Free Static Code Analysis Tool for PHP Applications
RIPS is a static code analysis tool for the automated detection of security vulnerabilities in PHP applications. It was released 2010 during the Month of PHP Security (www.php-security.org). NOTE: RIPS 0.5 development is abandoned. A complete rewrite with OOP support and higher precision is available at https://www.ripstech.com/next-generation/
GPL PHP AntiVirus for webmasters. Scans your web server's file system for dangerous and malicious code in public HTML, PHP, CGI and text files, usually caused by defacement or security holes in shared hosting accounts.
BTS Pentesting Lab - a deliberately vulnerable Web application
BTS PenTesting Lab is an open source vulnerable web application, created by Cyber Security & Privacy Foundation (www.cysecurity.org). It can be used to learn about many different types of web application vulnerabilities. Currently, the app contains the following types of vulnerabilities: *SQL Injection *XSS(includes Flash Based xss) *CSRF *Clickjacking *SSRF *File Inclusion * Code Execution *Insecure Direct Object Reference *Unrestricted File Upload vulnerability *Open URL Redirection *Server Side Includes(SSI) Injection and more... Java version of this application can be found here: https://sourceforge.net/p/javavulnerablelab/
TACACS+ server for network devices
Free TACACS+ (tac_plus) engine (written in C++) and webui (PHP) allows network administrators to limit access to network devices. This project (tacplus/webui) use to be on www.networkforums.net. New and improved features been added since the last release on old website. ** New Release of WebUI ** Improved useability More searching capabilities in reports
SIA receiver for Galaxy security control panels.
This project aims to provide a method for listening on a serial port and decode incoming messages from a Galaxy security control panel. The messages are transmitted using the SIA DC-03-1990.01 (R2000.11) protocol. The decoded messages are stored in a database (MySQL) or forwarded by email using ssmtp. Besides just listening for messages openGalaxy can also be used to arm/disarm the panel and much more... This software is still in a testing (beta) phase but has been tested successfully with the following security control panels made by Microtech / Honeywell Security: - Galaxy 18 (Dutch firmware v1.25) with external RS232 box - Galaxy 60 (Dutch firmware v1.07) with external RS232 box - Galaxy G3-520 (Dutch firmware v5.50) (internal RS232)
Peruggia is designed as a safe, legal environment to learn about and try common attacks on web applications. Peruggia looks similar to an image gallery, but contains several controlled vulnerabilities to practice on.
Strong Email & Apache Log Analysis with Active Security Features
X-Itools: eXtended Internet Tools. Suite of tools composed of several collaboration modules. Old and initial project born in 1999, 1st published in 2001 on Sourceforge. X-Itools E-mail management module (log analysis) initiated in 2004 with Web 1.0 technologies (private SVN server). X-Itools development restarted since 2011, on the basis of a unique module: E-mail management module (log analysis). Now based on web 2.0 technologies (ExtJS 4.1) and devel restarted because of a particular interest given to it by a world wide Organization (United Nations). Module renamed "X-Itools ELSE", for "X-Itools E-mail Log Search Engine". Some features: Log analysis and correlation of Postfix and Exchange servers, statistics, policy manager, in-deep analysis, automated network graphs for e-mail tracing, CSV export... The Swiss knife of Messaging Admins. In 2015, X-Itools ELSE is no more limited to E-mail logs: Apache logs are also processed and related stats and dashboards will be there!
Videovigilancia, Control de Acceso y Carnetización
Sistema Integrado de Protección Venezolano con capacidades de Videovigilancia, Control de Acceso y Carnetización para el resguardo físico de instalaciones.
PHP functions and classes to add a Domain Key Identified Mail (DKIM RFC 4871) signatures to emails sent by PHP. It is based on the openssl extensions of PHP. It can generate DKIM signature but cannot verify them. Developped and tested on PHP 4.0.
exploit.co.il Vulnerable Web app designed as a learning platform to test various SQL injection Techniques This is a fully functional web site with a content management system based on fckeditor. You can download it as source code or a pre configured
You could be doing a better job of website security... If only there was a simple way to implement SSL with signed keys? PHP-CA is an easy to use and easy to administer Certificate Authority that runs in PHP.
PHPki is an Open Source Web application for managing a multi-agency PKI for HIPAA compliance. With it, you may create and centrally manage X.509 certificates for use with S/MIME enabled e-mail clients, SSL servers, and VPN applications.
Cancerbero (the watchdog of the ports) is a portscan frontend based in nmap. Scans the hosts of net ranges every configured interval and it'll store the results in a mysql DB. Detect changes in ports, services and OS and notice you with an email ale
What are the packets rejected by your Netfilter based firewall today ? How often this suspicious host try to connect to your box ? What are the most rejected domains ? Who is this strange host which scan your ports ? The responses are in the iptables log
Detect your web servers being scanned by brute force tools and vulnerability scanners.Helps you quickly identify probable probing by bad guys who's wanna dig possible security holes.
FDNS measures, detects, and notices the extremely anomalous traffic according to the bulk distribution aspect of flooding traffic, including: packet flooding attack, portscan, spam distribution.
“Scramble your social network data!” - With Scramble you can selective enforce you access control preferences for your content on social networks like Facebook or Twitter ...
cPHulk IP Manager is a PHP utility used to manage the cPHulkd software installed to cPanel/WHM hosting servers. This allows instant access to remove, add, or modify and entries to the brute list (blacklast) and the whitelist.
Flash/PHP adaptation of the XTEA encryption algorithm. Allows encryption/decryption of sensitive data using 128-bit key. May be used for network data (HTTP) or offline for implementations like secure CD-ROM projects.
Detects changes to your Website, finds malware
I have several websites and some time ago I found code in one of my websites that I did not create. One of those scripts was able to send spam and the other one had some malware code in it. Now you can argue that my website was just not safe enough because who ever placed this code had been able to get in. That is true and the ideal situation is to have such a safe website that nobody can break in. But sometimes this is hard to achieve. mod_detect was developed to at least find code that someone else placed into the scripts of your website and eventually eliminate it.
ACID is a PHP-based analysis engine to search and process a database of security incidents generated by security-related software such as IDSes and firewalls (e.g. Snort, ipchains).
SURFnet IDS, a Distributed Intrusion Detection System (D-IDS). The goal is to provide an early warning system which lets system administrators correlate known and unknown exploits to attacks directed towards their networks.
An assortment of various useful phpBB2 mods including: DB Backup Exclude Tables Mod to allow an admin to easily exclude tables from db backups and Realistic Stat and Memberlist Mod which changes the index page stats and the memberlist for more relevance.