Open Source Security Software - Page 5

Intended for Developers to highlight their security weak coding and show them how attackers can abuse these weaknesses. Refer to the following web sites for directly viewing training movies online. http://yehg.net/lab/#training http://core.yehg.net/lab/#training

Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique. The Mole uses a command based interface, allowing the user to indicate the action he wants to perform easily. The CLI also provides auto-completion on both commands and command arguments, making the user type as less as possible.

A collection of tools to assist with the forensic analysis of computer systems.

multiOTP is a PHP class, a powerful command line utility and a web interface developed by SysCo systèmes de communication sa in order to provide a completely free and easy operating system independent server side implementation for strong two factors authentication solution. multiOTP supports hardware and software tokens with different One-Time Password algorithms like OATH/HOTP, OATH/TOTP and mOTP (Mobile-OTP). QRcode generation is also embedded in order to support provisioning of Google Authenticator software tokens. SMS code sending is currently implemented for several providers (ASPSMS, Clickatell and IntelliSMS). The data storage of the command line utility is by default flat files based in order to simplify deployment in a few minutes, but MySQL backend is supported too. multiOTP can be easily integrated in RADIUS servers like FreeRADIUS under Linux/Windows or TekRADIUS LT under Windows. multiOTP is also the engine of the credential provider multiOTP Credential Provider.

HashTool calculates the most common hash and hmac values of files and strings by using the "Bouncy Castle Java cryptography API".

An editor to edit and check protocols specified in SPI-calculus using ProVerif.

jSQL project has moved to https://github.com/ron190/jsql-injection jSQL Injection is a lightweight application used to find database information from a distant server. It is free, open source and cross-platform (Windows, Linux, Mac OS X). Kali Linux logo jSQL Injection is also part of the official penetration testing distribution Kali Linux and is included in distributions like Pentest Box, Parrot Security OS, ArchStrike or BlackArch Linux.

This module provides attack surface reduction enhancements against the HTTP Flood Attacks at the web application level. Massive crawling/scanning tools, HTTP Flood tools can be detected and blocked by this module via htaccess, firewall or iptables, etc. (like mod_evasive) You can use this module by including "iosec.php" to any PHP file which wants to be protected. You can test module here: http://www.iosec.org/test.php (demo) Watch the Proof of Concept video: http://goo.gl/dSiAL Hakin9 IT Security Magazine Article about IOSEC http://goo.gl/aQM4Di (different format -> http://goo.gl/JKMUPN) IJNSA Article at http://goo.gl/LLxRdX WP Plugin Page http://goo.gl/nF5nD CHANGES v.1.8.2 - Iptables Auto Ban Bash Script Included - Token Access via Implicit Deny - Reverse Proxy Support - reCAPTCHA Support Do you want more features? Check for third party addons http://sf.net/projects/iosecaddons Gökhan Muharremoğlu

The wolfSSL embedded SSL library (formerly CyaSSL) is a lightweight, portable, C-language-based SSL/TLS library targeted at IoT, embedded, and RTOS environments primarily because of its size, speed, and feature set. It works seamlessly in desktop, enterprise, and cloud environments as well. wolfSSL supports industry standards up to the current TLS 1.2 and DTLS 1.2, is up to 20 times smaller than OpenSSL, offers a simple API, an OpenSSL compatibility layer, OCSP and CRL support, is backed by the robust wolfCrypt cryptography library, and much more. wolfSSL relies on the FIPS 140-2 validated wolfCrypt library for all cryptographic functionality. Visit http://wolfssl.com/wolfSSL/fips.html for more info!

raw2vmdk is an OS independent Java utility that allows you to mount raw disk images, like images created by "dd", using VMware, VirtualBox or any other virtualization platform supporting the VMDK disk format.

An attempt to collect (read rewrite) a set of tools for Ultima Online game playing. Many tools are closed source or discontinued: no way to enhance them with no sources. Here there will be such tools and sources.

We moved to https://github.com/frankmorgner/vsmartcard see you there!

Nipper (Network Infrastructure Parser) open source tools to assist IT professionals with the configuration, auditing and managing of computer networks and network infrastructure devices.

Note: WE ARE UNABLE TO UPDATE THE SCANNER AT THIS MOMENT! Note: WE APPRECIATE YOUR CONTRIBUTION. Detects file inclusion, sql injection, command execution vulnerabilities of a target Joomla! web site. We'll update it soon. The database update is currently maintained by web-center.si. Send your contributions, recommendations and bugs report to joomscan at yehg.net or creating a ticket at Trac here.

UFONet - Is a set of hacktivist tools that allow launching coordinated DDoS and DoS attacks and combine both in a single offensive. It also works as an encrypted DarkNET to publish and receive content by creating a global client/server network based on a direct-connect P2P architecture. + FAQ: https://ufonet.03c8.net/FAQ.html -------------------------------------------- -> UFONet-v1.8 [DPh] "DarK-PhAnT0m!" (.zip) -> md5 = [ c8ab016f6370c8391e2e6f9a7cbe990a ] -> UFONet-v1.8 [DPh] "DarK-PhAnT0m!" (.tar.gz) -> md5 = [ 8a4cd86c21db2ad657eb75e6ac0e52d5 ] --------------------------------------------

CaesarCipher is a simple tool which helps you de/encrypt texts with the caesar cipher. This tool should not be used to encrypt sensitive data like passwords or personal information.

A Java Hijacking tool for web application session security assessment. A simple Java Fuzzer that can mainly be used for numeric session hijacking and parameter enumeration. Demonstration video is also available.

Cross platform GUI managing bookmarks and shortcuts in a portable way. Support import/export, search, encryption, hierarchical tags, USB key installation, various environments integration, OS-dependent shortcuts, plugins extensibility.

Simple Event Correlator (SEC) is a lightweight event correlator for network management, log file monitoring, security management, fraud detection, and other tasks which involve event correlation.

Adobe Flash SWF editor which can read and edit bytecode.

MUTE is a secure, anonymous, distributed communications framework. Node-to-node connections are encrypted, and messages are routed using an ant-inspired algorithm. The first MUTE-based app supports anonymous file sharing.

GPL PHP AntiVirus for webmasters. Scans your web server's file system for dangerous and malicious code in public HTML, PHP, CGI and text files, usually caused by defacement or security holes in shared hosting accounts.

Do you want to delete some top secret files? DON'T do that by only pressing DELETE, because the data would still be on your drive! Use Turbo Shredder and remove files by securely wiping them out. Requires JRE 7 to run properly.

ClamSAP exists of two 'C' shared libraries which link between ClamAV and the Virus Scan Interface (VSI) of SAP (offical name: NW-VSI). A SAP application can use the ClamAV engine to scan for malicious uploads in HTTP uploads for example.

Libkpass is a from-scratch C implementation of reading and writing KeePass 1.x format password databases. Please check github for future updates.