Ports Search

gwee (Generic Web Exploitation Engine) is a small program written in C designed to exploit input validation vulnerabilities in web scripts, such as Perl CGIs, PHP, etc.

This utility is a wrapper for the md5(3), sha1(3), rmd160(3), and tiger hash routines. It is remarkably similar to the digest package, except that it can recursively checksum directory trees. While a simple checksum on a tar file is usually satisfactory, once said archive has been extracted, it is virtually impossible to repackage the extracted tree in a form that can yield a repeatable checksum. To be specific, changes in timestamps and ownership, and changes in file ordering within directories can affect the checksum of the archive, while not really impacting the actual code at all. The algorithm used to checksum a directory in this implementation is considers only the files' pathnames, the files' types (ie, directory vs. file vs. symbolic link), and their contents (for the latter two). It is described in greater detail in the man page.

TLS Lite is a free python library that implements SSL 3.0, TLS 1.0, and TLS 1.1. TLS Lite supports non-traditional authentication methods such as SRP, shared keys, and cryptoIDs in addition to X.509 certificates. TLS Lite is pure Python, however it can access OpenSSL, cryptlib, pycrypto, and GMPY for faster crypto operations. TLS Lite integrates with httplib, xmlrpclib, poplib, imaplib, smtplib, SocketServer, asyncore, and Twisted.

TrustedPickle is a Python module that can save most any arbitrary Python object in a signed pickle file. There are two big differences between this module and the standard pickle module. First, TrustedPickle can pickle a module, but the standard pickle module cannot. Second, TrustedPickle includes a signature that can verify the data's origin before the data is unpickled.

A pure python implementation of the Rijndael encryption algorithm. Useful for quick string encryption in python programs but probably is not fast enough for anything too big.

PyXMLSec is a set of Python bindings for the XML Security library (XMLSec).

"gag" is a program to scan for "stacheldraht" agents, which are part of an active "stacheldraht" network. It will not detect trinoo, the original Tribe Flood Network (TFN), or TFN2K agents. For methods of detecting trinoo and Tribe Flood Network, see: http://staff.washington.edu/dittrich/misc/trinoo.analysis http://staff.washington.edu/dittrich/misc/tfn.analysis (Why "gag"? Its supposed to be a running joke I started in the trinoo analysis. trinoo/trinot, "tribe"/civilize, gag/sicken&gesundheit!. Read the ddos trilogy to find out!)

[ excerpt from developer's web site ] I2P is an anonymous overlay network - a network within a network. It is intended to protect communication from dragnet surveillance and monitoring by third parties such as ISPs. I2P is used by many people who care about their privacy: activists, oppressed people, journalists and whistleblowers, as well as the average person. No network can be "perfectly anonymous". The continued goal of I2P is to make attacks more and more difficult to mount. Its anonymity will get stronger as the size of the network increases and with ongoing academic review.

ranpwd uses /dev/random or /dev/urandom to generate cryptographically secure passwords. Generated passwords may consist of any specified length and any combination of upper- or lower-case alphanumeric characters or punctuation. ranpwd can also generate passwords consisting of hexadecimal, decimal, octal or binary numbers, and format these as valid C constants for inclusion in source code.

This is RATS, a rough auditing tool for security, developed by Secure Software Solutions. It is a tool for scanning source code (C, C++, Perl, and Python) and flagging common security related programming errors such as buffer overflows and TOCTOU (Time Of Check, Time Of Use) race conditions. As its name implies, the tool performs only a rough analysis of source code. It will not find every error and will also find things that are not errors. Manual inspection of your code is still necessary, but greatly aided with this tool.