Semantic search
- AMaViS-ng
- AMaViS-ng is a modular rewrite of amavisd and amavis-perl. It scans email for malicious code inside attachments and archive files, stopping delivery if malicious code is found. It supports integration of several third-party virus scanners and integrates nicely into several MTA setups. Unlike amavis-perl and amavisd, there is no need for build-time configuration
- Achoz
- will offer search and tools to reduce your data, keep it clean, fast and easy. in alpha development stage.
- Adblock Plus
- ⚠ Antifeature: Tracking comment
Adblock Plus is ineffective for surveillance protection by default as it comes with Acceptable Ads enabled: These ads are not meant to be "ads that don't track you".Blocks banners, pop-ups, tracking, malware. By default, nonintrusive ads aren't blocked in order to support websites.
The add-on is supported by over forty filter subscriptions in dozens of languages which automatically configure it for purposes ranging from removing online advertising to blocking all known malware domains. Adblock Plus also allows you to customize your filters with the assistance of a variety of useful features, including a context option for images, a block tab for Flash and Java objects, and a list of blockable items to remove scripts and stylesheets.
Starting with Adblock Plus 2.0 there is an option in Filter Preferences to allow some non-intrusive advertising. The goal is to support websites using non-intrusive ways to advertise and to encourage more websites to do the same.
- Aiodns
- Supports A, AAAA, ANY, CNAME, MX, NAPTR, NS, PTR, SOA, SRV, and TXT DNS queries.
- Amavisd-new
- 'amavisd-new' is an interface between MTAs and content checkers, including virus scanners, and/or the Mail::SpamAssasin Perl module. It talks to the MTA via (E)SMTP or LMTP, or by using helper programs. No timing gaps exist in the design, which could cause a mail loss. It is normally positioned at or near a central mailer, not necessarily where the user's mailboxes and final delivery takes place.
- AnonymousMessenger
- Features Double end to end encryption Completely peer to peer using hidden services Cryptographic Identity Verification Excellent Network Security Voice Messages Live Voice Calls over tor (alpha feature) Text Messages Metadata stripped media messages Raw file sending of any size (100 GB+) coming soon... Both peers have to add each others onion addresses to be able to communicate Disappearing messages by default Encrypted file storage on Android Screen security
- ArkOS
- arkOS is a lightweight GNU/Linux-based operating system, initially targeted to run on a Raspberry Pi, intended to make self-hosting server software as easy as possible. It has different components that interact to achieve these ends, chief among them an integrated application called Genesis which graphically manages the server and its components. With Genesis, users can easily add/remove server software, manage websites, change system settings and more from a reliable visual interface that's easy to use. arkOS puts a focus on user's experience, requiring no command line experience to run well. In the future, users will also be able to host their email accounts, chat accounts, and social networking profiles from an arkOS server just as easily.
- Authforce
- Authforce is an HTTP authentication brute forcer. Using various methods, it attempts brute force username and password pairs for a site. It has the ability to try common usernames and passwords, username derivations, and common username/password pairs. It is used both to test the security of your site and to highlight the insecurity of HTTP authentication due to the fact that users just don't pick good passwords.
- AuthzForce
- The AuthzForce project provides an Attribute-Based Access Control (ABAC) framework compliant with the OASIS XACML standard v3.0, that mostly consists of an authorization policy engine and a RESTful authorization server. It was primarily developed to provide advanced access control for Web Services or APIs, but is generic enough to address all kinds of access control use cases. You can use AuthzForce in two ways depending on your needs: Java API: AuthzForce provides a XACML PDP (Policy Decision Point) engine as a Java library so that applications can instantiate and use an embedded XACML PDP easily with Java. This API is provided by AuthzForce Core. Web API: AuthZForce provides a multi-tenant HTTP/REST API to PDPs and PAPs (Policy Administration Points) that web clients can call to manage policies, request authorization decisions, etc. This API is provided by AuthzForce Server.
- Black-widow
- Black Widow is a CTF tool developed by Fabrizio Fubelli during the "CyberChallenge.it 2019" event. It provides many ways and useful methods to exploit many kinds of vulnerabilities. This software will be constantly updated, to keep up to date with the latest existing technologies. Main functionalities: Sniffing; Regex to find and send flag automatically; Multiple requests (sequential and parallel); Multitasking (to solve faster the brute force); Cluster (if two or more computers are running Black Widow inside the same network, they can cluster their problems); Encryption/Decryption by using the popular types of cryptographic algorithms (ex. Base64, MD5, ...).
- Broadband-usage
- This software meters the traffic on an SNMP-enabled broadband modem/router and then lets you find out your usage by calendar month. It's main purpose is to let you know what your usage is without having to resort to your ISP's website and without having to trust their accounting. If they get their accounting wrong (which can happen), this software gives you data that you might be able to use when contesting the invoice.
- CQuerl
- CrococryptQuerl (CQuerl) is a web-based open-source file encryption and file exchange tool. If you trust the application service provider which is running CrococryptQuerl, it can be seen as an "anonymous & encrypted safe deposit box for computer files". The user provides a file and password and receives an ID. No plaintext data is stored in CQuerl including filenames. If the user looses the ID or forgets the password, the encrypted file cannot be recovered - even by the service provider.
- Castopod
- Decentralized podcast hosting software to run on your own server.
- Certbot
- From README: Certbot is part of EFF’s effort to encrypt the entire Internet. Secure communication over the Web relies on HTTPS, which requires the use of a digital certificate that lets browsers verify the identity of web servers (e.g., is that really google.com?). Web servers obtain their certificates from trusted third parties called certificate authorities (CAs). Certbot is an easy-to-use client that fetches a certificate from Let’s Encrypt—an open certificate authority launched by the EFF, Mozilla, and others—and deploys it to a web server. Anyone who has gone through the trouble of setting up a secure website knows what a hassle getting and maintaining a certificate is. Certbot and Let’s Encrypt can automate away the pain and let you turn on and manage HTTPS with simple commands. Using Certbot and Let's Encrypt is free.
- Cjdns
- Cjdns implements an encrypted IPv6 network using public key cryptography for address allocation and a distributed hash table for routing. This provides near zero-configuration networking without many of the security and robustness issues that regular IPv4 and IPv6 networks have. Hyperboria is the largest cjdns network, with hundreds of active nodes around the world.
- Clipperz
- Clipperz is a web based password manager. Local encryption within the browser guarantees that no one except you can read your data. With Clipperz you can quickly login to websites, as well as organize and store logins and any confidential data.
- Cowrie
- Cowrie is a medium to high interaction SSH and Telnet honeypot designed to log brute force attacks and the shell interaction performed by the attacker. In medium interaction mode (shell) it emulates a UNIX system in Python, in high interaction mode (proxy) it functions as an SSH and telnet proxy to observe attacker behavior to another system.
- Crowdsec
- Crowdsec is a firewall and behaviour detection system that uses a shared IP address reputation database in order to identify potential threats. User can instruct Crowdsec to watch certain logs, including both operating system logs and logs for specific applications. These are analysed for potential security threats, and the source IP address of any suspicious activity may be uploaded to a shared reputation database. Likewise, the user can download this shared database to benefit from lists of known suspicious hosts. Crowdsec includes so-called 'bouncers' to block certain IP addresses from accessing services, thus forming a reputation-based firewall. As the bouncer and detection components are separate programs and can remotely communicate, Crowdsec may be appropriate for embedded applications where the host to be protected is not powerful enough to detect potential threats itself; the log analysis can be done on another, more powerful system.
- DNSleak
- DNSleak inspects DNS packets on the local network interface to detect leaks. Unlike web-based solutions, it works at the local computer level. No third party servers are used and DNS leak result is a true/false response.
- Feather
- Feather is a free Monero wallet for GNU/Linux, Tails, macOS and Windows. It has many useful features and it is focused on privacy and security, it works through Tor network and websocket connection
- Ffsend
- ffsend allows you to easily and securely share encrypted files from the command line.
- File Scan
- File::Scan allows users to make multiplatform virus scanners which can detect Windows/DOS/Mac viruses. It include a virus scanner and signatures database.
- Firestorm
- Firestorm is an extremely high performance network intrusion detection system (NIDS). At the moment it just a sensor but plans are to include real support for analysis, reporting, remote console and on-the-fly sensor configuration. It is fully pluggable and hence extremely flexible.
- Firestr
- Fire★ is a a simple platform for decentralized communication and computation. Provides a simple application platform for developing p2p applications and share these applications with others in a chat like user interface. You don't send a message to someone, you send an program, which can have rich content. All programs are wired up together automatically providing distributed communication, either through text, images, or games. The source code to all applications is available immediately to instantly clone and modify.
- FriBID
- FriBID is a free software for the Swedish e-id system called BankID. FriBID also supports processor architectures and GNU/Linux and BSD distributions that the official software doesn't support., ⚠ Retired, fork needed!
Reverse engineering is required to make a modern version of BankID. The old versions of FriBID doesn't work any more.
- Gnunet
- GNUnet is a framework for secure peer-to-peer networking that does not use any centralized or otherwise trusted services. Its high-level goal is to provide a strong free software foundation for a global network that provides security and privacy. GNUnet started with an idea for anonymous censorship-resistant file-sharing, but has grown to incorporate other applications as well as many generic building blocks for secure networking applications. In particular, GNUnet now includes the GNU Name System, a privacy-preserving, decentralized public key infrastructure.
- Gofoss.net
- gofoss.net is a beginners guide to free software, privacy, data ownership and durable tech. Learn how to: safely browse the Internet; keep your conversations private; protect your data; unlock your computer's full potential; stay mobile and free; own your cloud; avoid filter bubbles, surveillance & censorship.
- Gpg-remailer
- Gpg-remailer is somewhat similar to ordinary mailing list software, but all e-mail processed by gpg-remailer is PGP/GPG signed and encrypted. Gpg-remailer decrypts received PGP/GPG messages, verifies the received signature and re-encrypts the e-mail for the members of a well defined group of recipients. Using gpg-remailer the list of members of a group of people who want to exchange encrypted and authenticated e-mail can be maintained at one location, allowing the members of the group to specify just one e-mail address to send PGP/GPG signed and encrypted e-mail to. Gpg-remailer recognizes the following e-mail formats: * Standard simple encrypted messages. * Multi-part encrypted messages. * Encrypted messages containing detached signatures.
- Hackbot
- This is a candidate for deletion: Links broken. Email to maintainer broken. Poppy-one (talk) 13:04, 3 August 2018 (EDT) Hackbot is a host exploration tool and bannergrabber. It is meant as auditory tool for remote and local hosts. It scans numerous services and vulnerabilities.
- Hashlet
- Hashlet is an application with a Command Line Interface (CLI) that controls the Cryptotronix Hashlet. The Cryptotronix Hashlet is open source hardware that implements SHA256, provides a hardware random number generator, and stores 256 bit keys in read and write protected memory. The hardware is designed for a BeagleBone Black but can be uses on an embedded GNU/Linux system that supports the I2C protocol and can supply 3.3 or 5 Volts to the device.
- I2P
- The Invisible Internet Project (I2P) is a project to build, deploy, and maintain a network supporting secure and anonymous communication. People using I2P are in control of the tradeoffs between anonymity, reliability, bandwidth usage, and latency. There is no central point in the network on which pressure can be exerted to compromise the integrity, security, or anonymity of the system. The network supports dynamic reconfiguration in response to various attacks, and has been designed to make use of additional resources as they become available. Of course, all aspects of the network are open and freely available. Unlike many other anonymizing networks, I2P doesn't try to provide anonymity by hiding the originator of some communication and not the recipient, or the other way around. I2P is designed to allow peers using I2P to communicate with each other anonymously — both sender and recipient are unidentifiable to each other as well as to third parties. For example, today there are both in-I2P web sites (allowing anonymous publishing / hosting) as well as HTTP proxies to the normal web (allowing anonymous web browsing).
- Ipfs
- pleas add
- Jami ,
- GNU Jami (formerly SFLphone, GNU Ring) is a universal and distributed communication platform, implemented as free (libre) software, which respects the freedoms and privacy of users. Aimed at the general public as well as professionals, Jami provides all its users a universal communication tool, autonomous, libre, secure and built on a distributed architecture thus requiring no authority or central server to function. GNU Jami satisfies a high priority software goal of the Free Software Foundation, responding to the challenges of privacy on the Internet. Developed by Savoir-faire Linux, Jami takes advantage of an active development community thanks to the support of young Google Summer of Code developers as well as research partnerships with Polytechnique Montréal and the Université du Québec à Montréal.
- Knocker
- Knocker is a TCP security port scanner written in C, using threads. It can analyze hosts and the network services which are running on them. Both a console version and a GTK+ version are available.
- Kontalk
- Kontalk is a free software, secure and distributed instant messaging driven by the community. Kontalk protocol is based on XMPP with end-to-end encryption in both server-to-server and server-to-client. Kontalks is basically for phone, but it's also available for desktop now (GNU/Linux, Windows, and macOS).
- Legibly Password Generator
- generates 30 thirteen characters long passwords // used character groups: A-Z, a-z, 0-9, special: #+,.-;:_= // but without hardly distinguishable ones like l, 1, O, 0 // the output of each password is split up after four characters for a better readability // the first six characters contain at least one character of each group of characters, because some systems do not store larger passwords // every password starts with letters, because some systems cannot handle digits or special signs at the start // in one single password is no character more than ones // the randomness is large enough, that the passwords are very unique
- Librecmc
- libreCMC is an embedded GNU/Linux distro with the focus of providing a platform that is 100% free software and that does not contain non-free blobs. While libreCMC is currently a hard fork of the popular OpenWRT project, it uses a linux-libre kernel and does not contain non-free parts.
- Libsafe
- The exploitation of buffer overflow and format string vulnerabilities in process stacks are a significant portion of security attacks. 'libsafe' is based on a middleware software layer that intercepts all function calls made to library functions known to be vulnerable. A substitute version of the corresponding function implements the original function in a way that ensures that any buffer overflows are contained within the current stack frame, which prevents attackers from overwriting the return address and hijacking the control flow of a running program. The true benefit of using libsafe is protection against future attacks on programs not yet known to be vulnerable. The performance overhead of libsafe is negligible, it does not require changes to the OS, it works with existing binary programs, and it does not need access to the source code of defective programs, or recompilation or off-line processing of binaries.
- Lynis
- Lynis is an auditing and hardening tool for Unix-Like Operating Systems like GNU/Linux, BSD, Solaris. It scans systems to detect software and security issues. Besides security-related information, it will also scan for general system information, installed packages, and possible configuration mistakes. The software is aimed at assisting automated auditing, software patch management, and vulnerability and malware scanning of Unix-based systems.
- Maryam
- OWASP Maryam is an Open-source intelligence(OSINT) and Web-based Footprinting modular framework based on the Recon-ng and written in Python. If you want Extracts Emails, Docs, Subdomains, Social networks from search engines Extracts Links, CSS and JS files, CDN links, Emails, Keywords from Web Source Find and Brute force DNS, TLD and important directs Crawl Web Pages and search your RegExp Identify WebApps, WAF, Interesting and important files Use Maryam
- MasterPassword
- Most password managers are password vaults: they let you store or generate a strong password for your services and then encrypt that key and store it for later retrieval. This approach presents many problems, in particular in the modern mobile age, that result in many frustrations: * Vault availability: If your vault is not available, you cannot use any of your services. * Added risk of identity loss: If you lose (eg. HDD failure/house fire) your vault, you instantly lose your entire online identity. * Force of law: Many countries have laws that require you to divulge the encryption key if a lawful search discovers your vault. Some password vaults implement features to try and address these issues, such as Internet sync, cloud-based vaults or backups and self-destructing vaults. These features all work around issues inherent to the solution and bring their own set of issues: * Network sync: Keeping data secure in transit is non-trivial and adds security risks. * Backups: Requires that you keep multiple locations secure from loss and theft, as well as the vault in transit. * Cloud-based services: Requires you to trust an external party and sacrifices transparency and freedom. * Defensive destruction: Reliability issues and again, risk total identity loss. Master Password is a completely different approach to passwords. The core issue that brings forth these problems is the vault used to store passwords. Master Password removes the vault from the solution by being a stateless solution, thus avoiding each of these issues. Master Password works by being an offline and stateless algorithm used to calculate your site passwords on-demand. Your passwords exist only as long as you need them and then disappear from disk and memory. Passwords are calculated based on a master password and the user's full name, combined with the name of the site. Calculation is based on strong, known and understood cryptographic hashes. Hash-based password generation is not new, but Master Password is a careful implementation that avoids many issues that other hash-based password managers suffer from. Cryptography is not easy and upon inspection, the security of most hash-based password generators completely falls apart. Master Password uses scrypt combined with hmac-sha256 and salting to prevent all known attack vectors.
- Mod security
- 'Mod_security' is an intrusion detection and prevention module for Apache Web servers. Its purpose is to protect vulnerable applications by detecting and (optionally) rejecting attacks. In addition to request filtering (using regex), it can create Web application audit logs. Unlike other similar projects, Mod_security can analyse POST payloads.
- MongooseIM
- MongooseIM is aimed at large, complex enterprise level projects where real-time communication is critical for business success. It provides high availability, ease of deployment, development and reliability in production. The MongooseIM platform includes server-side components and client libraries. It has also contributed to open source third party XMPP libraries: Smack for Android and XMPP framework for iOS. Built around proven technologies XMPP/Jabber, it adds a simple client/server REST API for front-end and back-end integration.
- NSBD
- Not-So-Bad Distribution is an automated Web-based distribution system designed for distributing free software on the internet, where users cannot trust the network and cannot entirely trust the software maintainers. NSBD authenticates packages with GNU Privacy Guard (GnuPG) or "Pretty Good(Tm) Privacy" (PGP(Tm)) digital signatures so users can be assured that packages have not been tampered with, and it limits the maintainer to only update selected files and directories on the user's computer. NSBD's focus is on security, leaving as much control as is practical in the users' hands. NSBD handles automated updates by supplying a means of checking for updates to packages and automatically downloading and installing the updates. This "automated pull" style of distribution has the same effect as the "push" style of distribution, but gives more control to the user. A direct "push" style is also supported, which is especially appropriate for situations where there are multiple contributors to a shared server (for example, a shared web-page server). NSBD can "pull" directly over http or by using rsync to minimize network usage.
- NetCube
- NetCube (a.k.a. Jeff's version of The Spinning Cube of Potential Doom) is a python utility for visualizing network traffic in a 3d simulation. The x, y, and z axes correspond to the source IP address, the port number, and the destination IP address, respectively. This applies only to TCP and UDP traffic, of course, but that's the bulk of the traffic out there! Why bother? Well for one, visualization seems to help humans in identifying port scans and the like. See the original The Spinning Cube of Potential Doom page for more info.
- NextTypes
- NextTypes is a standards based information storage, processing and transmission system that integrates the characteristics of other systems such as databases, programming languages, communication protocols, file systems, document managers, operating systems, frameworks, file formats and hardware in a single tightly integrated system using a common data types system. NextTypes is a relational/network/objects/files hybrid database system with high level SQL interface, extensive primitive types list, JSON/JSON-LD/XML/Smile/WebDAV/CalDAV/iCalendar/RSS data access, REST interface, customizable MVC architecture, optimistic concurrency control, HTML5/CSS3/SVG/Javascript responsive graphical interface, multilanguage, UTF-8 encoding, syntax highlighting or WYSIWYG editors, robots.txt and sitemap management, text extraction/fulltext search, document management, virus scanning, DoS/SQL injection/CSRF/XSS protection, passwords/X.509 certificates authentication, logging and backup system.
- OnionShare
- What is OnionShare? OnionShare lets you securely and anonymously share files of any size. It works by starting a web server, making it accessible as a Tor onion service, and generating an unguessable URL to access and download the files. It doesn't require setting up a server on the internet somewhere or using a third party filesharing service. You host the file on your own computer and use a Tor onion service to make it temporarily accessible over the internet. The other user just needs to use Tor Browser to download the file from you. How to Use Open OnionShare, drag and drop files and folders you wish to share into it, and click Start Sharing. After a moment, it will show you a .onion URL. This is the secret URL that can be used to download the file you're sharing. Send this URL to the person you're sending the files to. If the files you're sending aren't secret, you can use normal means of sending the URL, like by emailing it, or sending it in a Facebook or Twitter private message. If you're sending secret files then it's important to send this URL securely. The person who is receiving the files doesn't need OnionShare. All they need is to open the URL you send them in Tor Browser to be able to download the file.\
- OpenVPN
- OpenVPN lets you to treat a collection of remote machines as though they are on the same network. The connections on this new, virtual network are secured by TLS/SSL. One machine acts as the network server, the others as clients. OpenVPN can also be a component in a TLS tunnel, where the client connects only to the OpenVPN server, which makes additional connections on the client's behalf.
- Pica Pica Messenger
- Pica Pica is a project aimed to create and support distributed decentralized secure instant messaging system. Pica Pica network consists of nodes and clients. Nodes are hosted by volunteers on their computers. Nodes connect to each other and exchange info about other nodes and online clients, transfer encrypted data between clients. All data transferred between clients is protected by end-to-end encryption using TLS 1.2 protocol. Users are identified by unique SHA224 hash of their certificate which is generated during account creation.
- Pound
- Pound is a reverse HTTP proxy, load balancer, and SSL wrapper. It proxies client HTTPS requests to HTTP backend servers, distributes the requests among several servers while keeping sessions, supports HTTP/1.1 requests even if the backend server(s) are HTTP/1.0, and sanitizes requests. Pound proxies HTTO _and HTTPS requests simultaneously. In addition, it knows about failed back-end servers and can redirect requests according to their availability. It can run as setuid/setgid and/or in a chroot jail. Pound does not access the hard-disk at all (except for reading the certificate file on start, if required, and the pid file) and should thus pose no security threat to any machine. It needs at least the configuration file (read-only) and, optionally, the HTTPS server certificate (read-only).
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the page “GNU Free Documentation License”.
The copyright and license notices on this page only apply to the text on this page. Any software or copyright-licenses or other similar notices described in this text has its own copyright notice and license, which can usually be found in the distribution or license text itself.
