverprocess vuln
Webfwlog is aWeb-basedfirewall logreporting andanalysis tool.It allows usersto designreports to useon loggedfirewall datain whateverconfigurationthey desire.Included aresample reportsas a startingpoint. Reportscan be sortedwith a singleclick, or"drilled-down"all the way tothe packetlevel, andsaved for lateruse. Supportedlog formats arenetfilter,ipfilter, ipfw,ipchains, Ciscorouters, Snort,and Windows XP.Netfiltersupportincludes ulogdMySQL orPostgreSQLdatabase
OpenSSH is a BSD/Linux implementation of SSH1 and SSH2 for encrypted terminal connections, tunneling and file transfers. It includes the sshd server, scp and sftp, and various utility tools such as ssh-add, ssh-agent, ssh-keysign, ssh-keyscan, ssh-keygen, and the sftp-server.
MONARC - Method for an optimised analysis of risks
LibreSSL Portable is a free version of the SSL/TLS protocol forked from OpenSSL, and developed by the OpenBSD project. LibreSSL is developed as part of the OpenBSD system, with lots of ancient cruft and security woes already fixed. The portable version for other Unices is developed alongside.
The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using a TLS key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the c
This software aims to be a UNIX tool for generic secure usage when in need of privilege escalation. It is designed to run SUID, with "super-user powers" to execute things as root on the system it is installed. Main differences compared to sudo: - Easier audit thanks to literate development methodology - Fewer lines of code, fewer features, fewer dependencies - No configuration file, no parsers - Public domain licensing SUD is designed for security: it leverages all possible measures to avoid
OPNsense is an open source, easy-to-use and easy-to-build FreeBSD based firewall and routing platform. OPNsense includes most of the features available in expensive commercial firewalls, and more in many cases. It brings the rich feature set of commercial offerings with the benefits of open and verifiable sources. OPNsense started as a fork of pfSense® and m0n0wall in 2014, with its first official release in January 2015. The project has evolved very quickly while still retaining familiar aspe
Firejail is a security sandbox tool, which utilizes Linux 3.x namespaces to setup restricted environments for untrusted applications. It works for console and graphical applications, servers, or even login sessions; by assigning them and their subprocesses a private view of globally shared kernel resources. Firejail isolates mount points, adds chrooting, filesystem writability or overlays, sandbox filesystem sharing, networking stack and firewall isolation, constrains interprocess communication,
Tomb is a system to make strong encryption easy for everyday use. A tomb is like a locked folder that can be safely transported and hidden in a filesystem. Its keys can be kept separate; for example, you can keep the tomb on your computer and its key on a USB stick. Tomb is written in code that is easy to review and links shared components: it consists of a ZShell script and desktop integration apps; it uses standard GNU tools and the crypto API of the Linux kernel (dm-crypt) via cryptsetup.
ALT is a set of Linux distributions based on Sisyphus, an APT-enabled RPM package repository that aims to achieve feature completeness, usability, and security in a sensible and manageable mixture.
pam_mapi is a PAM module for authenticating against a Kopano or Zarafa server. It is intended to be used as a bridge between SASL daemons providing SMTP authentication and a Kopano/Zafara user information database.
The OpenBSD rpki-client is a free, easy-to-use implementation of the Resource Public Key Infrastructure (RPKI) for Relying Parties (RP) to facilitate validation of the Route Origin of a BGP announcement. The program queries the RPKI repository system, downloads and validates Route Origin Authorisations (ROAs) and finally outputs Validated ROA Payloads (VRPs) in the configuration format of OpenBGPD, BIRD, and also as CSV or JSON objects for consumption by other routing stacks.
pass import is a password store extension allowing you to import your password database to a password store repository conveniently. It natively supports import from 20 different password managers. More manager support can easily be added.
PacketFence is a network access control (NAC) manager. It includes numerous features, including user registration and sanitation, central wireless and cable-network control, BYOD (bring-your-own-device) configuration, 802.1X support, and layer-2 device isolation. PacketFence is useful for managing small to large networks and intranet-access points.
Samhain is a file integrity / intrusion detection system that can be used on single hosts as well as on networks. It been designed to monitor multiple hosts with potentially different operating systems, providing centralized logging and baseline database storage, although it can also be used as standalone application on a single host.
File Lock PEA encrypt files or folders, using authenticated encryption (EAX mode) to provide both confidentiality and the integrity and memory-hard key derivation functions to protect custom hardware attacks. Nextcloud, Owncloud and some cloud providers are supported. File Lock PEA is platform-independent, needs no installation but requires the Java Runtime Environment.
Mimeguard allows the configuration of policy regarding filetypes allowed in email. It can unpack multipart emails and examine MS Office files for macros, HTML, PDF and RTF files for illegal strings and 'look into' .zip files to see what filetypes are within them. It uses a system of allowed/not allowed filetypes that are defined in a config file. It's intended to be used within a script or system-ed from a parent process and returns and exit code that indicates if a file/mail is considered safe
Calendar Lock PEA displays password encrypted iCalendar compatible calendars in monthly, weekly and daily view with optional cloud connection. The calendars are always encrypted on the device or in the cloud. iCalendars from other applications can be imported.
Notebook PEA protects texts using authenticated encryption (EAX mode) for confidentiality, integrity, and authenticity of the text, using the new key derivation function Catena-Dragonfly. Notebook PEA works like a self-decrypting archive (SDA): the plaintext is never stored on disk, instead it is displayed in a simple text editor with some styling functionality, redo/undo and copy, cut, paste commands. Supports access to Nextcloud, Owncloud and other cloud providers that support the WebDAV proto
KeyBox is a web-based SSH console that centrally manages administrative access to systems. KeyBox combines key management and administration through profiles assigned to defined users.
MOSP is a platform to create, edit and share JSON objects. The goal of this platform is to gather security related JSON schemas and objects. You can use any available schemas in order to create shareable JSON objects. It also possible to keep an object private even if our goal is to promote the sharing of information. Integration with third-party applications is possible thanks to an API.
Python based milter for Sendmail and Postfix MTA servers to check incoming e-mails for Microsoft Office attachments. If a Microsoft Office document is attached to the e-mail, it will be scanned for suspicious VBA macro code. Files with malicious macros are, depending on configuration, either removed and replaced by harmless text files or alternatively the whole e-mail will be rejected.
pass update extends the pass utility with an update command providing an easy flow for updating passwords. It supports path, directory and wildcard update. Moreover, you can select how to update your passwords by automatically generating new passwords or manually setting your own.
Zenroom is a brand new, small and portable virtual machine for cryptographic operations. The Zenroom VM has no external dependencies, is smaller than 2MB, runs in even less memory and is ready for experimental use on many target platforms: desktop, embedded, mobile, cloud and browsers (webassembly). The goal of this project is that of improving people's awareness of how their data is processed by algorithms, as well facilitate the work of developers to create along privacy by design principles
psad is an intrusion detection system built around iptables log messages to detect, alert, and (optionally) block port scans and other suspect traffic. For TCP scans psad analyzes TCP flags to determine the scan type (syn, fin, xmas, etc.) and corresponding command line options that could be supplied to nmap to generate such a scan. In addition, psad makes use of many TCP, UDP, and ICMP signatures contained within the Snort intrusion detection system (see http://www.snort.org/) to detect suspi
A Phishing WIFI Rogue Captive Portal!
Due to the structure of pass, file- and directory names are not encrypted in the password store. pass-tomb provides a convenient solution to put your password store in a tomb and then keep your password tree encrypted when you are not using it. It uses the same GPG key to encrypt passwords and tomb, therefore you don't need to manage more key or secret. Moreover, you can ask pass-tomb to automatically close your store after a given time.
A command-line client for the haveibeenpwned.com API. Requires libUseful and libUseful-lua. Can list breaches, breaches for a specific account, and number of time a password has occured in breached data.
An open source software release and CVE tracking. Additionally includes: vulnerability tracking (CVE), ATOM feeds for project releases, repository statistics, project manager contacts.
MISP, Malware Information Sharing Platform and Threat Sharing, is an open source software solution for collecting, storing, distributing and sharing cyber security indicators and threat about cyber security incidents analysis and malware analysis. MISP is designed by and for incident analysts, security and ICT professionals or malware reverser to support their day-to-day operations to share structured informations efficiently.
I2Pd is a lightweight C++ implementation of a I2P privacy network layer router. It provides pseudonymity for all routed application protocols, can be used for web browsing, IRC connections, and file transfers.
Docker is an open platform for distributing software application in containers. It utilizes operating system-level virtualization for process and full resource isolation through cgroups, capabilities, SELinux, AppArmor, netfilter, and Linux kernel namespaces. Its libcontainer is based on libvirt and lxc. Docker Engine is the application and environment packaging tool. And Docker Hub is a cloud service for sharing prepackaged containers.
Browser Notebook displays, encrypts and stores notes locally in the Web browser. Unlike similar programs, the texts are stored nowhere else than in your browser and always in encrypted form. The plaintext is kept in memory only. You can either use the online version without any registration or installation, or you can download the offline version and use it without Internet access.
ClamAV is an anti-virus engine, which is commonly used for email and web scanning, or gateway and fileserver securing. It provides a command-line scanner, a sendmail milter, automatic signature database updates, built-in support for many archiving and container or mail encoding formats, scanning standard ELF and compressed executables, as well as common office document formats.
A lightweight implementation of the pinentry program used by gpg to ask for passwords. Can also replace ssh-askpass.
Afick is a fast and portable intrusion detection and integrity monitoring system, designed to work on all platforms (it only needs Perl and a few standard modules), including Windows, Linux, Unix. The configuration syntax is very close from tripwire/aide.
Hashrat is a command-line utility that hashes things using md5, sha1/256/512, whirlpool and jh hash algorithms. It's written in C with few dependancies (basically just the standard C library). It can read input from standard in and hash it, either as a complete file, or line-by-line. It can recursively hash files on disk, either outputing hashes to stdout, or storing them in filesystem attributes, or in a memcached server. It can check files against a list of hashes supplied on stdin, or in t
GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.
Secrets can be used to split a secret text into shares to be distributed to friends. When all friends agree, the shares can be combined to retrieve the original secret text, for instance to give consensual access to a lost pin, a password, a list of passwords, a private document or a key to an encrypted volume. Secret sharing can be useful in many different situations and this tool is a simple and well documented free and open source implementation available for anyone to use from this website,
x509viewer is a simple command line application, written in Perl, that can be used to decode one or multiple X.509 certificates per given file, such as e.g. SSL certificates, CSRs (certificate signing requests), but also private keys.
x509watch is a simple command line application that can be used to list soon expiring or already expired X.509 certificates, such as SSL certificates. All certificates are searched by default in the standard PKI directory, but any other directory can be specified as a parameter. Only Base64 encoded DER and PEM X.509 certificates are supported.
This software provides both a GO library implementing a Secret Sharing scheme and a command line tool which distributes and reconstructs your secret files.
hdparm - get/set ATA/SATA drive parameters under Linux
VeraCrypt is a full-disk encryption software derived from TrueCrypt. It revises some of the algorithm usage against brute-force attacks. For example system partitions use use larger rounds of PBKDF2 key stretching. The partition and container format is different to that of TrueCrypt however.
WASP Seraphimdroid is a privacy and security protection app for Android devices. It enables users to protect their devices against malicious software (viruses, trojans, worms, etc.), phishing SMS, MMS messages, execution of dangerous USSD codes, theft and loosing. Also, it enables user to protect their privacy and to control the usage of applications and services via various kinds of locks. OWASP Seraphimdroid has two aims: To protect user's privacy and secure the device against malicious feat
pam_honeycreds.so is a pam module that watches for particular passwords being used in login attempts. Simply watching for 'wrong' passwords can generate a lot of noise, due to people mistyping their passwords. With pam_honeycreds an admin can leave fake password lists around on their network, and then get an alert if any of those passwords are ever used. It can also be used to monitor for bruteforcers using the top passwords, or for internal passwords being used by bruteforcers against internet-
SSHGuard is an automated log watcher which quickly sets up firewall blocks for detected brute-force attacks. It supports not just SSH, but also sendmail, exim, dovecot, Cucipop, UWimap, vsftpd, proftpd, pure-ftpd and FreeBSD ftpd. It understands syslog/-ng, metalog, multilog and raw log formats. And works with netfilter/iptables, PF, ipfw, or just hosts.allow to set up firewalling rules.
Fort integrates itself into the Windows file explorer. This allows you to easily encrypt (and decrypt) files via the Explorer context menu and to protect them with a password. All file types are supported. Fort can be also used to encrypt files in Onedrive, Dropbox and other similar services. Fort takes security seriously and uses AES with 256bit keys. On decryption Fort checks that the data is not tampered in any way and informs if data tampering is detected. For each file, Fort generates a ra
DenyHost works to automatically block brute-force attacks against the secure shell service. It does this by scanning log files for failed login attempts and blocking remote hosts which have made too many failed connections.
sup is a very small and secure C application. it is designed to run as root (with suid bit on) to facilitate the privilege escalation of users to execute certain programs as superuser. all settings in sup are hard-coded at compile time. sup is very portable and self-contained, designed for production use as a static binary. sup is a sort of hard-coded sudo: it is an ideal companion for artisans building small containers and embedded systems.
etherpoke is a scriptable network session monitor. etherpoke defines three events: SESSION_BEGIN, SESSION_END, SESSION_ERROR to which a hook (system command) can be assigned. The event hook can be any program installed in the system. SESSION_BEGIN is triggered when the first packet matching the filter rule is captured. SESSION_END is triggered when the time since the last matching packet was captured exceeds the session timeout. SESSION_ERROR is triggered when it is no longer possible to pro
A linux PAM module that allows using USB flashdrives as authentcation tokens. Written mostly as a learning exercise, the code has been commented in the hope of providing a template to others interested in creating PAM modules. It can be used in combination with password authentication to prevent login or 'su' unless a particular usb-key is plugged into the system.
This is a scoring server built using Ruby on Rails by the Military Cyber Professionals Association (MCPA). It is free to use and extend under the MIT license. The goal of this project is to provide a standard generic scoring server that provides an easy way to add and modify problems and track statistics of a Cyber Capture the Flag event.
Delta Reporting is a central logging service for CFEngine. CFEngine promises and classes are stored in a central database and made available for advanced searches and reports via a modern Web interface and the command line.
htmLawed is a PHP script to process text with HTML markup to make it more compliant with HTML standards and administrative policies. It works by making HTML well-formed with balanced and properly nested tags, neutralizing code that may be used for cross-site scripting (XSS) attacks, allowing only specified HTML tags and attributes and URL protocols through black- or white-lists. It can also tidy/pretty-print HTML, make relative URLs absolute, check for spam, etc. It is small (single file of ~50
minimalist password safe with full-screen pager and password generation profiles
sencrypt and sdecrypt are utilities for encrypting and decrypting data with the AES, DES, 3DES, and RC4 algorithms. It can read keys from files or ask for a passphrase and use that together with a salt to derive a key using the PBKDF2 key derivation function. sencrypt and sdecrypt are portable and compatible reimplementations of the encrypt and decrypt utilities in Solaris/Illumos-based operating systems.
The RedMatrix (aka "red") is an open source webapp providing a complete decentralised publishing, sharing, and communications system. It combines communications (private messaging, chat and social networking), and media management (photos, events, files, web pages, shareable apps) with enough features to make your head spin. What makes the RedMatrix unique is what we call "magic authentication" - which is based on our groundbreaking work in decentralised identity services. This ties all RedMa
The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, fully featured, and Open Source toolkit implementing the Secure Sockets Layer (SSLv2/v3) and Transport Layer Security (TLSv1) as well as a full-strength general-purpose cryptography library.
The WiKID Strong Authentication System is a highly scalable, secure, self-hosted two-factor authentication system. It is simple to implement and maintain, allows users to be validated automatically, requires no hardware tokens, has a simple API for application support (via Ruby, PHP, Java, COM, Python, etc.), supports multiple domains, and supports replication. It also supports mutual/host authentication, wireless tokens only domains, locked tokens (to your PC), anti-keystroke logger keypad PIN
A Netfilter firewall tool written in bash scripting, designed to be easy to use but yet flexible and powerful.
bWAPP is an "extremely buggy wep app" intended for researching and discovering common security issues. It deliberately covers over 100 vulnerabilities ranging from SQL injection, to XSS, CGI exploits, SSL tampering, remote code execution, RFI, SSRF, CORS, buffer overflows; and replicates many high-profile exploits of other applications (Drupal, Wordpress). It's implemented in PHP, but of course only meant to be run in a sandbox or with its bee-box VM exposing further server process vuln
Webfwlog is a Web-based firewall log reporting and analysis tool. It allows users to design reports to use on logged firewall data in whatever configuration they desire. Included are sample reports as a starting point. Reports can be sorted with a single click, or "drilled-down" all the way to the packet level, and saved for later use. Supported log formats are netfilter, ipfilter, ipfw, ipchains, Cisco routers, Snort, and Windows XP. Netfilter support includes ulogd MySQL or PostgreSQL database
ArpON is a daemon that handles and inspects ARP (address resolution protcol) requests and thusly can prevent MITM attacks, ARP sppofing, cache or route poisoning. It also blocks related network attacks like ARP sniffing, hijacking, or injection, or higher-level DNS and HTTP request/session spoofing, or SSL/TLS circumvention. It also protects networks with proactive (network interface or system shutdown) and dynamic ARP traffic inspections in complexer setups.
Shorewall is a flexible firewall configuration system for Linux 2.4/3.x iptables. It's suitable for routers, gateways, servers, VPN environments and just desktop systems. It provides a higher level rule-based configuration scheme to configure the Netfilter kernel module, routes, interfaces and traffic shaping. It supports both IPv4 and IPv6.
Cyberprobe is a network attack monitoring software stack. It collects data packets for inspection, logging and analysis. It can be integrated with snort to record the actual intrusion source. While Cybermon is highly configurable protocol decoder and analysis tool, which can also automate responses such as dynamic connection resets, firewalling or forged DNS replies.
mod_sslcrl is an Apache module for automating validation of SSL/TLS client certifcates against revocation lists (CRL). It's used in conjunction to mod_ssl when x509 client certificate authentication is used. It substitutes the directives SSLCARevocationFile and SSLCARevocationPath.
BleachBit is a privacy helper that erases unused disk space after cleaning up cache, cookies, internet history, temporary files, logs and junk data. It knows where to look for browser and other common application data, often also speeding up those after vacuuming their data stores. Deletion is actually implemented as shredding with multiple overwrites.