Ratproxy is a semi-automated, largely passive web application security audit
tool. It is meant to complement active crawlers and manual proxies more
commonly used for this task, and is optimized specifically for an accurate and
sensitive detection, and automatic annotation, of potential problems and
security-relevant design patterns based on the observation of existing,
user-initiated traffic in complex web 2.0 environments.
OpenBSD's OpenSSH portable version
Normal OpenSSH development produces a very small, secure, and easy to maintain
version for the OpenBSD project. The OpenSSH Portability Team takes that pure
version and adds portability code so that OpenSSH can run on many other
operating systems (Unfortunately, in particular since OpenSSH does
authentication, it runs into a *lot* of differences between Unix operating
systems).
The portable OpenSSH follows development of the official version, but releases
are not synchronized. Portable releases are marked with a 'p' (e.g. 3.1p1).
The official OpenBSD source will never use the 'p' suffix, but will instead
increment the version number when they hit 'stable spots' in their development.
Snort-rep is a Snort reporting tool that can produce text or HTML
output from a syslog file. The reports contain:
* Portscan summary
* Alert Summary by ID
* Alert summary by remote host and ID
* Alert summary by local host and ID
* Alert summary by local port and ID
A fork of Twitter OAuth REST API client library for Ruby
ssh-copy-id is a small script which copies your ssh public-key to a remote host;
appending it to your remote authorized_keys.
The PEAR Text_Password package allows one to create pronounceable and
unpronounceable passwords.
This extension provides methods to PHP interact with gnupg.
A simple, low-level PHP extension for libsodium.
pecl-pam provides PAM (Pluggable Authentication Modules) integration.
PAM is a system of libraries that handle the authentication tasks of
applications and services. The library provides a stable API for
applications to defer to for authentication tasks.
Sancp is a network security tool designed to collect
statistical information regarding network traffic, as
well as, collect the traffic itself in pcap format, all
for the purpose of: auditing, historical analysis, and
network activity discovery. Rules can be used to distinguish
normal from abnormal traffic and support tagging connections
with: rule id, node id, and status id. From an intrusion
detection standpoint, every connection is an event that must
be validated through some means. Sancp uses rules to identify,
record, and tag traffic of interest. 'Tagging' a connection
is a new feature since v1.4.0 Connections ('stats') can be
loaded into a database for further analysis.