SSLsplit is a tool that performs man-in-the-middle attacks against SSL/TLS encrypted network connections for network forensics and penetration testing. It terminates SSL/TLS and initiates a new connection to the original destination, logging all data transmitted. It supports plain TCP and SSL, HTTP and HTTPS, and IPv4 and IPv6. For SSL and HTTPS, it generates and signs forged X509v3 certificates on-the-fly using the original certificate's subject DN and subjectAltName extension. It supports Server Name Indication, RSA, DSA, and ECDSA keys, and DHE and ECDHE cipher suites. It can also use existing certificates if the private key is available.
NetCrack is cluster software developed to distribute a hashing algorithm's cracking process work using a brute force attack. Currently, it only supports the two most commonly used hashing algorithms: MD5 and SHA-1. Support is included for MySQL, safe mode, and others. It works like a client/server application, where the server is unique for each cluster network and its job is to distribute the cracking process work, coordinate the nodes, and prevent connections and data integrity errors.
stegfs is a Fuse based file system which provides absolute security. Using encryption to secure files, and the art of steganography to hide them, stegfs aims to ensure that the existence of such files isn't guaranteed. Implemented as a Fuse based file system and using the mhash and mcrypt libraries to provide the cryptographic hash and symmetric block cipher functions, stegfs is at the cutting edge of secure file system technology.
libpwstor is a library implementing a password storage format for C programmers. This format provides a reasonable level of security by utilizing SHA-256 in addition to a random salt to mitigate dictionary and rainbow table attacks. In addition to the core functionality, libpwstor also offers some additional functions such as Base64 encoding and decoding. All functionality is implemented and designed in such a way as to be easy to use for C programmers of varying skill levels, while preserving reasonable security in the underlying storage format.
The Shrew Soft VPN Client for Unix is a free IPsec Client for FreeBSD, NetBSD, and Linux based operating systems. It can be used to communicate with systems running ipsec-tools. The Unix client utilizes the IPsec kernel support included with the operating system, and comes with the complete Internet Key Exchange daemon and client front end application source code. A Windows version is also available.
The LibPKI Project is aimed to provide an easy-to-use PKI library for PKI-enabled application development. The library provides the developer with all the needed functionality to manage certificates, from generation to validation. It helps developers integrate X509 digital certificates into their applications, and implement complex cryptographic operations with a few simple function calls using a high-level cryptographic API. The library constitutes the core of other OpenCA Labs Projects like the PRQP Server, the OCSP Responder, and the OpenCA-NG PKI.
OpenXPKI is a Web and CLI-based enterprise-grade PKI/trust center system (X509 public key infrastructure) complete with CA, Web interfaces, offline support, and support for well established infrastructure components like RDBMS and Hardware Security Modules. Flexibility and modularity are the project's key design objectives. Unlike many other PKI solutions, it offers powerful features necessary for professional environments. However, small scale installations are also targeted by providing quick-start configuration examples that allow you to get a usable PKI running quickly.
OAMP stands for (O)penBSD + (A)pache + (M)ySQL + (P)ostgreSQL + PHP. It is the OpenBSD cousin of LAMP, except that it also provides the SQlite database engine, Perl, Ruby, and Python. In addition, OAMP provides phpMyAdmin and phpPgAdmin for easy administration of MySQL and PostgreSQL over the Web.