Projects tagged ‘internet’, ‘networking’, and ‘security’

Wireshark is the world's foremost network protocol analyzer, and is the de facto (and often de jure) standard across many industries and educational institutions. (Wireshark was known as Ethereal until June 09, 2006)

OpenVPN is a robust and highly configurable VPN (Virtual Private Network) daemon which can be used to securely link two or more private networks using an encrypted tunnel over the Internet. OpenVPN's principal strengths include wide cross-platform ... [More] portability, excellent stability, support for dynamic IP addresses and NAT, adaptive link compression, single TCP/UDP port usage, a modular design that offloads most crypto tasks to the OpenSSL library, and relatively easy installation that in most cases doesn't require a special kernel module. [Less]

PF (Packet Filter) is OpenBSD's system for filtering TCP/IP traffic, doing Network Address Translation, normalizing and conditioning TCP/IP traffic and providing bandwidth control and packet prioritization. PF has also been ported to FreeBSD, NetBSD, and DragonFly BSD, and is an integral part of MirBSD.

Snort® is an open source network intrusion prevention and detection system using a flexible rule-driven language, which combines the benefits of signature, protocol and anomaly based inspection methods. With millions of downloads to date, Snort is ... [More] the most widely deployed intrusion detection and prevention technology worldwide and has become the de facto standard for the industry. [Less]

Tor is a toolset for a wide range of organizations and people that want to improve their safety and security on the Internet. Using Tor can help you anonymize web browsing and publishing, instant messaging, IRC, SSH, and other applications that use ... [More] the TCP protocol. Tor also provides a platform on which software developers can build new applications with built-in anonymity, safety, and privacy features. Tor aims to defend against traffic analysis, a form of network surveillance that threatens personal anonymity and privacy, confidential business activities and relationships, and state security. Communications are bounced around a distributed network of servers called onion routers, protecting you from websites that build profiles of your interests, local eavesdroppers that read your data [Less]

The Metasploit Framework is a development platform for creating security tools and exploits. The framework is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to ... [More] perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler. [Less]

Ettercap is a network sniffer/interceptor/logger for ethernet LANs. It supports active and passive dissection of many protocols (even ciphered ones, like SSH and HTTPS). Data injection in an established connection and filtering on the fly is also ... [More] possible, keeping the connection synchronized. Many sniffing modes were implemented to give you a powerful and complete sniffing suite. Plugins are supported. It has the ability to check whether you are in a switched LAN or not, and to use OS fingerprints (active or passive) to let you know the geometry of the LAN. [Less]

Freenet is a peer-to-peer network designed to allow the distribution of information over the Internet in an efficient manner, without fear of censorship. It is completely decentralized (there is no person or computer essential to its operation) ... [More] , meaning that Freenet cannot be attacked like centralized peer-to-peer systems such as Napster. Freenet also employs intelligent routing and caching to learn to route requests more efficiently, automatically mirror popular data, make network flooding almost impossible, and move data to where it is in greatest demand. [Less]

Endian Firewall Community is a "turn-key" linux security distribution that turns every system into a full featured security appliance with Unified Threat Management (UTM) functionality. The software has been de signed with "usability in mind" and is ... [More] very easy to install, use and manage, without losing its flexibility. The features include a stateful packet inspection firewall, application-level proxies for various protocols (HTTP, FTP, POP3, SMTP) with antivirus support, virus and spamfiltering for email traffic (POP and SMTP), content filtering of Web traffic and a "hassle free" VPN solution (based on OpenVPN). The main advantage of Endian Firewall is that it is a pure "Open Source" solution that is sponsored by Endian. [Less]

IPCop Linux is a complete Linux distribution whose sole purpose is to protect the networks on which it is installed.

IRC Defender is a program designed for IRC networks, written in perl. It is highly a modular security service which amongst other things will keep virus and trojan drones from your network, allow you to set akills using regular expressions, and will ... [More] prevent abuse of CGI:IRC proxies. IRC Defender supports many IRC daemons including: * bahamut * dancer * hybrid * InspIRCd * ircd 2.10 * unreal * ultimate * ptlink * P10 (ircu, asuka) * TR-ircd * Dreamforge IRC Defender is used on many small to medium sized networks. We welcome third party development of modules, and will include any useful modules in the distribution. [Less]

SSHTools is a suite of Java SSH applications providing a Java SSH API, SSH Terminal, SSH secured VNC client, SFTP client and SSH Daemon.

Firestarter is a firewall tool for Linux, and uses GNOME. You can use the wizard to create a basic firewall, then streamline it further using the dynamic rules. You can open and close ports with a few clicks, or stealth your services giving access ... [More] only to a select few. It features a real-time hit monitor which you can watch as attackers probe your machine for open ports. [Less]

The JXSE project is a complete reference implementation of the JXTA protocols built using Java Standard Edition 5.0. The JXSE project was the original JXTA implementation and was built in Java because Java enabled us to rapidly prototype and test new ... [More] ideas and develop a more robust implementation. Java is available for most operating systems (Solaris, Unix, Windows, MacOS, etc.) and allows us to reach the maximum number of potential users. [Less]

Prelude is an Hybrid IDS framework, that is, it is a product that enable all available security application, be it opensource or proprietary, to report to a centralized system. In order to achieve this task, Prelude relies on the IDMEF (Intrusion ... [More] Detection Message Exchange Format) IETF standard, that enables different kinds of sensors to generate events using an unified language. Prelude benefits from its ability to find traces of malicious activity from different sensors (Snort, honeyd, Nessus Vulnerability Scanner, Samhain, over 30 types of systems logs, and many others) in order to better verify an attack and in the end to perform automatic correlation between the various events. Prelude is commited to providing an Hybrid IDS that offers the ability to unify currently available tools. [Less]

IPFire is new-developed firewall build with the latest releases of linux 2.6 and tools. You are able to install a lot of addons and you will see a firewall can become a home server.

Wellenreiter is a GTK/Perl wireless network discovery and auditing tool. Prism2, Lucent, and Cisco based cards are supported. It is the easiest to use Linux scanning tool. No card configuration has to be done anymore. The whole look and feel is ... [More] pretty self-explaining. It can discover networks (BSS/IBSS), and detects ESSID broadcasting or non-broadcasting networks and their WEP capabilities and the manufacturer automatically. DHCP and ARP traffic are decoded and displayed to give you further information about the networks. An ethereal/tcpdump-compatible dumpfile and an Application savefile will be automaticly created. gpsd can be used to track the location of the discovered networks. [Less]

tinc is a daemon with which you can create a virtual private network (VPN). One daemon can handle multiple connections, so you can create an entire (moderately sized) VPN with only one daemon per participating computer. tinc can tunnel IPv4, IPv6 and/or Ethernet packets over IPv4 and IPv6 networks.

Anytun is an implementation of the secure anycast tunneling protocol. It uses an easy openvpn style interface and makes it possible to build redundant vpn clusters with load balancing between servers. VPN Servers share a single IP address. Adding and ... [More] removing VPN Servers is done by the routing protocol, so no client changes have to be made when additional VPN Servers are added or removed. It is possible to realise global load balancing based on shortest BGP routes, by simply announcing the address space of the tunnel servers at multiple locations. [Less]

strongSwan is an OpenSource IPsec implementation for the Linux operating system. It is based on the discontinued FreeS/WAN project and the X.509 patch which we developed over the last three years. It features IKEv1 and IKEv2 keying capabilities and targets Linux 2.6 native IPsec.

GNUnet is a framework for secure peer-to-peer networking that does not use any centralized or otherwise trusted services. A first service implemented on top of the networking layer allows anonymous censorship-resistant file-sharing. GNUnet uses a ... [More] simple, excess-based economic model to allocate resources. Peers in GNUnet monitor each others behavior with respect to resource usage; peers that contribute to the network are rewarded with better service. [Less]

Torbutton is a 1-click way for Firefox users to enable or disable the browser's use of Tor. It adds a panel to the statusbar that says "Tor Enabled" (in green) or "Tor Disabled" (in red). The user may click on the panel to toggle the status.

This is a piece of software that lets you tunnel IPv4 data through a DNS server. This can be usable in different situations where internet access is firewalled, but DNS queries are allowed. It runs on Linux, Mac OS X, FreeBSD, NetBSD and OpenBSD ... [More] and needs a TUN/TAP device. The bandwidth is assymetrical with limited upstream and up to 1 Mbit/s downstream. [Less]

Hardened Linux is a secured and minimalized operating system designed to run as a firewall, IDS host, authentication system and VPN gateway.

SquidGuard is a URL redirector used to use blacklists with the proxysoftware Squid. There are two big advantages to squidguard: it is fast and it is free. Features: * Included configurable logging. * Progress bar when compiling ... [More] blacklists. * Full sed compliance for rewrite statements. * Blocking of urls with hostnames. Some more details about features and bug fixes can be found on the 1.3 feature page. [Less]

ITVal is an open source utility for testing, and debugging iptables firewall policies. It can detect many different kinds of errors, such as typos, out-of-order rules, faulty understanding of the firewall, or poor assumptions about the policy logic. ... [More] ITVal can also generate a "policy map" that illustrates how the firewall treats various groups of hosts on the network. This grouping is automatically calculated from the policy and can make it very easy to spot anomalies in the policy. Current development on ITVal focuses on ways to partially automate repair of the policy. [Less]

Un framework en PHP escrito en español. --- A PHP framework in spanish.

Rubyforger is a raw packet manipulation tool. It allows to easily send,receive and modify packets in Ethernet, Arp, IP, TCP, UDP and ICMP.

PeerSec Networks MatrixSSL™ is an embedded SSL implementation designed for small footprint applications and devices. PeerSec MatrixSSL allows secure management of remote devices. < 50KB total footprint with crypto provider SSLv3, TLS, SSH ... [More] server and client support Included crypto library - RSA, AES, 3DES, ARC4, SHA1, MD5 Cipher Suites - RC4-MD5, RC4-SHA, DES-CBC3-SHA, AES128-SHA, AES256-SHA RSA public and private key generation X.509 certificate generation and signing MatrixSSL supports all operating systems and has been ported to OSs including VxWorks, uClinux, eCos, pSOS, Nucleus, BREW, Linux, Mac OS X, Windows and PocketPC. MatrixSSL has been deployed on systems with no OS, filesystem or memory management. [Less]

Java Anon Proxy attempts to provide a secure and scalable technical infrastructure for anonymous communication.