Nmap is a utility for network exploration and security auditing.
It supports various types of host discovery (determine which hosts
are up), many port scanning techniques for different protocols,
version detection (determine service protocols and application
versions listening behind ports), and TCP/IP stack fingerprinting
(remote host OS or device identification). Nmap also offers
flexible target and port specification, decoy/stealth scanning,
sunRPC scanning, and much more.
Also included is Ncat, the nc(1) work-a-like of the Nmap project.
Refer to the separate port security/zenmap for those parts of the
Nmap toolset which depend on python. The translated manual pages
for Nmap are contained in security/nmap-i18n-man.
See the web page and the Phrack Magazine article (Volume 7, Issue 51
September 01, 1997, article 11 of 17) http://nmap.org/p51-11.html
A simple implementation of the RC4 algorithm, developed by RSA
Security, Inc. Here is the description from RSA's website:
RC4 is a stream cipher designed by Rivest for RSA Data Security
(now RSA Security). It is a variable key-size stream cipher with
byte-oriented operations. The algorithm is based on the use of a
random permutation. Analysis shows that the period of the cipher
is overwhelmingly likely to be greater than 10100. Eight to sixteen
machine operations are required per output byte, and the cipher can
be expected to run very quickly in software. Independent analysts
have scrutinized the algorithm and it is considered secure.
Based substantially on the "RC4 in 3 lines of perl" found at
http://www.cypherspace.org
Seamus Venasse <svenasse@polaris.ca>
MUNGE (MUNGE Uid 'N' Gid Emporium) is an authentication service for creating and
validating credentials. It is designed to be highly scalable for use in an HPC
cluster environment. It allows a process to authenticate the UID and GID of
another local or remote process within a group of hosts having common users and
groups. These hosts form a security realm that is defined by a shared
cryptographic key. Clients within this security realm can create and validate
credentials without the use of root privileges, reserved ports, or
platform-specific methods.
libpwstor is a library implementing a password storage format
for C programmers. This format provides a reasonable level of
security by utilizing SHA-256 in addition to a random salt to
mitigate dictionary and rainbow table attacks.
In addition to the core functionality, libpwstor also offers
some additional functions such as Base64 encoding and decoding.
All functionality is implemented and designed in such a way as
to be easy to use for C programmers of varying skill levels,
while preserving reasonable security in the underlying storage
format.
The dnscrypt-proxy provides local service, which can be used directly as your
local resolver or as a DNS forwarder, encrypting and authenticating requests
using the DNSCrypt [1] protocol and passing them to an upstream server.
The DNSCrypt protocol uses high-speed high-security elliptic-curve cryptography
and is very similar to DNSCurve [2], but focuses on securing communications
between a client and its first-level resolver.
While not providing end-to-end security, it protects the local network, which
is often the weakest point of the chain, against man-in-the-middle attacks.
It also provides some confidentiality to DNS queries.
Reference links:
1. https://www.opendns.com/technology/dnscrypt/
2. http://dnscurve.org
Keychain is a shell script which acts as a user-friendly front-end to
ssh-agent(1), allowing you to have one long-running ssh-agent process per
system rather than per login session.
Please study the documentation on the keychain website carefully since
incorrect usage of this script may have certain security implications.
NASL is a scripting language designed for the Nessus security scanner. Its
aim is to allow anyone to write a test for a given security hole in a few
minutes, to allow people to share their tests without having to worry
about their operating system, and to garantee everyone that a NASL script
can not do anything nasty except performing a given security test against
a given target. Thus, NASL allows you to easily forge IP packets, or to
send regular packets. It provides you some convenient functions that will
make the test of web and ftp server more easy to write. NASL
garantees you that a NASL script :
will not send any packet to a host other than the target host
will not execute any commands on your local system
NASL is not a powerful scripting language. Its purpose is to make scripts
that are security tests. So, do not expect to write a third generation web
server in this language, nor a file conversion utility. Use perl, python
or whatever scripting language to do this.
The op tool provides a flexible means for system administrators to grant access
to certain root operations without having to give them full superuser
privileges. Different sets of users may access different operations, and the
security-related aspects of each operation can be carefully controlled.
Clamassassin is a simple virus filter wrapper for ClamAV for use in procmail
filters and similiar applications. Clamassassin's interface is similiar to
that of spamassassin, making it easy to implement for those familiar with
that tool. Clamassassin is designed with an emphasis on security, robustness
and simplicity.
The Digest::MD2 module allows you to use the RSA Data Security
Inc. MD2 Message Digest algorithm from within Perl programs. The
algorithm takes as input a message of arbitrary length and produces as
output a 128-bit "fingerprint" or "message digest" of the input.
The Digest::MD2 programming interface is identical to the interface
of Digest::MD5. MD2 is described in RFC 1115.