Free Software Foundation!

Afick 'afick' is a multi-platform file integrity checker. It works by first creating a database that represents a snapshot of the essential parts of your computer system. You then run the script to discover all modifications made since the snapshot was taken (i.e. files added, changed, or removed). It shows new, deleted and changed files (rights, owner, size, content).

AntiExploit 'AntiExploit' scans for well known exploit files. It currently recognizes over 1700 suspicious files, and the database is updated weekly. It is not meant to be a IDS or high-profile security-application, but rather an extension to other security checks. 'aexpl' was developed for a freeshell-server to track script-kiddies.

BlueProximity Add security to your desktop by automatically locking and unlocking the screen when you and your phone leave/enter the desk. Think of a proximity detector for your mobile phone or other device via bluetooth.

Bunny the Fuzzer A closed loop, high-performance, general purpose protocol-blind fuzzer for C programs. Uses compiler-level integration to seamlessly inject precise and reliable instrumentation hooks into the traced program. These hooks enable the fuzzer to receive real-time feedback on changes to the function call path, call parameters, and return values in response to variations in input data. This architecture makes it possible to significantly improve the coverage of the testing process without a noticeable performance impact usually associated with other attempts to peek into run-time internals. Bunny is currently known to support GNU/Linux, FreeBSD, OpenBSD, and Cygwin on IA32 and IA64 systems.

Cage cage is a replacement for the chroot(8) utility. Like chroot, cage changes its root directory to the one specified and then executes your application. Before execing, however, cage drops all privileges that would let the program escape its jail.

Changedfiles 'changedfiles' is a framework for filesystem replication, security monitoring, and/or automatic file transformations--anything where you'd poll files or directories and then do something to them or send them somewhere else (or both). The difference is, the kernel tells you when they change, instead of you having to poll. It is also an easy real time FTP push mirror to one or multiple sites. 'changedfiles' has a kernel module (works with Linux kernel version 2.4) which reports to a device whenever a file on the filesystem changes, and a daemon which runs in user space and can be configured to do almost anything when a change to a file matching one of the patterns it looks for is reported.

Chkrootkit chkrootkit is a tool to locally check for signs of a rootkit. It contains programs to check for modified system binaries, signs of LKM trojans and more. It currently detects 60 rootkits, worms and LKMs.

Chroot safe 'chroot_safe' is a alternative method for chrooting dynamically linked applications. It delays the chrooting until after dynamic linking has completed, so you don't need to have a copy of the binary or libraries within the chroot. This simplifies the process of chrooting an application, as you often do not need any files besides the data files within the chroot. In addition to chrooting the application, 'chroot_safe' also drops root privileges before letting the application start.

CodeBlue

DsaCheck dsacheck is a python program that will check all the packages on a Debian system. Dsacheck will download dynamically the DSA (Debian Security Alert) news from the security webpage and build a list that will be compared to the locally installed packages. You can use it easily in a CRON job.

EICS Easy integrity check system is an easy-to-install and use file integrity system. It is meant to be used by system administrators to aid with intrusion detection.

EncFS EncFS is an encrypted pass-through filesystem which runs in userspace on GNU/Linux (using the FUSE kernel module). Similar in design to CFS and other pass-through filesystems, all data is encrypted and stored in the underlying filesystem. Unlike loopback filesystems, there is no predetermined or pre-allocated filesystem size.

Fenris Fenris is a multipurpose tracer, GUI debugger, stateful analyzer and partial decompiler intended to simplify bug tracking, security audits, code, algorithm, protocol analysis and computer forensics - providing a structural program trace, interactive debugging capabilities, general information about internal constructions, execution path, memory operations, I/O, conditional expressions and more. Fenris can do traditional, instruction by instruction or breakpoint to breakpoint interactive debugging enhanced by additional structural data about the code delivered to the user; it is able to fingerprint functions in static binaries, reconstruct symbol tables in ELF files based on that information, automatically detect common library code; able to deliver text-based and graphical, browsable output that documents different aspects of program activity on different abstraction layers; able to perform partial analysis of single structural blocks.

Ficc File Integrity Command & Control (FICC) helps system administrators manage multiple Tripwire installations. It maintains MD5 hashes for three key Tripwire files and verifies that the MD5 checksum of these key files against the signatures in its file checksum database. If they match, it then connects to the host via SSH and runs Tripwire. If any signatures do not match, an email is sent to the "FICC administrator" of the system in question.

Fireparse "fireparse" reports on all packets that have been logged by the kernel's ipchains and iptables packet filtering subsystems. The report can include source and destination IPs, ports and protocols; interface; direction; hit count; iptables rule; resulting action; and fully resolved host name. It can be formatted plain text e-mail or a colored HTML table, and delivered via e-mail or a local file. 'Fireparse' also moves all iptables entries from your syslog file into a second message file so that other syslog entries are more easily noticed and recognized.

GSsh GSsh is a Gnome frontend to ssh. It keeps track of the hosts you visit and remembers the username, so logging in is only a few mouse clicks away. Most of ssh's command line parameters can be set from a settings dialog.

GnoMint gnoMint is a tool for easily creating and managing certification authorities. It provides fancy visualization of all the pieces of information that pertain to a CA, such as x509 certificates, CSRs, and CRLs. gnoMint is currently capable of managing a CA that emits certificates that are able to authenticate people or machines in VPNs (IPSec or other protocols), secure HTTP communications with SSL/TLS, authenticate and cipher HTTP communications through Web-client certificates, and sign or crypt email messages.

Grsecurity 'grsecurity' is a complete security system for Linux 2.4 that implements a detection/prevention/containment strategy. It prevents most forms of address space modification, confines programs with least privilege via its process-based ACL system, hardens syscalls, and provides many of the OpenBSD randomness features. It has auditing capabilities and a netfilter module designed to thwart portscans and OS fingerprinting.

Gvpe The GNU Virtual Private Ethernet Suite (GVPE) provides a secure vpn network among multiple nodes over an untrusted network.

Hping 'Hping' sends custom ICMP/UDP/TCP packets and displays target replies. It handles fragmentation and arbitrary packet body and size, and can be used to transfer files under supported protocols. With 'Hping', you can test firewall rules, perform [spoofed] port scanning, test net performance using different protocols, packet size, TOS (type of service), and fragmentation, do path MTU discovery, tranfer files (even between really Fascist firewall rules), perform traceroute-like actions under different protocols, fingerprint remote OSs, and audit a TCP/IP stack.