Netscape Security Wrapper manages the loading of NPAPI (Netscape Plugin API) plugins and applies simple policy decisions. The intention is to allow administrators to deploy deprecated, unreliable, or unsafe third party plugins while minimizing the security exposure. Safari, Google Chrome, Firefox, and other NPAPI-compatible browsers are supported on OS X and Linux. Use cases include: restricting plugins to certain domains, restricting the use of deprecated plugins to known outliers, allowing internal corporate workflows which use insecure or deprecated plugins without exposing the plugin to the hostile Internet, and allowing multiple outdated plugin versions (e.g., Java) to co-exist for use in whitelisted, trusted enterprise tools.
Google Authenticator Demo is an implementation of two-factor authentication using the Google Authenticator that can be used on your own site or application. It allows you to register a user name and then log in using the information provided by the Google Authenticator. It also works with OATH HOTP compliant hardware tokens.
"TCP Input Text" extracts TCP ports and fully qualified domain names (FQDN) from search results into a .csv file and individual shell scripts for nmap and nc (a.k.a. netcat) to provide assurance of a listening TCP service since the time that has passed of the last crawl performed by the search engine.
TinyIDS is a distributed intrusion detection system (IDS) for Unix systems. It is based on the client/server architecture and has been developed with security in mind. The client, tinyids, collects information from the local system by running its collector backends. The collected information may include anything, from file contents to file metadata or even the output of system commands. The client passes all this data through a hashing algorithm and a unique checksum (hash) is calculated. This hash is then sent to one or more TinyIDS servers (tinyidsd), where it is compared with a hash that had previously been stored in the databases of those remote servers for this specific client. A response indicating the result of the hash comparison is finally sent back to the client. Management of the remotely stored hash is possible through the client's command line interface. Communication between the client and the server can be encrypted using RSA public key infrastructure (PKI).
skipfish is a high-performance, easy, and sophisticated Web application security testing tool. It features a single-threaded multiplexing HTTP stack, heuristic detection of obscure Web frameworks, and advanced, differential security checks capable of detecting blind injection vulnerabilities, stored XSS, and so forth.
iExploder is like a fire hydrant full of bad HTML and CSS code to test the stability and security of Web browsers. It is available as a standalone Web server or CGI script. It continuously feeds browsers bad data in the hope that they will eventually crash. It is designed to run for hours, or even days until the browser crashes.
Keyczar is a cryptographic toolkit designed to make it easier and safer for developers to use cryptography in their applications. It supports authentication and encryption with both symmetric and asymmetric keys. Cryptography is easy to get wrong. Developers can choose improper cipher modes, use obsolete algorithms, compose primitives in an unsafe manner, or fail to anticipate the need for key rotation. Keyczar abstracts some of these details by choosing safe defaults, automatically tagging outputs with key version information, and providing a simple programming interface.
libapache2-mod-scramble-ip is an Apache 2 module that works like mod_removeip, but instead of just overwriting the IP address with 127.0.0.1, it encrypts the IP address. This way you always get an IP address to work with (in scripts, etc.) and have the ability to use tools like awstats to analyze your logs. It's in alpha status, but working on some Apache 2 servers, and the 'cost' (load) should be small and reasonable.