A Windows password cracker based on rainbow tables
Ophcrack is a Windows password cracker based on a time-memory trade-off using rainbow tables. This is a new variant of Hellman's original trade-off, with better performance. It recovers 99.9% of alphanumeric passwords in seconds.
Open source disk encryption with strong security for the Paranoid
VeraCrypt is a free disk encryption software brought to you by IDRIX (https://www.idrix.fr) and based on TrueCrypt 7.1a. It adds enhanced security to the algorithms used for system and partitions encryption making it immune to new developments in brute-force attacks. It also solves many vulnerabilities and security issues found in TrueCrypt. This enhanced security adds some delay ONLY to the opening of encrypted partitions without any performance impact to the application use phase. This is acceptable to the legitimate owner but it makes it much harder for an attacker to gain access to the encrypted data. All released files are PGP signed with key ID=0x54DDD393, available on key servers and downloadable at https://www.idrix.fr/VeraCrypt/VeraCrypt_PGP_public_key.asc VeraCrypt can mount TrueCrypt volumes. It also can convert them to VeraCrypt format. Documentation: https://www.veracrypt.fr/en/Documentation.html FAQ : https://www.veracrypt.fr/en/FAQ.html
Tools to work with android .dex and java .class files
Mirrors: * https://bitbucket.org/pxb1988/dex2jar * https://github.com/pxb1988/dex2jar dex2jar contains following compment * dex-reader is designed to read the Dalvik Executable (.dex/.odex) format. It has a light weight API similar with ASM. * dex-translator is designed to do the convert job. It reads the dex instruction to dex-ir format, after some optimize, convert to ASM format. * dex-ir used by dex-translator, is designed to represent the dex instruction dex-tools tools to work with .class files. * d2j-smali disassemble dex to smali files and assemble dex from smali files. different implementation to smali/baksmali, same syntax, but we support escape in type desc "Lcom/dex2jar\t\u1234;" * dex-writer write dex same way as dex-reader.
Jasypt (Java Simplified Encryption) is a java library which allows the developer to add basic encryption capabilities to his/her projects with minimum effort, and without the need of having deep knowledge on how cryptography works.
Autopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools. It can be used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover photos from your camera's memory card.
ModSecurity is a web application firewall that can work either embedded or as a reverse proxy. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.
A webapp hacking game, where players must locate and exploit vulnerabilities to progress through the story. Think WebGoat but with a plot and a focus on realism&difficulty. Contains XSS, CSRF, SQLi, ReDoS, DOR, command injection, etc
cross-platform, encryption application
encrypt is a multi-platform, file encryption application. Binary packages are currently provided for Arch, Debian, Fedora, MS Windows, Android and OS X. For further details, including the latest source code, visit https://albinoloverats.net/projects/encrypt
Quality of service module for Apache httpd
mod_qos is a quality of service module for the Apache Web Server. It implements control mechanisms that can provide different priority to different requests and controls server access based on available resources.
RTOS for Secure Systems
Pharos is a Real-Time Operating System designed for Secure Systems with the following characteristics: -Security: With space partitions and enhanced time partitioning. Each partition protected with hardware MMU/MPU and operating in user mode. -Quality: Low cyclomatic, high comments, low nesting level, MISRA. -Mixed Criticality: Partition independence and isolation. Native support for sporadic, periodic and aperiodic threads under a fixed-priority preemptive scheduler, including execution time protection (threads are not allowed to run for more time than they are configured to). -Determinism: Hard real-time determinism, most calls areO(1) and very few cases are O(Log(N)) - they are well indentified in the user manual. Pharos takes ARINC and moves it one step further, improving responsiveness and isolation. Supports ARM R5, M4, 926EJ-S. We are a group of enthusiastic software developers that also implements client custom software. Contact: email@example.com
InsecureWebApp is a web app that includes common web application vulnerabilities including SQL&Html Injection- see owasp.org. It is a target for automated and manual penetration testing, source code analysis, vulnerability assessments and threat modeling.
This tool can create XAdES (XML) signatures based upon ETSI TS 101 903 v1.3.2 standard. It also includes handling of ITU-T X.509 certificates and RFC 3161 timestamps.
Spring Security (formerly Acegi Security) is now hosted on the Spring Framework website: http://www.springframework.org/spring-security/
Network security simulator
NeSSi² is a network simulation tool suite addressing in particular network security aspects. Sample capabilities are profile-based attack generation, traffic analysis and support for attack/malware detection algorithm plugins. Check also www.nessi2.de.
This program aims at providing a java solution to hide secret information(such as secret file) to JPEG images. Hiding algorithm contains Jsteg and F5. The main(probably the toughest) stuff is encoding and decoding JFIF files.
Encrypt and manage secret text data
PCSecrets is a PC application that holds secret text data - protected by a master password and strong encryption. Use it as a password manager or just somewhere to hold any text data securely in one place. It can hold a second, hidden set of secrets that is undetectable and plausibly deniable. The program is also a PC counterpart of the Secrets for Android app. It uses the same data structure and provides synchronization that allows easy transfer of secrets between the two. For those who find the personal computer environment more comfortable for data entry and editing (i.e. a real keyboard), PCSecrets provides an alternative way to manage your secrets. Sync is also effectively a form of backup. To enable the sync feature with Secrets for Android, you need to install the PCSecrets sync app PCSSync, downloadable from SourceForge or Google Play. PCSecrets import plus PCSSync provides a route to importing secret data into Secrets for Android that would not otherwise be possible.
lightweight bitmessage client
Pechkin.v0.3.2 Copyright 2017 Fenenko Aleksandr. Licensed Apache License, Version 2.0; This is lightweight bitmessage client writing in java. Supported platform: Android,Linux,Windows play google: https://play.google.com/store/apps/details?id=pro.fenenko.pechkin Address to contact the developer: BM-2cT9H4ow7R35qLhcsiTNxFjTpnx44XTbiY
Encrypt and decrypt text using AES 256 bit encryption
AESTextCrypt is an easy-to-use open source tool for text encryption and decryption. Primarily intended for use with email, use it wherever you need to protect text from prying eyes. The encrypted text can be copy/pasted into any text-handling application (e.g. email) instead of plain text. Convenience buttons are provided for clipboard operations. AESTextCrypt uses AES-256 bit encryption which is the strongest available encryption scheme. It also employs bcrypt, which implements key-stretching and an adaptive key setup phase, the complexity (number of rounds) of which is automatically set to match the processing power of the encrypting computer. This makes it highly resistant to dictionary attack. AESTextCrypt is written in Java, so can be run on all desktop platforms - Windows, Mac and Linux.
FW1-Loggrabber is a command-line tool to grab logfiles from Checkpoint FW-1 remotely using Checkpoints LEA (Log Export Api), which is one part of Checkpoints OPSEC API.
A multi-platform tool to convert RSA private keys between SFM format (modulus, public exponent, private exponent) and CRT format, in both ways.
Simple but Powerful, Cross-Platform Password Management Utility
A simple but powerful cross-platform utility for managing and accessing your most secret data. It stores passwords and whole files, so it can literally store any information you want to keep secret. Access your most-used passwords/URLs right out of a desktop tray icon. For advanced users, it includes a separate utility called Grypto-Transforms, which has a universal hash calculator with all the major hash functions, generic encrypt/decrypt functions and a base64/hex converter. Although the interface is simple and intuitive, the security is top-notch. It uses AES with CCM to secure and authenticate the data.
MASTIFF is a static analysis automation framework.
This repository is no longer updated. Please to go https://git.korelogic.com/mastiff.git/ for the latest version! MASTIFF is a static analysis framework that automates the process of extracting key characteristics from a number of different file formats. To ensure the framework remains flexible and extensible, a community-driven set of plug-ins is used to perform file analysis and data extraction. While originally designed to support malware, intrusion, and forensic analysis, the framework is well-suited to support a broader range of analytic needs. In a nutshell, MASTIFF allows analysts to focus on analysis rather than figuring out how to parse files. The official ChangeLog for the project is located at http://mastiff.sourceforge.net/Files/Changelog.txt.
Open Legacy Storage Document: Generic Document Archiving on Disk and Network(using MINA) Framework in Java for huge number of docs(up to 2^192 documents), efficient(Java NIO), crypto, net transfert, web retrieve, J2EE and eMail archiving compatible.
Security Assessment Data Management and Analysis Tool
Sagacity is a vulnerability assessment and STIG compliance data management tool designed to make security testing more efficient, effective and complete. Security assessments, especially those done for DoD and Federal organizations, produce tremendous amounts of scan and compliance data that security engineers must sort through and deconflict, identify untested requirements, and somehow analyze to communicate risk to their employers. Sagacity, originally written to support a government customer, was designed to fill that need. What if an organization could turn massive amounts of irreconcilable vulnerability scan data into true knowledge and insight about their networks? They would be able to make wise decisions resulting in cost-effective actions to improve their security with the best return on investment. Keen insight. Sound judgment. Wise decisions. Sagacity.
Java Security Manager made easy
The pro-grade library provides implementation of custom Java Security Managers and Security Policies. The main components are the Java Security Policy implementation with deny rules and Policy File generator.