360-FAAR (Firewall Analysis Audit and Repair) is an offline, command line, Perl firewall policy manipulation tool to filter, compare to logs, merge, translate, and output firewall commands for new policies, in Checkpoint dbedit, Cisco ASA, or ScreenOS commands. It is all contained in one file. It can read policy and logs for: Checkpoint FW1 (in odumper.csv / logexport format), Netscreen ScreenOS (in get config / syslog format), and Cisco ASA (show run / syslog format). It uses both inclusive and exclusive CIDR and text filters, permitting you to split large policies into smaller ones for virutalization at the same time as removing unused connectivity. It supports policy to log association, object translation, rulebase reordering and simplification, rule moves, and duplicate matching automatically. It allows you to seamlessly move rules to where you need them. 'print' mode creates a spreadsheet for your audit needs with one command.
Borderline is a firewall generator. It takes a generic rule specification as input and generated an highly optimized firewall. It features IPv6 rule generation, support for multiple interfaces, and integrated support for network zones. It currently only supports firewall generation for Linux 2.6 (netfilter).
Campagnol is a distributed IP-based VPN program able to open new connections through NATs or firewalls without any configuration. It uses UDP for the transport layer, and utilizes tunneling and encryption (with DTLS) and the UDP hole punching NAT traversal technique. The established connections are P2P.
Cloonix is a Linux router and host simulation platform. It fully encapsulates application, host, and network l2 and l3 into a relatively easy-to-use simulation GUI. Network delay and loss characteristics can be configured per link. It provides support for running kvm or UML virtual machines configured into an arbitrary complex network configuration. It is possible to run a 12 router UML simulation on a small x86 host (a P4 with 512 MB RAM). 32- and 64-bit KVM machines are provided.
CloudVPN is a secure decentralized mesh networking tool. It allows applications to use it as a mesh transport layer for packet routing, easily creating mesh ethernet VPN, secured audio/video broadcasting or communication channels, etc. It can create secured networks with special or weird topologies, so it's very easy to create connection schemes with clustered/decentralized servers, topologies with better throughput, ring-like topologies for failover, long-line for passing through many routes, or tree topology for optimizing inter-server bandwidth needs.
Complemento is a collection of tools for penetration testing. LetDown is a TCP flooder written after reading the Fyodor article "TCP Resource Exhaustion and Botched Disclosure". Reverse raider is a domain scanner that uses brute force wordlist scanning for finding a target's subdomains or reverse resolution for a range of IPs. Httsquash is an HTTP server scanner, banner grabber, and data retriever. It can be used for scanning large ranges of IPs for finding devices or HTTP servers.
Crossroads is a daemon running in user space, and features extensive configurability, polling of back ends using wake up calls, status reporting, many algorithms to select the "right" back end for a request (and user-defined algorithms for very special cases), and much more. Crossroads is service-independent: it is usable for any TCP service, such as HTTP(S), SSH, SMTP, RDP, and database connections. In the case of HTTP balancing, Crossroads can provide session stickiness for back end processes that need sessions, but aren't session-aware of other back ends. Crossroads can be run as a stand-alone daemon or via inetd, and features a management Web interface for monitoring and for modification of parameters.