Open Source OpenBSD Security Software

Ettercap is a multipurpose sniffer/interceptor/logger for switched LAN. It supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis. Development has been moved to GitHub, https://github.com/Ettercap/ettercap

DSVPN is a Dead Simple VPN, designed to address the most common use case for using a VPN. Runs on TCP. Works pretty much everywhere, including on public WiFi where only TCP/443 is open or reliable. Uses only modern cryptography, with formally verified implementations. Small and constant memory footprint. Doesn't perform any heap memory allocations. Small (~25 KB), with an equally small and readable code base. No external dependencies. Works out of the box. No lousy documentation to read. No configuration file. No post-configuration. Run a single-line command on the server, a similar one on the client and you're done. No firewall and routing rules to manually mess with. Doesn't leak between reconnects if the network doesn't change. Blocks IPv6 on the client to prevent IPv6 leaks. Works on Linux (kernel >= 3.17), macOS and OpenBSD, as well as DragonFly BSD, FreeBSD and NetBSD in client and point-to-point modes. Adding support for other operating systems is trivial.

The Sleuth Kit is a C++ library and collection of open source file system forensics tools that allow you to, among other things, view allocated and deleted data from NTFS, FAT, FFS, EXT2, Ext3, HFS+, and ISO9660 images.

Hyenae is a highly flexible platform independent network packet generator. It allows you to reproduce several MITM, DoS and DDoS attack scenarios, comes with a clusterable remote daemon and an interactive attack assistant. *** Hyenae is back *** Hyenae will be continued here: https://sourceforge.net/p/hyenae-ng

Calypso is a file sharing client using the anonymous network MUTE. Developped using C++ and Qt. For windows and linux, portable to other environments.

PAM module which permits authentication for arbitrary services via ssh-agent. Written with sudo in mind, but like any auth PAM module, can be used for for many purposes.

kaos.theory's Anonym.OS LiveCD is a bootable live cd based on OpenBSD that provides a hardened operating environment whereby all ingress traffic is denied and all egress traffic is automatically and transparently encrypted and/or anonymized.

GoldBug is a decentralized & secure communication suite that offers an integrated e-mail client, an instant messenger & a file transfer. Also included is an URL-RSS-DB & a p2p web search. Current vers. w/ McEliece Algorithm. GoldBug has been 2013 - 2023 ten years just another Graphical User Interface of the Spot-On Encryption Suite. Main GUI features: Minimal & colorful Interface with Tabs in the East. Microsoft & Qt MinGW deprecated Win32 & for Compiling: ● https://sourceforge.net/p/goldbug/wiki/compiling As Spot-On implemented the minimal GB-concept & Nuvola Icons, GoldBug has now been fully integrated into Spot-On Win64: Just choose Tabs at East & Mini-View in Options - w/ Nuvola Icons of course! Voilá! & Many Thanks, Pro-Files can be found archived at ● current source: https://github.com/textbrowser/spot-on ● EN Manual: https://www.amazon.com/dp/3749435065 ● DE: https://compendio.github.io/goldbug-manual-de/ ● Study: https://www.amazon.com/asin/dp/3750408971

This script is capable of cracking multiple hashes from a CSV-file like e.g. dumps from sqlmap. Over 17.000 md5-hashes in a CSV-file get cracked with a 14.300.000 lines wordlist in less then 1 min. Lines wich cant get cracked with the wordlist get stored in a .leftToCrack-File to further process with another Wordlist or the bruteforce-tool. In addition to the wordlist-cracker I created also a bruteforce-tool named CSVHashBrutforcer.

Gobbler: A tool to audit DHCP networks Includes DHCP rogue server detection, DHCP DoS, distributed spoofed port scanner using DHCP to obtain many source IP addresses, mulitple arp scans, filtered port detection, spoofed OS detection (nmap + port 0)

antigift could be used for encryption files & folders on USB-flash or HDD partition. Works on Linux (including Android), Windows, Mac OS X, FreeBSD, DragonFly BSD and other on OSes. Do not required installation. Include WIPE tool for wiping free space and tool for recovery forgotten key. See documentation at http://sourceforge.net/p/antigift/wiki/Home/ antigift простой и кросс-платформенный инструмент для шифрования файлов и папок(с ccrypt в качестве основы) Подробности см. на страничке с русской документацией http://sourceforge.net/p/antigift/wiki/rus/

Kernel drivers and support ports to use "Trusted Platform Modules" on FreeBSD and OpenBSD

This is free Java desktop application to keep your note in safe from others using the Encrypting Decrypting symmetric key algorithm, it's easy to transfer your note form source to another in confidential manner.

Snort2Pf is a small Perl daemon which greps Snort's alertfile and blocks the "naughty" hosts for a given amount of time using pfctl.

Automatic dump database & interactive sql shell tool dumps the current database structure including tables and columns and turns into an interactive mysql prompt with extra features. Written in Ruby.

SMPPS Project already in its Beta version to 0.9.9 almost in the final version be in the documentation and material help that missing as well as the necessary translations of such material. However, with great joy that I come to the dicer SMPPS this now rather towards what the expectations of the project believed that he would be able: Capture and log packages generate the following protocols without using libpcap, but just using BSD Sockets. protocols: IP TCP UDP ICMP IGMP Inside the ethernet network

Campagnol is a decentralized VPN over UDP tunneling. It uses UDP hole punching to open connections through NAT/firewall and OpenSSL's DTLSv1 implementation for mutual authentication and encryption.

Protect your company's email and browsing with your GoodCrypto private server. * Protects email metadata and resists traffic analysis * Automatic encryption, decryption, and key management * All private keys stay on *your* server * Users don't change their email or browser software * Blocks web malware * Runs on your private server * Completely decentralized

HPN-SSH is a series of performance patches for OpenSSH. By addressing network limitations and CPU limitations significant throughput performance can be realized. Gains of close to two orders of magnitude are possible on long fat network paths. The official git repo is now available at http://github.com/rapier1/openssh-portable. The Sourceforge repository should not be seen as the canonical repository for HPN-SSH. We will update it as we can but users should look to github to generate patches We also support Ubuntu packages. Add them to your package manager with `sudo add-apt-repository ppa:rapier1/hpnssh` Fedora RPMs can be added with, `sudo dnf copr enable rapier1/hpnssh`

“garuda” is an intrusion detection system against wireless threats. It is a progressive proof of concept project to ward off wireless threats such as war-drivers, rogue AP, wifi DoS and MAC spoofing attacks. Please enjoy and we welcome your volunteerism.

pam_mount is a Pluggable Authentication Module that can mount volumes for a user session (login). Supports mounting local filesystems of any kind the normal mount utility supports, with extra code to better support CIFS, FUSE, various crypto, and more.

Perl web-interface for the OpenBSD Packet Filter.

Single-honeypot is a powerfull tool, for security interest about the estudies of techniques of breaking systems. This is, a singular or little honeypot for test your networks for hostiles visitors. This made in perl script. Simulate different servi

This is a list of advertising domains that can be used with a proxy server to remove unwanted advert traffic from the network. This list is directly compatible with tinyproxy, but may also work with other proxy servers.

Anoubis is a Security Suite which implements a secured environment for applications. The core of the suite is an Application Firewall alongside with a Sandbox. Mechanisms to assure the authenticity of files, directories and applications are provided.