This is the base class for a system of objects that encapsulate
passphrases. An object of this type is a passphrase recogniser: its
job is to recognise whether an offered passphrase is the right one.
For security, such passphrase recognisers usually do not themselves
know the passphrase they are looking for; they can merely recognise it
when they see it. There are many schemes in use to achieve this
effect, and the intent of this class is to provide a consistent
interface to them all, hiding the details.
The CPAN package Authen::Passphrase contains implementations of
several specific passphrase schemes in addition to the base class.
This module provides a single command for generating random password
that is close enough to a real word that it is easy to remember. It
does this by using the frequency of letter combinations in a language
(the frequency table is generated during installation although multiple
tables can be generated and used for different languages).
This module should not be used for high security applications (such as
user accounts) since it returns passwords that are not mixed case, have
no punctuation and no letters. This word can be used as a basis for a
more secure password.
The language of the password depends on the language used to construct
the frequency table.
Bro is an open-source, Unix-based Network Intrusion Detection System (NIDS)
that passively monitors network traffic and looks for suspicious activity.
Bro detects intrusions by first parsing network traffic to extract its
application-level semantics and then executing event-oriented analyzers that
compare the activity with patterns deemed troublesome. Its analysis includes
detection of specific attacks (including those defined by signatures, but
also those defined in terms of events) and unusual activities (e.g., certain
hosts connecting to certain services, or patterns of failed connection
attempts).
Bro is documented in the USENIX 1998 Security Conference proceedings.
Digest:: HMAC
---------------------------------
This package provide modules which calculate HMAC digests.
To build the extensions, unpack this distribution somewhere, create
the Makefile by running 'perl Makefile.PL' and do a 'make', 'make
test', and if successful 'make install'.
You will need perl version 5.004 or better to install these modules.
Further documentation is embedded in the individual modules.
Copyright 1998-1999 Gisle Aas.
Copyright 1998 Graham Barr.
Copyright 1997 Uwe Hollerbach.
Copyright 1995-1996 Neil Winton.
Copyright 1990-1992 RSA Data Security, Inc.
This library is free software; you can redistribute it and/or
modify it under the same terms as Perl itself.
Net::Daemon is an abstract base class for implementing portable server
applications in a very simple way. The module is designed for Perl 5.005
and threads, but can work with fork() and Perl 5.004.
The Net::Daemon class offers methods for the most common tasks a daemon
needs: Starting up, logging, accepting clients, authorization,
restricting its own environment for security and doing the true work.
You only have to override those methods that aren't appropriate for you,
but typically inheriting will safe you a lot of work anyways.
Keyczar is an open source cryptographic toolkit designed to make it easier and
safer for developers to use cryptography in their applications. Keyczar supports
authentication and encryption with both symmetric and asymmetric keys. Some
features of Keyczar include:
* A simple API
* Key rotation and versioning
* Safe default algorithms, modes, and key lengths
* Automated generation of initialization vectors and ciphertext signatures
* Java, Python, and C++ implementations
* International support in Java (Python coming soon)
Keyczar was originally developed by members of the Google Security Team and is
released under an Apache 2.0 license.
This package provides an interface to the cracklib (libcrack) libraries that
come standard on most Unix-like distributions. This allows you to check
passwords against dictionaries of words to ensure some minimal level of
password security.
From the cracklib README
CrackLib makes literally hundreds of tests to determine whether you've
chosen a bad password.
* It tries to generate words from your username and gecos entry to tries
to match them against what you've chosen.
* It checks for simplistic patterns.
* It then tries to reverse-engineer your password into a dictionary
word, and searches for it in your dictionary.
- after all that, it's PROBABLY a safe(-ish) password. 8-)
Tor: an anonymizing overlay network for TCP
Tor is a connection-based low-latency anonymous communication system which
addresses many flaws in the original onion routing design.
Tor is a toolset for a wide range of organizations and people that
want to improve their safety and security on the Internet. Using
Tor can help you anonymize web browsing and publishing, instant
messaging, IRC, SSH, and more. Tor also provides a platform on which
software developers can build new applications with built-in
anonymity, safety, and privacy features.
RHash is a console utility and library for computing and verifying hash sums
of files. It supports CRC32, MD4, MD5, SHA1, SHA256, SHA512, SHA3, Tiger,
TTH, Torrent BTIH, AICH, ED2K, GOST R 34.11-94, RIPEMD-160, HAS-160, EDON-R
256/512, Whirlpool, and Snefru-128/256 hash sums. Its features are:
* Can calculate Magnet links
* Output in a predefined (SFV, BSD-like) or a user-defined format
* Ability to process directories recursively
* Updating existing hash-files (adding hash sums of files missing in a
hash-file)
* Portable, written in pure C, small in size, open source (MIT license)
Perl wrapper is available as `security/p5-Crypt-RHash' port.
The Metasploit Framework
The Metasploit Framework is an open source platform that supports
vulnerability research, exploit development, and the creation of
custom security tools. The goal is to provide useful information
to people who perform penetration testing, IDS signature development,
and exploit research. This site was created to fill the gaps in the
information publicly available on various exploitation techniques
and to create a useful resource for exploit developers. The tools
and information on this site are provided for legal penetration
testing and research purposes only.