Astaro Security Gateway (formerly Astaro Security Linux) is an all-in-one network security gateway that includes a firewall, intrusion protection, antivirus, spam protection, URL filtering, and a VPN gateway. Features include a modern packet filter, intrusion detection and prevention, portscan detection, application control, content filtering, virus detection for email and Web traffic, profile handling, L2TP, IPSec, SSL, and PPTP VPN tunneling, spam blocking, proxies for HTTPS, HTTP, FTP, POP3, SMTP, DNS, VoIP, SOCKS, and Ident, logging, and reporting. It supports Ethernet, VLAN, PPP, PPPoE, PPPoA, Cable Modem, IPv6, QoS, Link Aggregation, and WAN-Uplink-Load balancing in routing, and bridge mode. The WebAdmin GUI, Install Wizard, Change Tracking, Printable Configuration, and Up2Date service make it easy to install, manage, and maintain.
OWASP Zed Attack Proxy (ZAP) is an easy-to-use integrated penetration testing tool for finding vulnerabilities in Web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen tester's toolbox. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.
dnscrypt-proxy acts as a DNS proxy between a regular client, like a DNS cache or an operating system stub resolver, and a DNSCrypt-aware resolver, like OpenDNS. The DNSCrypt protocol focuses on securing communications between a client and its first-level resolver. While not providing end-to-end security, it protects the local network (which is often the weakest link in the chain) against man-in-the-middle attacks. It also provides some confidentiality to DNS queries.
The Apache Traffic Server (TS or ATS) is a modular, high-performance reverse proxy server, generally comparable to Squid. It was created by Inktomi, and distributed as a commercial product called the Inktomi Traffic Server, before Inktomi was acquired by Yahoo!. Traffic Server has been actively used inside of Yahoo for over 4 years, serving billions of requests every day. As of fall 2009, Traffic Server is an Open Source project, and in April 2010 the Apache Traffic Server was promoted to a top-level project of the ASF.
nassh-relay implements a relay server used with the Secure Shell (hterm) plugin for the Chromium Web browser. It tunnels ssh traffic through an HTTP xhr or websockets connection. It could be used as a gateway to route traffic to an internal network (it supports authentication on the HTTP endpoint) or simply as an ssh-over-HTTP proxy.
SquidTL allows proxy administrators to manage proxy users: define how much time users can spend on a specific Web site, block sites, limit total time users can spend on the Web daily, and watch users' activity. For example, you can limit the use of Facebook or other social networks with per-user rules or IP. It has a small memory footprint and very fast execution. Management can be done with a smart Web-based administration GUI.
UDP IPTV to RTSP proxy is a lightweight GNU/Linux daemon which, being installed on a LAN router, provides on-demand access to UDP multicast streams via RTSP, RTP, and HTTP unicast protocols. The server itself does not support streaming of any files, it only can receive incoming multicast streams provided by your ISP and retransmit them to interested local clients. The main purpose of the software is to provide simple IPTV service to small office or home ethernet and/or Wi-Fi LANs where upgrading the network to handle multicast correctly is not an option. It is not intended to handle large-scale installations and service clients you don't trust (like the public Internet).
sec-wall is a feature-packed security proxy that supports SSL/TLS, WS-Security, HTTP Auth Basic/Digest, extensible authentication schemes based on custom HTTP headers and XPath expressions, powerful URL matching/rewriting, and an optional header enrichment. It's a security wall with which you can conveniently fence otherwise defenseless backend servers.
pwnat, pronounced "poe-nat", is a tool that allows any number of clients behind NAT gateways to communicate with a server behind a separate NAT with no port forwarding and no DMZ setup on any routers in order to directly communicate with each other. The server does not need to know anything about the clients trying to connect, nor does it need to communicate with any other hosts in order to initiate the communication. Simply put, this is a proxy server that works behind a NAT, even when the client is behind a NAT. There is no middle man, no proxy, no third party, no UPnP required, no spoofing, and no DNS tricks. More importantly, the client can then connect to any host or port on any remote host or to a fixed host and port decided by the server.