SSLsplit is a tool that performs man-in-the-middle attacks against SSL/TLS encrypted network connections for network forensics and penetration testing. It terminates SSL/TLS and initiates a new connection to the original destination, logging all data transmitted. It supports plain TCP and SSL, HTTP and HTTPS, and IPv4 and IPv6. For SSL and HTTPS, it generates and signs forged X509v3 certificates on-the-fly using the original certificate's subject DN and subjectAltName extension. It supports Server Name Indication, RSA, DSA, and ECDSA keys, and DHE and ECDHE cipher suites. It can also use existing certificates if the private key is available.
WormTrack is a network IDS that allows detection of scanning worms on a LAN by monitoring anomalous ARP traffic. This allows detection of scanning threats on the network without having privileged access on a switch to set up a dedicated monitor port. It does not require constant updating of the rules engine to address new threats.
MN Viewer (Mobile Network Viewer) is a lightweight framework designed for system administrators who would like to be able to monitor many aspects of their network from their mobile phone. It allows for very simple expansion using simple PHP plugins. It is designed to integrate with other monitoring tools such as Cacti.
Moscrack is a WPA cracker for use on clusters. It supports MOSIX, SSH, and RSH connectivity and works by reading a word list from STDIN or a file, breaking it into chunks, and passing those chunks off to separate processes that run in parallel. The parallel processes are then executed on different nodes in your cluster. All results are checked and recorded on your master node. Logging and error handling are taken care of. It is capable of running reliably for long periods of time, without the risk of losing data or having to restart. Moscrack uses aircrack-ng by default. Pyrit for WPA cracking and Dehasher for Unix password hashes are supported via plugins.
Secure GnuPG Form is a Web form that sends encrypted email and attachments using GnuPG, without the sender needing to have GnuPG installed. Versions are available with Recaptcha.net support and two-factor authentication using a username and password and the free PhoneFactor.com service.
freeDiameter is a framework in C for supporting the Diameter Base Protocol (RFC3588). Diameter is a protocol for authentication, authorization, and accounting; it is the successor of RADIUS. Applications can be loaded as modules. Example applications include a Diameter EAP server, a Diameter SIP server, and Diameter Accounting.
agentsmith is a daemon that continuously monitors a log file for break-in attempts by remote hosts. Upon detection of a break-in attempt, it launches a user defined script or application, which can do virtually anything from sending mail messages to whatever else you might think of. The criteria for what is considered a break-in attempt can be configured by means of a regular expression.