Free Software Foundation!

AMaViS-ng AMaViS-ng is a modular rewrite of amavisd and amavis-perl. It scans email for malicious code inside attachments and archive files, stopping delivery if malicious code is found. It supports integration of several third-party virus scanners and integrates nicely into several MTA setups. Unlike amavis-perl and amavisd, there is no need for build-time configuration

Amavisd-new 'amavisd-new' is an interface between MTAs and content checkers, including virus scanners, and/or the Mail::SpamAssasin Perl module. It talks to the MTA via (E)SMTP or LMTP, or by using helper programs. No timing gaps exist in the design, which could cause a mail loss. It is normally positioned at or near a central mailer, not necessarily where the user's mailboxes and final delivery takes place.

Authforce Authforce is an HTTP authentication brute forcer. Using various methods, it attempts brute force username and password pairs for a site. It has the ability to try common usernames and passwords, username derivations, and common username/password pairs. It is used both to test the security of your site and to highlight the insecurity of HTTP authentication due to the fact that users just don't pick good passwords.

Clipperz Clipperz is a web based password manager. Local encryption within the browser guarantees that no one except you can read your data. With Clipperz you can quickly login to websites, as well as organize and store logins and any confidential data.

File Scan File::Scan allows users to make multiplatform virus scanners which can detect Windows/DOS/Mac viruses. It include a virus scanner and signatures database.

Firestorm Firestorm is an extremely high performance network intrusion detection system (NIDS). At the moment it just a sensor but plans are to include real support for analysis, reporting, remote console and on-the-fly sensor configuration. It is fully pluggable and hence extremely flexible.

Hackbot Hackbot is a host exploration tool and bannergrabber. It is meant as auditory tool for remote and local hosts. It scans numerous services and vulnerabilities.

Knocker Knocker is a TCP security port scanner written in C, using threads. It can analyze hosts and the network services which are running on them. Both a console version and a GTK+ version are available.

Libsafe The exploitation of buffer overflow and format string vulnerabilities in process stacks are a significant portion of security attacks. 'libsafe' is based on a middleware software layer that intercepts all function calls made to library functions known to be vulnerable. A substitute version of the corresponding function implements the original function in a way that ensures that any buffer overflows are contained within the current stack frame, which prevents attackers from overwriting the return address and hijacking the control flow of a running program. The true benefit of using libsafe is protection against future attacks on programs not yet known to be vulnerable. The performance overhead of libsafe is negligible, it does not require changes to the OS, it works with existing binary programs, and it does not need access to the source code of defective programs, or recompilation or off-line processing of binaries.

Mod security 'Mod_security' is an intrusion detection and prevention module for Apache Web servers. Its purpose is to protect vulnerable applications by detecting and (optionally) rejecting attacks. In addition to request filtering (using regex), it can create Web application audit logs. Unlike other similar projects, Mod_security can analyse POST payloads.

NSBD Not-So-Bad Distribution is an automated Web-based distribution system designed for distributing free software on the internet, where users cannot trust the network and cannot entirely trust the software maintainers. NSBD authenticates packages with GNU Privacy Guard (GnuPG) or "Pretty Good(Tm) Privacy" (PGP(Tm)) digital signatures so users can be assured that packages have not been tampered with, and it limits the maintainer to only update selected files and directories on the user's computer. NSBD's focus is on security, leaving as much control as is practical in the users' hands. NSBD handles automated updates by supplying a means of checking for updates to packages and automatically downloading and installing the updates. This "automated pull" style of distribution has the same effect as the "push" style of distribution, but gives more control to the user. A direct "push" style is also supported, which is especially appropriate for situations where there are multiple contributors to a shared server (for example, a shared web-page server). NSBD can "pull" directly over http or by using rsync to minimize network usage.

NetCube NetCube (a.k.a. Jeff's version of The Spinning Cube of Potential Doom) is a python utility for visualizing network traffic in a 3d simulation. The x, y, and z axes correspond to the source IP address, the port number, and the destination IP address, respectively. This applies only to TCP and UDP traffic, of course, but that's the bulk of the traffic out there! Why bother? Well for one, visualization seems to help humans in identifying port scans and the like. See the original The Spinning Cube of Potential Doom page for more info.

Pound Pound is a reverse HTTP proxy, load balancer, and SSL wrapper. It proxies client HTTPS requests to HTTP backend servers, distributes the requests among several servers while keeping sessions, supports HTTP/1.1 requests even if the backend server(s) are HTTP/1.0, and sanitizes requests. Pound proxies HTTO _and HTTPS requests simultaneously. In addition, it knows about failed back-end servers and can redirect requests according to their availability. It can run as setuid/setgid and/or in a chroot jail. Pound does not access the hard-disk at all (except for reading the certificate file on start, if required, and the pid file) and should thus pose no security threat to any machine. It needs at least the configuration file (read-only) and, optionally, the HTTPS server certificate (read-only).

Privoxy Privoxy is a Web proxy based on Internet Junkbuster with advanced filtering capabilities for protecting privacy, filtering Web page content, managing cookies, controlling access, and removing ads, banners, pop-ups, and other obnoxious Internet junk. It is useful for both stand-alone systems and multi-user networks.

Protector 'Protector' is a low maintenance e-mail virus blockade system that runs under Sendmail. It runs on e-mail servers that handle in-bound messages, checks incoming e-mail for attachments that could contain viruses, worms, etc., and replaces the offending attachments with standard warning messages (or modifies them to remove the dangerous parts) before passing them on to their intended recipients. The original "dangerous" attachment is saved in a directory that only the system administrator can access.

SILC Client SILC (Secure Internet Live Conferencing) is a protocol which provides secure Internet conferencing services over insecure channels. It superficially resembles IRC, although they are very different internally. The purpose of SILC is to provide secure conferencing services. Strong cryptographic methods are used to secure all traffic, and all messages are encrypted and authenticated. The SILC also supports secure file transferring. There is the SILC Client for end users, the SILC Server for system administrators, and the SILC Toolkit for application developers.

SILC Toolkit SILC (Secure Internet Live Conferencing) is a protocol which provides secure conferencing services in the Internet over insecure channels. SILC superficially resembles IRC, although they are very different internally. The purpose of SILC is to provide secure conferencing services. SILC uses strong cryptographic methods to secure all traffic; it encrypts and authenticates all messages. It also supports secure file transferring. The SILC is delivered as SILC Client for end users, SILC Server for system administrators, and SILC Toolkit for application developers.

SNORT Snort is a network intrusion detection system that performs real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and more. Snort has three primary uses: as a straight packet sniffer like tcpdump(1), as a packet logger (useful for network traffic debugging, etc), or as a full blown network intrusion detection system. Snort logs packets in either tcpdump(1) binary format or in Snort's decoded ASCII format to logging directories that are named based on the IP address of the "foreign" host. It should work any place libpcap does. Snort uses a flexible rules language to describe traffic that it should collect or pass, as well as a detection engine that utilizes a modular plugin architecture. It also has real-time alerting capabilities.

Silky Silky is an easy-to-use graphical SILC client. The aim of this project is to create a simple and easy to use graphical, os-independent SILC client. Silky contains, or will eventually contain, all necessary features of a SILC client. The user interface will be kept as simple and clean as possible. SILC is a protocol which provides secure conferencing services in the Internet over insecure channel. The biggest similarity between SILC and IRC is that they both provide conferencing services and that SILC has almost same commands as IRC. However, internally they are very different.

Tanne 'tanne' is a small, secure session-management solution for HTTP. It replaces common sessions with a system consisting of PIN and TANs, well known from online banking. It's main purpose is to enable programmers of Web applications to have real secure sessions without cookies or session-ids.