Astaro Security Gateway (formerly Astaro Security Linux) is an all-in-one network security gateway that includes a firewall, intrusion protection, antivirus, spam protection, URL filtering, and a VPN gateway. Features include a modern packet filter, intrusion detection and prevention, portscan detection, application control, content filtering, virus detection for email and Web traffic, profile handling, L2TP, IPSec, SSL, and PPTP VPN tunneling, spam blocking, proxies for HTTPS, HTTP, FTP, POP3, SMTP, DNS, VoIP, SOCKS, and Ident, logging, and reporting. It supports Ethernet, VLAN, PPP, PPPoE, PPPoA, Cable Modem, IPv6, QoS, Link Aggregation, and WAN-Uplink-Load balancing in routing, and bridge mode. The WebAdmin GUI, Install Wizard, Change Tracking, Printable Configuration, and Up2Date service make it easy to install, manage, and maintain.
OWASP Zed Attack Proxy (ZAP) is an easy-to-use integrated penetration testing tool for finding vulnerabilities in Web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen tester's toolbox. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.
The Apache Traffic Server (TS or ATS) is a modular, high-performance reverse proxy server, generally comparable to Squid. It was created by Inktomi, and distributed as a commercial product called the Inktomi Traffic Server, before Inktomi was acquired by Yahoo!. Traffic Server has been actively used inside of Yahoo for over 4 years, serving billions of requests every day. As of fall 2009, Traffic Server is an Open Source project, and in April 2010 the Apache Traffic Server was promoted to a top-level project of the ASF.
dnscrypt-proxy acts as a DNS proxy between a regular client, like a DNS cache or an operating system stub resolver, and a DNSCrypt-aware resolver, like OpenDNS. The DNSCrypt protocol focuses on securing communications between a client and its first-level resolver. While not providing end-to-end security, it protects the local network (which is often the weakest link in the chain) against man-in-the-middle attacks. It also provides some confidentiality to DNS queries.
SquidTL allows proxy administrators to manage proxy users: define how much time users can spend on a specific Web site, block sites, limit total time users can spend on the Web daily, and watch users' activity. For example, you can limit the use of Facebook or other social networks with per-user rules or IP. It has a small memory footprint and very fast execution. Management can be done with a smart Web-based administration GUI.
pwnat, pronounced "poe-nat", is a tool that allows any number of clients behind NAT gateways to communicate with a server behind a separate NAT with no port forwarding and no DMZ setup on any routers in order to directly communicate with each other. The server does not need to know anything about the clients trying to connect, nor does it need to communicate with any other hosts in order to initiate the communication. Simply put, this is a proxy server that works behind a NAT, even when the client is behind a NAT. There is no middle man, no proxy, no third party, no UPnP required, no spoofing, and no DNS tricks. More importantly, the client can then connect to any host or port on any remote host or to a fixed host and port decided by the server.
Mireka is a mail server with SMTP, Mail Submission, and POP3 services. It can also be used as an SMTP proxy. As a proxy, it can help to prevent or diagnose mail problems, like outgoing backscatter spam. It provides detailed logging, basic mail traffic statistics, tarpit to prevent email harvesting, and loop detection. It can filter email by DNSBL, SPF, mail size, local domains, and recipients list. Local recipients can be specified using regular expressions. TLS is supported for incoming connections. Aliases, forward lists, and very simple mailing lists can be configured in XML. Custom filters and other components can be written in Java, and they can be easily implemented and installed.
FastFwD is a small daemon that allows users to set up port forwarding from a source IP address and port number to a target IP address and port number easily without the need to deal with complicated ipchains/iptables-rules. FastFwD offers a fault-proof possibility for port forwarding between two networks or IP addresses and additionally gives the possibility to password-protect this connection. FastFwD has been tested for Linux and QNX and should compile and work with all POSIX-based systems.