Ports Search

The Rekall Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples. The extraction techniques are performed completely independent of the system being investigated but offer visibility into the runtime state of the system. The framework is intended to introduce people to the techniques and complexities associated with extracting digital artifacts from volatile memory samples and provide a platform for further work into this exciting area of research.

"gag" is a program to scan for "stacheldraht" agents, which are part of an active "stacheldraht" network. It will not detect trinoo, the original Tribe Flood Network (TFN), or TFN2K agents. For methods of detecting trinoo and Tribe Flood Network, see: http://staff.washington.edu/dittrich/misc/trinoo.analysis http://staff.washington.edu/dittrich/misc/tfn.analysis (Why "gag"? Its supposed to be a running joke I started in the trinoo analysis. trinoo/trinot, "tribe"/civilize, gag/sicken&gesundheit!. Read the ddos trilogy to find out!)

[ excerpt from developer's web site ] I2P is an anonymous overlay network - a network within a network. It is intended to protect communication from dragnet surveillance and monitoring by third parties such as ISPs. I2P is used by many people who care about their privacy: activists, oppressed people, journalists and whistleblowers, as well as the average person. No network can be "perfectly anonymous". The continued goal of I2P is to make attacks more and more difficult to mount. Its anonymity will get stronger as the size of the network increases and with ongoing academic review.

The seccure toolset implements a selection of asymmetric algorithms based on elliptic curve cryptography (ECC). In particular it offers public key encryption / decryption, signature generation / verification and key establishment. ECC schemes offer a much better key size to security ratio than classical systems (RSA, DSA). Keys are short enough to make direct specification of keys on the command line possible (sometimes this is more convenient than the management of PGP-like key rings). seccure builds on this feature and therefore is the tool of choice whenever lightweight asymmetric cryptography -- independent of key servers, revocation certificates, the Web of Trust or even configuration files -- is required.

KSH-93 is the most recent version of the KornShell Language described in "The KornShell Command and Programming Language," by Morris Bolsky and David Korn of AT&T Bell Laboratories. The KornShell is a shell programming language, which is upward compatible with "sh" (the Bourne Shell), and is intended to conform to the IEEE P1003.2/ISO 9945.2 Shell and Utilities standard. KSH-93 provides an enhanced programming environment in addition to the major command-entry features of the BSD shell "csh". With KSH-93, medium-sized programming tasks can be performed at shell-level without a significant loss in performance. In addition, "sh" scripts can be run on KSH-93 without modification.

In the Unix tradition, it works with things already there and fills a empty niche. When incorporating it into your Unix environment, you keep your command line shell, your editor, your pager, and access to all your tools, tricks and know-how. Vshnu can operate as an optional supplemental visual mode to your command line shell. You switch between command line and visual mode easily as you wish. Your interface bandwidth and power for Unix operations is on a higher plane and life gets sweeter.

BSDstats is an attempt to produce reasonably accurate statistics on deployments of BSD operating systems. This is useful for marketing, project advocacy, hardware vendors and purchasers, device driver maintainers, and port maintainers. The major problem that we are trying to address is vendors who do not feel that BSD operating systems present enough of a market to bother supporting. Meant to be run monthly or during bootup, this script submits statistics anonymously to a central server (http://bsdstats.org). Potentially sensitive details like IP addresses and hostnames are not stored by or relayed through the BSDstats server.

'abck' is an interactive tool to examine intrusion attempts and decide what, if anything, to do about them. It reads through /var/log/messages looking for evidence of an intrusion attempt. Upon finding such a record, 'abck' qualifies it against information supplied by the user on the command line to determine if the record is to be processed. As packaged, 'abck' handles several common types of intrusion attempt records, but it can easily be expanded to handle others. You need a reasonably current copy of Python to run the main script.

Beats is the platform for building lightweight, open source data shippers for many types of operational data you want to enrich with Logstash, search and analyze in Elasticsearch, and visualize in Kibana. Whether you're interested in log files, infrastructure metrics, network packets, or any other type of data, Beats serves as the foundation for keeping a beat on your data. Filebeat is a lightweight, open source shipper for log file data. As the next-generation Logstash Forwarder, Filebeat tails logs and quickly sends this information to Logstash for further parsing and enrichment or to Elasticsearch for centralized storage and analysis.

A flexible backup tool Features: o Easy to configure o Uses dump, afio, GNU tar, cpio, pax, or zip archivers o Full and numbered levels of incremental backup (acts like "dump") o Compression and buffering options for all backup types o Does remote filesystems (over rsh/ssh; no special service) o Can backup only files not owned by rpm, or changed from rpm version o Writes to tapes, on-disk archive files, or on-disk directory trees o Keeps a table of contents so you know archives are on each tape o Nice log files You can get additional information about remote backup strategies using SSH at http://www.sysfault.org/flexbackup.html