[[Security::internet]]

Ffsend: ffsend allows you to easily and securely share encrypted files from the command line.

File Scan: File::Scan allows users to make multiplatform virus scanners which can detect Windows/DOS/Mac viruses. It include a virus scanner and signatures database.

Firestorm: Firestorm is an extremely high performance network intrusion detection system (NIDS). At the moment it just a sensor but plans are to include real support for analysis, reporting, remote console and on-the-fly sensor configuration. It is fully pluggable and hence extremely flexible.

Firestr: Fire★ is a a simple platform for decentralized communication and computation. Provides a simple application platform for developing p2p applications and share these applications with others in a chat like user interface. You don't send a message to someone, you send an program, which can have rich content. All programs are wired up together automatically providing distributed communication, either through text, images, or games. The source code to all applications is available immediately to instantly clone and modify.

FriBID: FriBID is a free software for the Swedish e-id system called BankID. FriBID also supports processor architectures and GNU/Linux and BSD distributions that the official software doesn't support.,
⚠ Retired, fork needed!

Reverse engineering is required to make a modern version of BankID. The old versions of FriBID doesn't work any more.

Gnunet: GNUnet is a framework for secure peer-to-peer networking that does not use any centralized or otherwise trusted services. Its high-level goal is to provide a strong free software foundation for a global network that provides security and privacy. GNUnet started with an idea for anonymous censorship-resistant file-sharing, but has grown to incorporate other applications as well as many generic building blocks for secure networking applications. In particular, GNUnet now includes the GNU Name System, a privacy-preserving, decentralized public key infrastructure.

Gofoss.net: gofoss.net is a beginners guide to free software, privacy, data ownership and durable tech. Learn how to: safely browse the Internet; keep your conversations private; protect your data; unlock your computer's full potential; stay mobile and free; own your cloud; avoid filter bubbles, surveillance & censorship.

Gpg-remailer: Gpg-remailer is somewhat similar to ordinary mailing list software, but all e-mail processed by gpg-remailer is PGP/GPG signed and encrypted. Gpg-remailer decrypts received PGP/GPG messages, verifies the received signature and re-encrypts the e-mail for the members of a well defined group of recipients. Using gpg-remailer the list of members of a group of people who want to exchange encrypted and authenticated e-mail can be maintained at one location, allowing the members of the group to specify just one e-mail address to send PGP/GPG signed and encrypted e-mail to. Gpg-remailer recognizes the following e-mail formats: * Standard simple encrypted messages. * Multi-part encrypted messages. * Encrypted messages containing detached signatures.

Hackbot: This is a candidate for deletion: Links broken. Email to maintainer broken. Poppy-one (talk) 13:04, 3 August 2018 (EDT) Hackbot is a host exploration tool and bannergrabber. It is meant as auditory tool for remote and local hosts. It scans numerous services and vulnerabilities.

Hashlet: Hashlet is an application with a Command Line Interface (CLI) that controls the Cryptotronix Hashlet. The Cryptotronix Hashlet is open source hardware that implements SHA256, provides a hardware random number generator, and stores 256 bit keys in read and write protected memory. The hardware is designed for a BeagleBone Black but can be uses on an embedded GNU/Linux system that supports the I2C protocol and can supply 3.3 or 5 Volts to the device.

I2P: The Invisible Internet Project (I2P) is a project to build, deploy, and maintain a network supporting secure and anonymous communication. People using I2P are in control of the tradeoffs between anonymity, reliability, bandwidth usage, and latency. There is no central point in the network on which pressure can be exerted to compromise the integrity, security, or anonymity of the system. The network supports dynamic reconfiguration in response to various attacks, and has been designed to make use of additional resources as they become available. Of course, all aspects of the network are open and freely available. Unlike many other anonymizing networks, I2P doesn't try to provide anonymity by hiding the originator of some communication and not the recipient, or the other way around. I2P is designed to allow peers using I2P to communicate with each other anonymously — both sender and recipient are unidentifiable to each other as well as to third parties. For example, today there are both in-I2P web sites (allowing anonymous publishing / hosting) as well as HTTP proxies to the normal web (allowing anonymous web browsing).

Ipfs: pleas add

Jami ,: GNU Jami (formerly SFLphone, GNU Ring) is a universal and distributed communication platform, implemented as free (libre) software, which respects the freedoms and privacy of users. Aimed at the general public as well as professionals, Jami provides all its users a universal communication tool, autonomous, libre, secure and built on a distributed architecture thus requiring no authority or central server to function. GNU Jami satisfies a high priority software goal of the Free Software Foundation, responding to the challenges of privacy on the Internet. Developed by Savoir-faire Linux, Jami takes advantage of an active development community thanks to the support of young Google Summer of Code developers as well as research partnerships with Polytechnique Montréal and the Université du Québec à Montréal.

Knocker: Knocker is a TCP security port scanner written in C, using threads. It can analyze hosts and the network services which are running on them. Both a console version and a GTK+ version are available.

Kontalk: Kontalk is a free software, secure and distributed instant messaging driven by the community. Kontalk protocol is based on XMPP with end-to-end encryption in both server-to-server and server-to-client. Kontalks is basically for phone, but it's also available for desktop now (GNU/Linux, Windows, and macOS).

Legibly Password Generator: generates 30 thirteen characters long passwords // used character groups: A-Z, a-z, 0-9, special: #+,.-;:_= // but without hardly distinguishable ones like l, 1, O, 0 // the output of each password is split up after four characters for a better readability // the first six characters contain at least one character of each group of characters, because some systems do not store larger passwords // every password starts with letters, because some systems cannot handle digits or special signs at the start // in one single password is no character more than ones // the randomness is large enough, that the passwords are very unique

Librecmc: libreCMC is an embedded GNU/Linux distro with the focus of providing a platform that is 100% free software and that does not contain non-free blobs. While libreCMC is currently a hard fork of the popular OpenWRT project, it uses a linux-libre kernel and does not contain non-free parts.

Libsafe: The exploitation of buffer overflow and format string vulnerabilities in process stacks are a significant portion of security attacks. 'libsafe' is based on a middleware software layer that intercepts all function calls made to library functions known to be vulnerable. A substitute version of the corresponding function implements the original function in a way that ensures that any buffer overflows are contained within the current stack frame, which prevents attackers from overwriting the return address and hijacking the control flow of a running program. The true benefit of using libsafe is protection against future attacks on programs not yet known to be vulnerable. The performance overhead of libsafe is negligible, it does not require changes to the OS, it works with existing binary programs, and it does not need access to the source code of defective programs, or recompilation or off-line processing of binaries.

Lynis: Lynis is an auditing and hardening tool for Unix-Like Operating Systems like GNU/Linux, BSD, Solaris. It scans systems to detect software and security issues. Besides security-related information, it will also scan for general system information, installed packages, and possible configuration mistakes. The software is aimed at assisting automated auditing, software patch management, and vulnerability and malware scanning of Unix-based systems.

Maryam: OWASP Maryam is an Open-source intelligence(OSINT) and Web-based Footprinting modular framework based on the Recon-ng and written in Python. If you want Extracts Emails, Docs, Subdomains, Social networks from search engines Extracts Links, CSS and JS files, CDN links, Emails, Keywords from Web Source Find and Brute force DNS, TLD and important directs Crawl Web Pages and search your RegExp Identify WebApps, WAF, Interesting and important files Use Maryam

MasterPassword: Most password managers are password vaults: they let you store or generate a strong password for your services and then encrypt that key and store it for later retrieval. This approach presents many problems, in particular in the modern mobile age, that result in many frustrations: * Vault availability: If your vault is not available, you cannot use any of your services. * Added risk of identity loss: If you lose (eg. HDD failure/house fire) your vault, you instantly lose your entire online identity. * Force of law: Many countries have laws that require you to divulge the encryption key if a lawful search discovers your vault. Some password vaults implement features to try and address these issues, such as Internet sync, cloud-based vaults or backups and self-destructing vaults. These features all work around issues inherent to the solution and bring their own set of issues: * Network sync: Keeping data secure in transit is non-trivial and adds security risks. * Backups: Requires that you keep multiple locations secure from loss and theft, as well as the vault in transit. * Cloud-based services: Requires you to trust an external party and sacrifices transparency and freedom. * Defensive destruction: Reliability issues and again, risk total identity loss. Master Password is a completely different approach to passwords. The core issue that brings forth these problems is the vault used to store passwords. Master Password removes the vault from the solution by being a stateless solution, thus avoiding each of these issues. Master Password works by being an offline and stateless algorithm used to calculate your site passwords on-demand. Your passwords exist only as long as you need them and then disappear from disk and memory. Passwords are calculated based on a master password and the user's full name, combined with the name of the site. Calculation is based on strong, known and understood cryptographic hashes. Hash-based password generation is not new, but Master Password is a careful implementation that avoids many issues that other hash-based password managers suffer from. Cryptography is not easy and upon inspection, the security of most hash-based password generators completely falls apart. Master Password uses scrypt combined with hmac-sha256 and salting to prevent all known attack vectors.

Mod security: 'Mod_security' is an intrusion detection and prevention module for Apache Web servers. Its purpose is to protect vulnerable applications by detecting and (optionally) rejecting attacks. In addition to request filtering (using regex), it can create Web application audit logs. Unlike other similar projects, Mod_security can analyse POST payloads.

MongooseIM: MongooseIM is aimed at large, complex enterprise level projects where real-time communication is critical for business success. It provides high availability, ease of deployment, development and reliability in production. The MongooseIM platform includes server-side components and client libraries. It has also contributed to open source third party XMPP libraries: Smack for Android and XMPP framework for iOS. Built around proven technologies XMPP/Jabber, it adds a simple client/server REST API for front-end and back-end integration.

NSBD: Not-So-Bad Distribution is an automated Web-based distribution system designed for distributing free software on the internet, where users cannot trust the network and cannot entirely trust the software maintainers. NSBD authenticates packages with GNU Privacy Guard (GnuPG) or "Pretty Good(Tm) Privacy" (PGP(Tm)) digital signatures so users can be assured that packages have not been tampered with, and it limits the maintainer to only update selected files and directories on the user's computer. NSBD's focus is on security, leaving as much control as is practical in the users' hands. NSBD handles automated updates by supplying a means of checking for updates to packages and automatically downloading and installing the updates. This "automated pull" style of distribution has the same effect as the "push" style of distribution, but gives more control to the user. A direct "push" style is also supported, which is especially appropriate for situations where there are multiple contributors to a shared server (for example, a shared web-page server). NSBD can "pull" directly over http or by using rsync to minimize network usage.

NetCube: NetCube (a.k.a. Jeff's version of The Spinning Cube of Potential Doom) is a python utility for visualizing network traffic in a 3d simulation. The x, y, and z axes correspond to the source IP address, the port number, and the destination IP address, respectively. This applies only to TCP and UDP traffic, of course, but that's the bulk of the traffic out there! Why bother? Well for one, visualization seems to help humans in identifying port scans and the like. See the original The Spinning Cube of Potential Doom page for more info.

NextTypes: NextTypes is a standards based information storage, processing and transmission system that integrates the characteristics of other systems such as databases, programming languages, communication protocols, file systems, document managers, operating systems, frameworks, file formats and hardware in a single tightly integrated system using a common data types system. NextTypes is a relational/network/objects/files hybrid database system with high level SQL interface, extensive primitive types list, JSON/JSON-LD/XML/Smile/WebDAV/CalDAV/iCalendar/RSS data access, REST interface, customizable MVC architecture, optimistic concurrency control, HTML5/CSS3/SVG/Javascript responsive graphical interface, multilanguage, UTF-8 encoding, syntax highlighting or WYSIWYG editors, robots.txt and sitemap management, text extraction/fulltext search, document management, virus scanning, DoS/SQL injection/CSRF/XSS protection, passwords/X.509 certificates authentication, logging and backup system.

OnionShare: What is OnionShare? OnionShare lets you securely and anonymously share files of any size. It works by starting a web server, making it accessible as a Tor onion service, and generating an unguessable URL to access and download the files. It doesn't require setting up a server on the internet somewhere or using a third party filesharing service. You host the file on your own computer and use a Tor onion service to make it temporarily accessible over the internet. The other user just needs to use Tor Browser to download the file from you. How to Use Open OnionShare, drag and drop files and folders you wish to share into it, and click Start Sharing. After a moment, it will show you a .onion URL. This is the secret URL that can be used to download the file you're sharing. Send this URL to the person you're sending the files to. If the files you're sending aren't secret, you can use normal means of sending the URL, like by emailing it, or sending it in a Facebook or Twitter private message. If you're sending secret files then it's important to send this URL securely. The person who is receiving the files doesn't need OnionShare. All they need is to open the URL you send them in Tor Browser to be able to download the file.\

OpenVPN: OpenVPN lets you to treat a collection of remote machines as though they are on the same network. The connections on this new, virtual network are secured by TLS/SSL. One machine acts as the network server, the others as clients. OpenVPN can also be a component in a TLS tunnel, where the client connects only to the OpenVPN server, which makes additional connections on the client's behalf.

Pica Pica Messenger: Pica Pica is a project aimed to create and support distributed decentralized secure instant messaging system. Pica Pica network consists of nodes and clients. Nodes are hosted by volunteers on their computers. Nodes connect to each other and exchange info about other nodes and online clients, transfer encrypted data between clients. All data transferred between clients is protected by end-to-end encryption using TLS 1.2 protocol. Users are identified by unique SHA224 hash of their certificate which is generated during account creation.

Pound: Pound is a reverse HTTP proxy, load balancer, and SSL wrapper. It proxies client HTTPS requests to HTTP backend servers, distributes the requests among several servers while keeping sessions, supports HTTP/1.1 requests even if the backend server(s) are HTTP/1.0, and sanitizes requests. Pound proxies HTTO _and HTTPS requests simultaneously. In addition, it knows about failed back-end servers and can redirect requests according to their availability. It can run as setuid/setgid and/or in a chroot jail. Pound does not access the hard-disk at all (except for reading the certificate file on start, if required, and the pid file) and should thus pose no security threat to any machine. It needs at least the configuration file (read-only) and, optionally, the HTTPS server certificate (read-only).

Privacy Redirect: Redirects Twitter, YouTube, Instagram, Google Maps and Reddit requests to privacy friendly alternatives such as Nitter, Invidious, Bibliogram and OpenStreetMap. Allows for setting custom instances or random choice, toggling all redirects on/off and more.

Privoxy: Privoxy is a Web proxy based on Internet Junkbuster with advanced filtering capabilities for protecting privacy, filtering Web page content, managing cookies, controlling access, and removing ads, banners, pop-ups, and other obnoxious Internet junk. It is useful for both stand-alone systems and multi-user networks.

Protector: 'Protector' is a low maintenance e-mail virus blockade system that runs under Sendmail. It runs on e-mail servers that handle in-bound messages, checks incoming e-mail for attachments that could contain viruses, worms, etc., and replaces the offending attachments with standard warning messages (or modifies them to remove the dangerous parts) before passing them on to their intended recipients. The original "dangerous" attachment is saved in a directory that only the system administrator can access.

PyBitmessage: PyBitmessage is the official instant messaging client designed for Bitmessage(a P2P encrypted decentralised communication protocol).

Red Matrix: Originally authored by Mike Macgirvin (also the original author of Friendica), the RedMatrix is a super network created from a huge number of smaller independent and autonomous websites - which are linked together into a cooperative publishing and social platform. It consists of an open source webapp providing a complete multi-user decentralised publishing, sharing, and communications system - known as a "hub". Each hub provides communications (private messaging, chat, blogging, forums, and social networking), along with media management (photos, events, files, web pages, shareable apps) for its members; all in a feature-rich platform. These hubs automatically reach out and connect with each other and the rest of the matrix. Privacy and content ownership always remain under the direct personal control of the individual; and permission to access any item can be granted or denied to anybody in the entire matrix. What makes the RedMatrix unique is what we call "magic authentication" - which is based on our groundbreaking work in decentralised identity services. No other platform provides this ability. Within the matrix the boundaries between different hubs are blurred or seemingly non-existent. Identity in the matrix is considered transient and potentially nomadic. "Who you are" has nothing to do with "what computer you're connected to", and website content can adapt itself according to who is viewing it. You have the ability to "clone" your identity to other hubs; which allows you to continue to communicate with your friends seamlessly if your primary hub is ever disabled (temporarily or permanently). The RedMatrix is ideal for communities of any size, from private individuals and families to online forums, business websites, and organisations. It can be used by anybody who has communications or web content that they wish to share, but where they desire complete control of whom they share it with.

Remcage: RemCage is an accounts simple manager to set them to access through SFTP in jailed directories (chrooted). Useful for fileservers and public webservers. You can expand directory sharing through all networks without SMB/CIFS, and throw away unsecure FTP protocol from webservers.

SILC Client: SILC (Secure Internet Live Conferencing) is a protocol which provides secure Internet conferencing services over insecure channels. It superficially resembles IRC, although they are very different internally. The purpose of SILC is to provide secure conferencing services. Strong cryptographic methods are used to secure all traffic, and all messages are encrypted and authenticated. The SILC also supports secure file transferring. There is the SILC Client for end users, the SILC Server for system administrators, and the SILC Toolkit for application developers.

SILC Toolkit: SILC (Secure Internet Live Conferencing) is a protocol which provides secure conferencing services in the Internet over insecure channels. SILC superficially resembles IRC, although they are very different internally. The purpose of SILC is to provide secure conferencing services. SILC uses strong cryptographic methods to secure all traffic; it encrypts and authenticates all messages. It also supports secure file transferring. The SILC is delivered as SILC Client for end users, SILC Server for system administrators, and SILC Toolkit for application developers.

SNORT: Snort is a network intrusion detection system that performs real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and more. Snort has three primary uses: as a straight packet sniffer like tcpdump(1), as a packet logger (useful for network traffic debugging, etc), or as a full blown network intrusion detection system. Snort logs packets in either tcpdump(1) binary format or in Snort's decoded ASCII format to logging directories that are named based on the IP address of the "foreign" host. It should work any place libpcap does. Snort uses a flexible rules language to describe traffic that it should collect or pass, as well as a detection engine that utilizes a modular plugin architecture. It also has real-time alerting capabilities.

Seafile

Seafile provides the full facilities to replace proprietary cloud storage and file syncing solutions. It offers the ability to self-host the server on your own hardware as well as make use of commercial services that host it for you. It offers a desktop client for all major operating systems. Major features include:

File syncing
File version control
Client side encryption
Public share linking
Group and Organisation collaboration

Seafile Community Edition may be used as a free software replacement for Dropbox, Spideroak, Wuala and similar proprietary programs and services. Seafile Professional Edition is not free software as per the license outlined here: https://manual.seafile.com/deploy_pro/seafile_professional_sdition_software_license_agreement/

Send (file sharing): Send is a self-hosted tool that allows sending files with encryption. It's a community fork of Firefox Send, a discontinued service by Mozilla. Files are encrypted in the browser before being uploaded to the server. Files are stored for 24 hours then deleted from the server. ffsend is a CLI client for Send. A list of available instances can be found here.

Sesele: SeSeLe is a command-line wizard to create and manage X.509 certificates in two ways: Self-signed certificates + Certification Authority, and Let's Encrypt certificates. Letsencrypt management is intended to call ACME-client for certificates renewal and files redistribution to unprivileged hosts (those that can't attend TCP/443 port). Generated certificates are useful for most TLS secured services such as HTTPs, IMAPs, POP3s, SMTPs, etc. For self-signed files, the only thing you will need to remember are passphrases.

Silky: Silky is an easy-to-use graphical SILC client. The aim of this project is to create a simple and easy to use graphical, os-independent SILC client. Silky contains, or will eventually contain, all necessary features of a SILC client. The user interface will be kept as simple and clean as possible. SILC is a protocol which provides secure conferencing services in the Internet over insecure channel. The biggest similarity between SILC and IRC is that they both provide conferencing services and that SILC has almost same commands as IRC. However, internally they are very different.

SilverTunnel-NG: SilverTunnel-NG is a Java library that implements and encapsulates all the complex network protocol stuff needed for anonymous communication over the Tor anonymity network. SilverTunnel-NG Netlib can be easily integrated in almost every existing and new Java application. The library requires Java 1.6/Java SE 6 or a newer version. This is a fork of silvertunnel (https://silvertunnel.org)

Sshdo: sshdo provides an easily configurable way of controlling which commands may be executed via incoming ssh connections.

Tanne: 'tanne' is a small, secure session-management solution for HTTP. It replaces common sessions with a system consisting of PIN and TANs, well known from online banking. It's main purpose is to enable programmers of Web applications to have real secure sessions without cookies or session-ids.

Taskenizer: Taskenizer aims to be a legendary web-based personal organization tool. It helps you organize your TODOs, periodic tasks, notes and lists. It has extra security features. Protects not only against network attacks and data-at-rest attacks but even server compromise. It has extremely optimized bandwidth usage. On a slow mobile connection that can't even load most modern web pages, it will load in seconds. It has features for secure sharing of data with other users. It is Free Software, which means it respects your rights as a computer user. Now the technical details. Taskenizer is: Written in Python3 Designed to run behind NGINX using uWSGI Licenced under the GNU Affero General Public License

Tcptrack: 'tcptrack' is a packet sniffer. It passively watches for connections on a specified network interface, tracks their states, and lists them in a manner similar to the Unix 'top' command. It displays source and destination addresses and ports, connection state, idle time, and bandwidth usage. The filter expression is a standard pcap filter expression (identical to the expressions used by tcpdump) which can filter down the characteristics of TCP connections that tcptrack will see.

Terms of Service; Didn’t Read: Terms of Service; Didn't Read (ToS;DR) is a community project and browser plugin which aims to analyze and grade the terms of service (TOS) and privacy policies of major Internet sites and services. Each aspect of a TOS or privacy policy is assessed as positive, negative, or neutral. Services are graded from A (best) to E (worst).

Textmail: Mail filter to replace proprietary/binary formatting and attachments such as MS Word/HTML attachments with plain text

Free Software Foundation!

Semantic search

Query log

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Interaction

Navigation

Creation

Print

Tools