Projects tagged ‘audit’

John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), Windows, DOS, BeOS, and OpenVMS. Its ... [More] primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos AFS and Windows NT/2000/XP/2003 LM hashes, plus several more with contributed patches. [Less]

sshproxy is a pure python implementation of an ssh authenticating proxy. It allows users to connect to remote sites without having to know the password or key of the remote sites. ACL rules can ... [More] be set up to allow or deny users based on different parameters like their IP address or the time of the day. Access attempts are logged via syslog, and an enhanced "action log" system is under development. The client is the standard ssh client. [Less]

The Envers project makes it simple to version entities. The only thing required is annotating them with @Versioned. Storing historical data (versions) is completely transparent to the developer. ... [More] He/she may interact with the entities as always. Not only basic properties of an entity can be versioned, but also relations, making it possible to view parts of the database as they were at a given revision (each revision has an associated timestamp, one revision = one transaction, in which versioned data has changed). Moreover, Envers provides a straightforward interface for retrieving historical data, a criteria-like query interface, and the possibility to store additional information alongside each revision. Envers works with Hibernate and Hibernate Entity Manager. [Less]

Release Audit Tool (RAT) is a tool to improve accuracy and efficiency when checking releases. It is heuristic in nature: making guesses about possible problems. It will produce false positives and ... [More] cannot find every possible issue with a release. It's reports require interpretation. RAT was developed in response to a need felt in the Apache Incubator to be able to review releases for the most common faults less labour intensively. It is therefore highly tuned to the Apache style of releases. [Less]

CDO Model Repository ===================== CDO is both a technology for distributed shared EMF models and a fast server-based O/R mapping solution. With CDO you can easily enhance your existing ... [More] models in such a way that saving a resource transparently commits the applied changes to a relational database. Optionally other connected clients are actively notified about these changes so that their model copies get partially invalidated and all user interfaces reflect the current state at once. Stored resources are demand-loaded from the database only as needed. CDO uses the Net4j technology as a flexible and scalable signalling backbone. [Less]

cPassMan is a Collaborative Passwords Manager. It permits to manage passwords in an environment where all users can't see all passwords. cPassMan main functions are: - Define your own Tree structure ... [More] of passwords Groups, - Define the users Functions you want. Each Function allows access to specific Groups, - Associate each user to specific Functions, and customize his/hers groups access, - Create the matrix traceability for Functions vs Groups, - Audit trail on passwords, - All passwords are encrypted in database, - Clipboard copy of password and login for quick utilization, - Define minimal password complexity for each Group, - Auto log-off system when session is over, - Deploy a strategy for "renewal passwords", - Passwords can be restricted to a set of users, - ... More infos on website. [Less]

Svnspam produces a nicely formatted HTML e-mail message containing the (universal) diff, log message and versions of files involved in an svn commit. To do this it uses a commit hook. This project ... [More] is a fork of cvsspam ... See the CVSspam website for more information about the origins of this program. Development of svnspan is sponsored by BitPusher but of course anyone can contribute patches, code, suggestions and bugs. [Less]

Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility grep. It's comparable to other static analysis applications like ... [More] RATS and SWAAT while keeping the technical requirements to a minimum and being very flexible. [Less]

WebSpidah is a tactical WASS (Web Application Security Scanner) written in PHP. It has an interactive shell as a user interface, much like the MSF, and a modularized, XML-based, vulnerability recon ... [More] system. WebSpidah is released under the GPL license. [Less]

PhpSecInfo provides an equivalent to the phpinfo() function that reports security information about the PHP environment, and offers suggestions for improvement. It is not a replacement for secure ... [More] development techniques, and does not do any kind of code or app auditing, but can be a useful tool in a multilayered security approach. [Less]