Ports 搜索

The Rekall Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples. The extraction techniques are performed completely independent of the system being investigated but offer visibility into the runtime state of the system. The framework is intended to introduce people to the techniques and complexities associated with extracting digital artifacts from volatile memory samples and provide a platform for further work into this exciting area of research.

Heimdal is an implementation of Kerberos 5, largely written in Sweden (due to crypto export legal issues in the US at the time). It is freely available under a three clause BSD style license.

Scanhill is a Microsoft Messenger Protocol Sniffer. Currently it can only intercept Instant Text Messaging. Optionally, intercepted text messages can be stored onto an RDMBS (Only mySQL is supported for now). Given that mySQL is used, stored instant messages can be read through a browser interface that is written in PHP language. Please see the INSTALL.txt file for instructions on how to install, configure and run EnderUNIX scanhill.

ScanSSH supports scanning a list of addresses and networks for open proxies, SSH protocol servers, Web and SMTP servers. Where possible ScanSSH, displays the version number of the running services. ScanSSH protocol scanner supports random selection of IP addresses from large network ranges and is useful for gathering statistics on the deployment of SSH protocol servers in a company or the Internet as whole.

The scrypt key derivation function was originally developed for use in the Tarsnap online backup system and is designed to be far more secure against hardware brute-force attacks than alternative functions such as PBKDF2 or bcrypt.

SSHBlock is a daemon to monitor a syslog log for break-in attempts using SSH, and to automatically block bad hosts by adding lines to /etc/hosts.allow (TCP Wrappers). Several thresholds are pre-defined, to be able to block those trying many attempts within a longer or shorter period.

SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network forensics and penetration testing.

"... sslwrap is a simple Unix service that sits over any simple TCP service such as POP3, IMAP, SMTP, and encrypts all of the data on the connection using TLS/SSL. It uses ssleay to support SSL version 2 and 3. It can run out of inetd. It can also encrypt data for services located on another computer. It works with the servers you already have, and does not require any modifications to your existing servers. ..." Of course, it works with OpenSSL, too.

Sudoscript provides an audited shell using sudo(8) and script(1). The front end script, sudoshell(1) contacts the daemon, sudoscriptd(8). They agree on the location of a FIFO, which the daemon opens for read. Sudoshell then runs script(1) with the FIFO as a typescript. The daemon stamps each line of the script(1) output with a session id, then passes the data over to another daemon. This daemon timestamps the data and stores it in a log file which is /var/log/sudoscript. This daemon also keeps an eye on the size of log files, and forks a rotator/compressor when it exceeds 2 MBytes.

tinc is a Virtual Private Network (VPN) daemon that uses tunnelling and encryption to create a secure private network between hosts on the Internet. Because the tunnel appears to the IP level network code as a normal network device, there is no need to adapt any existing software. This tunnelling allows VPN sites to share information with each other over the Internet without exposing any information to others. A single tinc daemon can accept more than one connection at a time, thus making it possible to create larger virtual networks, because some limitations are circumvented. Instead of most other VPN implementations, tinc encapsulates each network packet in its own UDP packet, instead of encapsulating all into one TCP or even PPP over TCP stream. This results in lower latencies, less overhead, and in general better responsiveness and throughput. LICENSE: GPL3 or later with execption to link with OpenSSL