courierpasswd is an authentication and password changing utility
that uses the courier-authlib authentication library to find user credentials.
Its interface follows that of Daniel J. Bernstein's checkpassword program.
courieruserinfo is a utility for retrieving user account information.
Account information is accessed through the courier-authlib authentication
library.
Doscan is a tool to quickly scan your network for machines listening on a
TCP port, opening thousands of TCP connections in parallel.
Features
High scanning rate: five to ten minutes per 100,000 addresses (which
are sparsely populated with hosts), with rather conservative timeouts.
Load distribution: doscan scans the addresses in a seemingly random
order. If your scan host is connected to a central router, this ensures
that the load is distributed across your network, and you are
stress-testing just a single router, and not your edge devices.
Low memory consumption: memory usage is proportional to the number
of hosts which have responded so far, and to the number of parallel
connections. The total number of addresses does not influence memory usage
in any way.
Can collect responses: doscan optionally records data which is sent
by the hosts which are being scanned. You can even specify a regular
expression to extract part of a server banner, and a message to send to
trigger a response (great for determining HTTP server versions).
Extensibility: It is possible to add special handlers for TCP-based
protocols, using a straightforward interface.
It supports scanning the vulnerable Microsoft DCOM implementation.
"Fragroute intercepts, modifies, and rewrites egress traffic destined
for a specified host, implementing most of the attacks described in the
Secure Networks "Insertion, Evasion, and Denial of Service: Eluding
Network Intrusion Detection" paper of January 1998.
It features a simple ruleset language to delay, duplicate, drop,
fragment, overlap, print, reorder, segment, source-route, or otherwise
monkey with all outbound packets destined for a target host, with
minimal support for randomized or probabilistic behaviour.
This tool was written in good faith to aid in the testing of network
intrusion detection systems, firewalls, and basic TCP/IP stack
behaviour. Please do not abuse this software."
GnuPG Made Easy (GPGME) is a C library designed to make access to GnuPG
easier for applications. It provides a High-Level Crypto API for encryption,
decryption, signing, signature verification and key management. Currently it
uses GnuPG as its backend.
GPuTTY is a frontend to the SSH client, using the Gtk+ toolkit.
GNU SASL is an implementation of the Simple Authentication and Security Layer
framework and a few common SASL mechanisms. SASL is used by network servers
(e.g., IMAP, SMTP) to request authentication from clients, and in clients to
authenticate against servers.
GNU SASL contains a library (`libgsasl'), a command line utility (`gsasl') to
access the library from the shell, and a manual. The library includes support
for the SASL framework (with authentication functions and application data
privacy and integrity functions) and at least partial support for the CRAM-MD5,
EXTERNAL, GSSAPI, ANONYMOUS, PLAIN, SECURID, DIGEST-MD5, LOGIN, NTLM and
KERBEROS_V5 mechanisms.
The library is portable because it does not do network communication by itself,
but rather leaves it up to the calling application. The library is flexible
with regards to the authorization infrastructure used, as it utilizes callbacks
into the application to decide whether an user is authorized or not.
GSS is an implementation of the Generic Security Service Application Program
Interface (GSS-API). GSS-API is used by network servers (e.g., IMAP, SMTP) to
provide security services, e.g., authenticate clients against servers.
GSS consists of a library and a manual.
fsh -- Fast remote command execution
The problem: logging in to a remote system with a cryptographic
solution such as lsh or ssh takes time, due to the computationally
expensive key exchanges that occur when the connection is
established. It is common to trigger a lot of remote logins while
using remote CVS, which makes it painfully slow compared to having the
repository locally.
The solution: reuse the secure tunnel once it has been
established. fsh is a drop-in rsh-compatible replacement for ssh that
automatically reuses ssh tunnels.
A command line idea encryption and decryption utility written by
Dr. Richard De Moliner.
IDEA (International Data Encryption Algorithm) is a block cipher devel-
oped by Dr. Xuejia Lai and Prof. Dr. J. L. Massey at the Swiss Federal
Institute of Technology.