Astaro Security Gateway (formerly Astaro Security Linux) is an all-in-one network security gateway that includes a firewall, intrusion protection, antivirus, spam protection, URL filtering, and a VPN gateway. Features include a modern packet filter, intrusion detection and prevention, portscan detection, application control, content filtering, virus detection for email and Web traffic, profile handling, L2TP, IPSec, SSL, and PPTP VPN tunneling, spam blocking, proxies for HTTPS, HTTP, FTP, POP3, SMTP, DNS, VoIP, SOCKS, and Ident, logging, and reporting. It supports Ethernet, VLAN, PPP, PPPoE, PPPoA, Cable Modem, IPv6, QoS, Link Aggregation, and WAN-Uplink-Load balancing in routing, and bridge mode. The WebAdmin GUI, Install Wizard, Change Tracking, Printable Configuration, and Up2Date service make it easy to install, manage, and maintain.
OWASP Zed Attack Proxy (ZAP) is an easy-to-use integrated penetration testing tool for finding vulnerabilities in Web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen tester's toolbox. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.
dnscrypt-proxy acts as a DNS proxy between a regular client, like a DNS cache or an operating system stub resolver, and a DNSCrypt-aware resolver, like OpenDNS. The DNSCrypt protocol focuses on securing communications between a client and its first-level resolver. While not providing end-to-end security, it protects the local network (which is often the weakest link in the chain) against man-in-the-middle attacks. It also provides some confidentiality to DNS queries.
SquidTL allows proxy administrators to manage proxy users: define how much time users can spend on a specific Web site, block sites, limit total time users can spend on the Web daily, and watch users' activity. For example, you can limit the use of Facebook or other social networks with per-user rules or IP. It has a small memory footprint and very fast execution. Management can be done with a smart Web-based administration GUI.
UDP IPTV to RTSP proxy is a lightweight GNU/Linux daemon which, being installed on a LAN router, provides on-demand access to UDP multicast streams via RTSP, RTP, and HTTP unicast protocols. The server itself does not support streaming of any files, it only can receive incoming multicast streams provided by your ISP and retransmit them to interested local clients. The main purpose of the software is to provide simple IPTV service to small office or home ethernet and/or Wi-Fi LANs where upgrading the network to handle multicast correctly is not an option. It is not intended to handle large-scale installations and service clients you don't trust (like the public Internet).
sec-wall is a feature-packed security proxy that supports SSL/TLS, WS-Security, HTTP Auth Basic/Digest, extensible authentication schemes based on custom HTTP headers and XPath expressions, powerful URL matching/rewriting, and an optional header enrichment. It's a security wall with which you can conveniently fence otherwise defenseless backend servers.
pwnat, pronounced "poe-nat", is a tool that allows any number of clients behind NAT gateways to communicate with a server behind a separate NAT with no port forwarding and no DMZ setup on any routers in order to directly communicate with each other. The server does not need to know anything about the clients trying to connect, nor does it need to communicate with any other hosts in order to initiate the communication. Simply put, this is a proxy server that works behind a NAT, even when the client is behind a NAT. There is no middle man, no proxy, no third party, no UPnP required, no spoofing, and no DNS tricks. More importantly, the client can then connect to any host or port on any remote host or to a fixed host and port decided by the server.
Muse Proxy is a highly customizable multi-platform proxy server. It is easy to use and configure, acting successfully as a gateway to authenticated restricted content, rewriting Web server, Web Access Management, proxy server, and reverse proxy. It has been used for more than 10 years within the Muse Federated Search Platform to manage the authentication to resources and the navigation to full text, by restoring the server session on the end-user browser.
Mireka is a mail server with SMTP, Mail Submission, and POP3 services. It can also be used as an SMTP proxy. As a proxy, it can help to prevent or diagnose mail problems, like outgoing backscatter spam. It provides detailed logging, basic mail traffic statistics, tarpit to prevent email harvesting, and loop detection. It can filter email by DNSBL, SPF, mail size, local domains, and recipients list. Local recipients can be specified using regular expressions. TLS is supported for incoming connections. Aliases, forward lists, and very simple mailing lists can be configured in XML. Custom filters and other components can be written in Java, and they can be easily implemented and installed.