The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
libpwstor is a library implementing a password storage format for C programmers. This format provides a reasonable level of security by utilizing SHA-256 in addition to a random salt to mitigate dictionary and rainbow table attacks. In addition to the core functionality, libpwstor also offers some additional functions such as Base64 encoding and decoding. All functionality is implemented and designed in such a way as to be easy to use for C programmers of varying skill levels, while preserving reasonable security in the underlying storage format.
The sniffy project can trace/log the data of any pseudo terminal in the system. Due to the way the terminal works, such a terminal trace provides complete information of what happened on the terminal screen, and sniffy is able to display/replay this information. It consists of a kernel module able to connect/hook on the pseudo terminal, a program to display the contents of any pseudo terminal on the fly, a daemon process tracing the pseudo terminal content into the file, and a replay program to replay any stored pseudo terminal session.
The Monkeysphere enables you to use the OpenPGP web of trust to verify ssh connections. SSH key-based authentication is tried-and-true, but it lacks a true public key infrastructure for key certification, revocation, and expiration. Monkeysphere is a framework that uses the OpenPGP web of trust for these PKI functions. It can be used in both directions: for users to get validated host keys, and for hosts to authenticate users.
Campagnol is a distributed IP-based VPN program able to open new connections through NATs or firewalls without any configuration. It uses UDP for the transport layer, and utilizes tunneling and encryption (with DTLS) and the UDP hole punching NAT traversal technique. The established connections are P2P.
Ubuntu Privacy Remix is a modified live CD based on Ubuntu Linux. UPR is not intended for permanent installation on a hard disk. The goal of Ubuntu Privacy Remix is to provide an isolated working environment where private data can be dealt with safely. The system installed on the computer running UPR remains untouched. It does this by removing support for network devices as well as local hard disks. Ubuntu Privacy Remix includes TrueCrypt and GnuPG for encryption and introduces "extended TrueCrypt volumes".
BSDftpd-ssl is a secure and easy-to-use FTP server that supports industry standard TLS/SSL encryption and authentication for whole FTP sessions and data transfers. This implementation supports both the original FTP protocol and the RFC2228-compliant TLS/SSL enhancement. The package contains the secure FTP server (named "ftpd") and a command line TLS/SSL-aware FTP client (named "ftps"). The server's features include logging of transfers, changing of a session root (known as "chroot"), and virtual host support.
Complemento is a collection of tools for penetration testing. LetDown is a TCP flooder written after reading the Fyodor article "TCP Resource Exhaustion and Botched Disclosure". Reverse raider is a domain scanner that uses brute force wordlist scanning for finding a target's subdomains or reverse resolution for a range of IPs. Httsquash is an HTTP server scanner, banner grabber, and data retriever. It can be used for scanning large ranges of IPs for finding devices or HTTP servers.
CloudVPN is a secure decentralized mesh networking tool. It allows applications to use it as a mesh transport layer for packet routing, easily creating mesh ethernet VPN, secured audio/video broadcasting or communication channels, etc. It can create secured networks with special or weird topologies, so it's very easy to create connection schemes with clustered/decentralized servers, topologies with better throughput, ring-like topologies for failover, long-line for passing through many routes, or tree topology for optimizing inter-server bandwidth needs.