Webfwlog is a Web-based firewall log reporting and analysis tool. It allows users to design reports to use on logged firewall data in whatever configuration they desire. Included are sample reports as a starting point. Reports can be sorted with a single click, or "drilled-down" all the way to the packet level, and saved for later use. Supported log formats are netfilter, ipfilter, ipfw, ipchains, and Windows XP. Netfilter support includes ulogd MySQL or PostgreSQL database logs using the iptables ULOG target.
SPF is a new strategy for preventing junk mail. The present SMTP standard for email allows anyone to forge anyone else's email address. SPF verifies that the Sender address of an email message matches (according to some policy) the client IP address that submitted it. libspf2 is a complete and robust implementation of SPF which provides support for many MTAs. Support for new MTAs is in progress.
Weplab is a tool to review the security of WEP encryption in wireless networks from an educational point of view. Several attacks are available, so it can measure the effectiveness and minimum requirements of each one. Currently, weplab supports several methods, and it is able to crack the WEP key from 600,000 encrypted packets.
Oink is a collaboration of backends for the Elsa C and C++ frontend. It aims to be industrial-strength for immediate utility in finding bugs, extensible for ease in adding backends, and composable for ease in combining existing ones. It computes expression-level and type-level data flow, and statement-level intra-procedural control flow (by delegating to Elsa). It's easy to get started by using the two demo backends that print graphs of these flows. It also comes with a client of the data flow analysis that does type qualifier inference: Cqual++, a C/C++ frontend for Cqual. Whole-program analyses may be attempted using the linker imitator.
libencio is a library providing a stdio-like interface for reading and writing of encrypted files (in MCrypt format only for now). Additionally, it provides full support for fseek()-like random read access of encrypted data. This allows one to operate on encrypted files as if they were ordinary, cleartext files. It could be used to provide MUAs with a layer to transparently handle encrypted attachments, as a backend to ffmpeg or mplayer to directly play encrypted files, or in combination with tar for encrypted backups. It uses libmcrypt and libmhash for encryption and hashing algorithms.
Hiawatha is a secure and advanced Web server for Unix. It has been written with security as its main goal. It features advanced access control, prevention of SQL injection and cross-site scripting, banning of clients who try such exploits, the ability to run CGIs under any UID/GID you want, and many other features. These features make Hiawatha an interesting Web server for those who need more security than what the other available Web servers are offering. Hiawatha is also fast and easy to configure.
fupids2 is a so-called human oriented IDS based on the FUPIDS project. fupids2 calculates an attacker level for every user on all Unix/Linux/BSD systems in the network. It looks at the behavior of the user (the programs the user uses, the daytime the user is active, the building and room the user uses, the part of the room in which the user sits, and so on) and reports if the user engages in behavior that is unusual for that person. This method can often detect accounts overtaken by attackers.
aircrack-ng is a set of tools for auditing wireless networks. It's an enhanced/reborn version of aircrack. It consists of airodump (an 802.11 packet capture program), aireplay (an 802.11 packet injection program), aircrack (static WEP and WPA-PSK cracking), airdecap (decrypts WEP/WPA capture files), and some tools to handle capture files (merge, convert, etc.).