quarantine. Users can view their own quarantine, release/delete messages
or request the release of messages. MailZu is written in PHP and requires
Amavisd-new version greater than 2.3.0.
WWW: http://sourceforge.net/projects/mailzu/
PR: ports/137197
Submitted by: Sahil Tandon <sahil at tandon.net>
security/trans-proxy-tor: trans-proxy-tor is rendered obsolete by Tor\'s TransPort option (currently only available in tor-devel)
Approved by: maintainer
System (CAS). Only a basic Perl library is provided with CAS whereas
AuthCAS is a full object-oriented library.
WWW: http://cpan.uwinnipeg.ca/dist/AuthCAS
PR: ports/136956
Submitted by: Frank Wall <fw at moov.de>
version delegates to LuaSocket the TCP connection establishment between the
client and server. Then LuaSec uses this connection to start a secure TLS/SSL
session.
WWW: http://www.inf.puc-rio.br/~brunoos/luasec/
PR: ports/136266
Submitted by: Andrew Lewis <dru at silenceisdefeat.net>
The Cyrus SASL (Simple Authentication and Security Layer)
SASL is the Simple Authentication and Security Layer, a method
for adding authentication support to connection-based protocols.
To use SASL, a protocol includes a command for identifying and
authenticating a user to a server and for optionally negotiating
protection of subsequent protocol interactions. If its use is
negotiated, a security layer is inserted between the protocol
and the connection.
WWW: http://cyrusimap.web.cmu.edu/
Obtained from: Peter Jeremy <peterjeremy@optushome.com.au>
passwords.
Generated passwords may consist of any specified length and any combination of
upper- or lower-case alphanumeric characters or punctuation. ranpwd can also
generate passwords consisting of hexadecimal, decimal, octal or binary numbers,
and format these as valid C constants for inclusion in source code.
WWW: http://freshmeat.net/projects/ranpwd
PR: ports/135540
Submitted by: corky1951 at comcast.net
signatures attached to files were signed by a given user identifier.
netpgp can also encrypt files using the public or private keys of
users and, in the same manner, decrypt files which were encrypted.
The netpgp utility can also be used to generate a new key-pair for a
user. This key is in two parts, the public key (which can be used by
other people) and a private key.
In addition to these primary uses, the third way of using netpgp is to
maintain keyrings. Keyrings are collections of public keys belonging
to other users. By using other means of identification, it is
possible to establish the bona fides of other users. Once trust has
been established, the public key of the other user will be signed.
The other user's public key can be added to our keyring. The other
user will add our public key to their keyring.
WWW: http://www.NetBSD.org/
PR: ports/134997
Submitted by: bapt <baptiste.daroussin at gmail.com>
supported by IOS 12.4(9)T or later on Cisco SR500, 870, 880,
1800, 2800, 3800, 7200 Series and Cisco 7301 Routers.
Like vpnc, OpenConnect is not officially supported by, or
associated in any way with, Cisco Systems. It just happens to
interoperate with their equipment.
WWW: http://www.infradead.org/openconnect.html
PR: ports/135274
Submitted by: Damian Gerow
Those ports are intended to be used with 8-CURRENT at least
with SVN r192206.
If you want to switch to linux-f10 ports, please define at /etc/make.conf:
OVERRIDE_LINUX_BASE_PORT=f10
OVERRIDE_LINUX_NONBASE_PORTS=f10
An upgrading procedure is shown at /usr/ports/UPDATING, entries 20090401
and 20070327.
For the first time all tested linux ports work as expected(!):
. acroread8;
. google-earth;
. skype;
. seamonkey.
Many thanks for kernel folks who really did the main work
(and I wrote only some lines of ports).
There is a good chance that those ports may become a default
for 8.0-RELEASE. Please, test and report back to emulation@ ML.
the Tarsnap online backup system and is designed to be far more secure
against hardware brute-force attacks than alternative functions such as
PBKDF2 or bcrypt.
WWW: http://www.tarsnap.com/scrypt/
PR: ports/134961
Submitted by: Wen Heping <wenheping at gmail.com>
to be very modular, distributed, rock solid and fast.
Prelude-PFlogger Listens at OpenBSD PF redirect logged packet, and
send alerts to the Prelude Manager.
WWW: http://www.prelude-ids.org/
PR: ports/134746
Submitted by: Anders Troback <freebsd at troback.com>
files. These files (and htaccess) are used to do Basic Authentication
on a web server.
The password file is a flat-file with login names and their associated
crypted password. You can use this for non-Apache files if you wish,
but it was written specifically for .htaccess style files.
WWW: http://search.cpan.org/dist/Apache-Htpasswd/
and redirects, then map those links into either look-alike HTTP links or
homograph-similar HTTPS links. It also supports modes for supplying a
favicon which looks like a lock icon, selective logging, and session denial.
WWW: http://www.thoughtcrime.org/software/sslstrip/
PR: ports/134021
Submitted by: Matt Donovan <kitchetech@gmail.com>
The recommended version of FreeBSD to use them is 8-CURRENT.
FreeBSD-7.x is not fully compatible with compat.linux.osrelease
2.6.16. Some syscalls cannot be MFCed due to native FreeBSD
ABI breakage.
Usage (and package building):
1. define compat.linux.osrelease=2.6.16;
2. add following variables to /etc/make.conf:
. OVERRIDE_LINUX_BASE_PORT=f8;
. OVERRIDE_LINUX_NONBASE_PORTS=f8.
Approved by: bsam (me) ;-)
that revolves around a certain function with special properties.
The PBC (Pairing-Based Cryptography) library is a free C library
(released under the GNU Public License) built on the GMP library that
performs the mathematical operations underlying pairing-based
cryptosystems.
The PBC library is designed to be the backbone of implementations of
pairing-based cryptosystems, thus speed and portability are important
goals. It provides routines such as elliptic curve generation, elliptic
curve arithmetic and pairing computation. Thanks to the GMP library,
despite being written in C, pairings times are reasonable.
WWW: http://crypto.stanford.edu/pbc/
PR: ports/133172
Submitted by: Wen Heping <wenheping at gmail.com>
Public Key Infrastructure for key certification, revocation and
expiration. Monkeysphere is a framework that uses the OpenPGP web of
trust for these PKI functions. It can be used in both directions: for
users to get validated host keys, and for hosts to authenticate users.
WWW: http://web.monkeysphere.info/
PR: ports/128406
Submitted by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
intends to be a better experience than simply invoking "ssh" from an
existing terminal window.
* Fast search-based interface for new connections
* Also display and search of local (Avahi) SSH servers
* Tabbed display with automatic session saving (Firefox style)
* Status bar with information like latency to server and output of
remote uptime
* Close integration with OpenSSH features like connection sharing
(near-instant new tabs)
* NetworkManager integration to easily reconnect after a network
change, great for laptops
WWW: http://projects.gnome.org/hotssh/
PR: ports/131133
Submitted by: Ashish Shukla <wahjava at gmail.com>
to combine the flexibility of PF's C API and the power of Python, making it
easier to manage PF data and to integrate firewalling capabilities in more
complex applications.
WWW: http://www.kernel-panic.it/software/py-pf/
PR: ports/131463
Submitted by: Sofian Brabez <sbrabez at gmail.com>
Nmap's scan data. It can run Nmap and parse its XML
output directly from the scan, parse a file containing
the XML data from a separate scan, parse a String of
XML data from a scan, or parse XML data from an object
via its read() method. This information is presented
in an easy-to-use and intuitive fashion for storage
and manipulation.
WWW: http://rubynmap.sourceforge.net/
PR: ports/131516
Submitted by: Daniel Roethlisberger <daniel at roe.ch>
2009-02-01 devel/subversion-devel: Use devel/subversion or devel/subversion-freebsd instead of this port
2009-01-19 devel/hs-hat: has been broken for more than 6 months
2009-01-19 devel/hs-hpl: has been broken for more than 6 months
2009-01-19 databases/mysqlbigram: has been broken for more than 6 months
2009-01-19 mail/claws-mail-clamav: has been broken for more than 6 months
2009-01-19 mail/sylpheed2-devel: has been broken for more than 6 months
2009-01-19 www/pecl-mnogosearch: has been broken for more than 6 months
2009-01-31 x11-fonts/mathfonts: This port was supported by Mozilla 1.8 (including Firefox 2.0) - to be replaced by STIX fonts for Firefox 3.x
2009-01-19 x11-wm/fluxspace: has been broken for more than 6 months
2009-01-31 x11-wm/expocity: project has been abandoned
2009-01-19 x11/bbuname: has been broken for more than 6 months
2009-01-19 security/squidclam: has been broken for more than 6 months
2009-01-19 print/virtualpaper: depends on broken, expired port
2009-01-19 print/ifhp: has been broken for more than 6 months
2009-01-19 net-p2p/peercast: has been forbidden for more than 6 months
2009-01-19 palm/pdbc: has been broken for more than 6 months
2009-01-19 net-mgmt/NeTraMet: has been broken for more than 6 months
2009-01-19 net-im/sulci: has been broken for more than 6 months
2009-01-19 multimedia/mjpegtools-yuvfilters: has been broken for more than 6 months
2009-01-19 multimedia/helixplayer: has been broken for more than 6 months
2009-01-19 lang/quack: has been broken for more than 6 months
2009-01-19 misc/pybliographer: has been broken for more than 6 months
2009-01-19 net/versuch: has been broken for more than 6 months
2009-01-19 net/py-mantissa: has been broken for more than 6 months
2009-01-19 net/libunpipc: has been broken for more than 6 months
2009-01-19 net/gnometelnet: has been broken for more than 6 months
2009-01-19 net/gacxtool: depends on expired, broken port
2009-01-19 devel/py-coro: has been broken for more than 6 months
2009-01-19 chinese/stardict2-dict-zh_TW: has been broken for more than 6 months
2009-01-19 x11-themes/gtk-industrial-theme: has been broken for more than 6 months
See http://library.gnome.org/misc/release-notes/2.24/ for the general
release notes. On the FreeBSD front, this release introduces Fuse support
in HAL, adds multi-CPU support to libgtop, WebKit updates, and fixes some
long-standing seahorse and gnome-keyring bugs. The documentation updates
to the website are forthcoming.
This release features commits by adamw, ahze, kwm, mezz, and myself. It would
not have been possible without are contributors and testers:
Alexander Loginov
Craig Butler [1]
Dmitry Marakasov [6]
Eric L. Chen
Joseph S. Atkinson
Kris Moore
Lapo Luchini [7]
Nikos Ntarmos
Pawel Worach
Romain Tartiere
TAOKA Fumiyoshi [3]
Yasuda Keisuke
Zyl
aZ [4]
bf [2] [5]
Florent Thoumie
Peter Wemm
pluknet
PR: 125857 [1]
126993 [2]
130031 [3]
127399 [4]
127661 [5]
124302 [6]
129570 [7]
129936
123790
PyMe's development model is GPGME + Python + SWIG (just like m2crypto is
an OpenSSL + Python + SWIG) combination which means that most of the
functions and types are converted from C into Python automatically by SWIG.
In short, to be able to use PyMe you need to be familiar with GPGME.
WWW: http://pyme.sourceforge.net/
system and available software, to detect security issues. Beside
security related information it will also scan for general system
information, installed packages and configuration mistakes.
This software aims in assisting automated auditing, software patch
management, vulnerability and malware scanning of Unix based systems.
It can be run without prior installation, so inclusion on read only
storage is no problem (USB stick, cd/dvd).
WWW: http://www.rootkit.nl/projects/lynis.html
Author: Michael Boelen
PR: 128909
Submitted by: Cory McIntire <loon at noncensored dot com>
for C programmers. This format provides a reasonable level of
security by utilizing SHA-256 in addition to a random salt to
mitigate dictionary and rainbow table attacks.
WWW: http://sourceforge.net/projects/kageki
PR: ports/128328
Submitted by: Matt D. Harris <mattdharris@users.sourceforge.net>
Reworked by: myself
through the OpenVPN Management Interface.
Main features
* Simple & lightweight just a client GUI to start/stop your OpenVPN tunnels
and nothing more
* Integrated with the Gnome Desktop (support for the Keyring and notification
daemon)
* Support for Auth and Private-Key OpenVPN authentication methods
WWW: http://code.google.com/p/tuntun/
PR: ports/128097
Submitted by: Anderson S. Ferreira <anderson at cnpm.embrapa.br>
using JavaScript on the client side.
This is very useful to prevent spam robots collecting email addresses from your
site, included is a method to add mailto links to the text being generated.
WWW: http://pear.php.net/package/HTML_Crypt
the best crypto algorithms from the Crypto++ library.
WWW: http://allmydata.org/trac/pycryptopp
PR: ports/126977
Submitted by: Wen Heping <wenheping at gmail.com>
QCA aims to provide a straightforward and cross-platform crypto
API, using Qt datatypes and conventions. QCA separates the API from
the implementation, using plugins known as Providers. The advantage
of this model is to allow applications to avoid linking to or
explicitly depending on any particular cryptographic library. This
allows one to easily change or upgrade crypto implementations
without even needing to recompile the application. QCA should work
everywhere Qt does, including Windows/Unix/MacOSX.
Capabilities:
TLS, CMS, X.509, RSA, DSA, Diffie-Hellman, PKCS#7, PKCS#12, SHA0,
SHA1, SHA224, SHA256, SHA384, SHA512, MD2, MD4, MD5, RIPEMD160,
Blowfish, DES, 3DES, AES128, AES192, AES256, CAST5, HMAC(SHA1, MD5,
RIPEMD160), PBKDF1(MD2, SHA1), PBKDF2(SHA1)
WWW: http://delta.affinix.com/qca/
to the OpenSSL programs.
ssl-admin will help you do the following tasks with SSL certificates:
* Create your own CA certificate.
* Create new Certificate Signing Requests
* Sign existing Certificate Signing Requests
* Manage Certificate Revokation Lists
* Export configurations and certificates for OpenVPN.
PR: ports/125875
Submitted by: Eric Crist <ecrist at secure-computing.net>
The Crypt::OpenSSL::AES module implements a wrapper around
OpenSSL's AES (Rijndael) library.
PR: ports/125387
Submitted by: John Ferrell <jdferrell3 at yahoo.com>
tool. It is meant to complement active crawlers and manual proxies more
commonly used for this task, and is optimized specifically for an accurate and
sensitive detection, and automatic annotation, of potential problems and
security-relevant design patterns based on the observation of existing,
user-initiated traffic in complex web 2.0 environments.
WWW: http://code.google.com/p/ratproxy/
PR: ports/125249
Submitted by: Steven Kreuzer <skreuzer@exit2shell.com>
servers via a single "gateway" host. It is useful for establishing Net::SSH
connections to servers behind firewalls, but can also be used to forward ports
and establish connections of other types, like HTTP, to servers with i
restricted access.
* Easily manage forwarded ports
* Establish Net::SSH connections through firewalls
WWW: http://net-ssh.rubyforge.org/gateway
PR: ports/125053
Submitted by: Philip M. Gollucci <pgollucci@p6m7g8.com>
SSH (and requires the Net::SSH library), and allows files and directory trees
to copied to and from a remote server.
* Transfer files or entire directory trees to or from a remote host via SCP
* Can preserve file attributes across transfers
* Can download files in-memory, or direct-to-disk
* Support for SCP URI's, and OpenURI
WWW: http://net-ssh.rubyforge.org/scp
PR: ports/125052
Submitted by: Philip M. Gollucci <pgollucci@p6m7g8.com>
The port is deprecated since it is not supported by the FreeBSD
Security Officer anymore. The reason for this is that the ca-roots
port makes promises with regard to CA verification which the current
Security Officer (and deputy) do not want to make.
For people who need a general root certificate list see the
security/ca_root_ns, but note that the difference in guarantees with
regard to which CAs are included in ca_root_ns vs. ca-roots. The
ca_root_ns port basically makes no guarantees other than that the
certificates comes from the Mozilla project.
Note that the ca-roots MOVED file entry on purpose does not point at
ca_root_ns due to the change in CA guarantees.
With hat: security-officer
Single Packet Authorization (SPA).
fwknop stands for the "FireWall KNock OPerator", and
implements an authorization scheme called Single Packet
Authorization (SPA). This method of authorization is based
around a default-drop packet filter (fwknop supports both
iptables on Linux systems and ipfw on FreeBSD and Mac OS X
systems) and libpcap.
SPA requires only a single encrypted packet in order to
communicate various pieces of information including desired
access through an iptables policy and/or complete commands
to execute on the target system. By using iptables to
maintain a "default drop" stance, the main application of
this program is to protect services such as OpenSSH with
an additional layer of security in order to make the
exploitation of vulnerabilities (both 0-day and unpatched
code) much more difficult. With fwknop deployed, anyone
using nmap to look for sshd can't even tell that it is
listening; it makes no difference if they have a 0-day
exploit or not. The authorization server passively monitors
authorization packets via libcap and hence there is no
"server" to which to connect in the traditional sense.
Access to a protected service is only granted after a valid
encrypted and non-replayed packet is monitored from an
fwknop client (see the following network diagram; the SSH
session can only take place after the SPA packet is monitored):
PR: ports/118229
Submitted by: Sean Greven <sean.greven@gmail.com>
are hosting browser exploits that can infect visiting users with
malware. It functions as an HTTP proxy server and intercepts all
browser requests. SpyBye uses a few simple rules to determine if
embedded links on your web page are harmlesss, unknown or maybe
even dangerous.
SpyBye analyzes all downloads in the background and provides you
with a warning notification whenever it encounters content that
is potentially malicious. At that point, you can click on the link
in the notification and receive a more detailed analysis of the web page.
WWW: http://www.spybye.org/
PR: ports/123945
Submitted by: Paul Schmel <pauls utdallas.edu>
Approved by: tabthorpe (mentor)
OpenVAS stands for Open Vulnerability Assessment System and
is a network security scanner with associated tools like a
graphical user fontend. The core is a server component with
a set of network vulnerability tests (NVTs) to detect
security problems in remote systems and applications.
WWW: http://www.openvas.org/
PR: ports/123128
Submitted by: Tomoyuki Sakurai <cherry@trombik.org>
OpenVAS stands for Open Vulnerability Assessment System and
is a network security scanner with associated tools like a
graphical user fontend. The core is a server component with
a set of network vulnerability tests (NVTs) to detect
security problems in remote systems and applications.
WWW: http://www.openvas.org/
PR: ports/123130
Submitted by: Tomoyuki Sakurai <cherry@trombik.org>
OpenVAS stands for Open Vulnerability Assessment System and
is a network security scanner with associated tools like a
graphical user fontend. The core is a server component with
a set of network vulnerability tests (NVTs) to detect
security problems in remote systems and applications.
WWW: http://www.openvas.org/
PR: ports/123127
Submitted by: Tomoyuki Sakurai <cherry@trombik.org>
OpenVAS stands for Open Vulnerability Assessment System and
is a network security scanner with associated tools like a
graphical user fontend. The core is a server component with
a set of network vulnerability tests (NVTs) to detect
security problems in remote systems and applications.
WWW: http://www.openvas.org/
PR: ports/123129
Submitted by: Tomoyuki Sakurai <cherry@trombik.org>
OpenVAS stands for Open Vulnerability Assessment System and
is a network security scanner with associated tools like a
graphical user fontend. The core is a server component with
a set of network vulnerability tests (NVTs) to detect
security problems in remote systems and applications.
WWW: http://www.openvas.org/
PR: ports/123131
Submitted by: Tomoyuki Sakurai <cherry@trombik.org>
passphrases. An object of this type is a passphrase recogniser: its
job is to recognise whether an offered passphrase is the right one.
For security, such passphrase recognisers usually do not themselves
know the passphrase they are looking for; they can merely recognise it
when they see it. There are many schemes in use to achieve this
effect, and the intent of this class is to provide a consistent
interface to them all, hiding the details.
The CPAN package Authen::Passphrase contains implementations of
several specific passphrase schemes in addition to the base class.
WWW: http://search.cpan.org/dist/Authen-Passphrase/
Approved by: erwin (mentor)
key setup very expensive. ("Eks" stands for "expensive key
schedule".) This doesn't make it significantly cryptographically
stronger, but is intended to hinder brute-force attacks. It also
makes it unsuitable for any application requiring key agility. It was
designed by Niels Provos and David Mazieres for password hashing in
OpenBSD.
Eksblowfish is a parameterised (family-keyed) cipher. It takes a cost
parameter that controls how expensive the key scheduling is. It also
takes a family key, known as the "salt". Cost and salt parameters
together define a cipher family. Within each family, a key determines
an encryption function in the usual way.
This distribution also includes an implementation of "bcrypt", the
Unix crypt() password hashing algorithm based on Eksblowfish.
WWW: http://search.cpan.org/dist/Crypt-Eksblowfish/
Approved by: erwin (mentor)
2008-04-07 net-mgmt/ap-utils: Does not work with gcc4.2; appears to be abandoned
2008-03-31 multimedia/xfce4-xmms-controller-plugin: Project is dead
2008-05-15 www/pear-HTTP_Session: Use www/pear-HTTP_Session2 instead
2008-05-04 security/bioapitool: All functionallity of this tools has been merged with pam_bsdbioapi
capable to perform an extensive database management system back-end
fingerprint, retrieve remote DBMS databases, usernames, tables, columns,
enumerate entire DBMS, read system files and much more taking advantage of web
application programming security flaws that lead to SQL injection
vulnerabilities.
WWW: http://sqlmap.sourceforge.net/
PR: ports/123851
Submitted by: Tomoyuki Sakurai <cherry at trombik.org>
Pwman3 is written in python. It uses sql for storage
and all data is encrypted when it isn't being viewed on screen.
WWW: http://pwman.bleurgh.com
PR: ports/123074
Submitted by: Yarodin <yarodin at gmail.com>
library.
Features
* Defaults to AES 128 CBC
* Will use the systems OpenSSL library for transparent hardware crypto
support
* Single class object oriented access to most commonly used features
* Ruby like
WWW: http://ezcrypto.rubyforge.org/
PR: ports/122805
Submitted by: Steven Kreuzer
The PHP OpenID library lets you enable OpenID authentication on sites built
using PHP. It features the OpenID consumer, Store implementations, and an
OpenID server.
WWW: http://openidenabled.com/php-openid/
2008-01-14 x11-themes/gtk-smooth-engine: Redundant port (now included in gtk-engines), no release since 2005
2007-09-21 security/amavis-perl: depends on misc/compat3x, which has security problems
2007-12-31 sysutils/cdbakeoven: Abandonware
2008-01-04 net/gnu-finger: no active development and known security vulnerabilities.
2007-11-16 misc/seizedesktop: development stalled for years, outdated, unmaintained
parts: EasyPG Assistant and EasyPG Library.
EasyPG Assistant is a set of convenient tools to use GnuPG from
Emacs. EasyPG Library is a sort of an elisp port of GPGME, a wrapper
library which provides API to access some of the GnuPG functions.
WWW: http://sourceforge.jp/projects/epg/
PR: ports/119008
Submitted by: Shota Iwazaki <iwazaki8 at yahoo.co.jp>
also referred to as type 7 passwords. Further you can
encrypt any given string into a encrypted hash that will
be accepted by any Cisco device as an encrypted type 7 password.
WWW: http://search.cpan.org/dist/Cisco-Hash/
PR: ports/120498
Submitted by: Tsung-Han Yeh <snowfly at yuntech.edu.tw>
in PHP5. Enables two parties without any prior knowledge of each other
establish a secure shared secret key across an insecure channel
of communication.
WWW: http://pear.php.net/package/Crypt_DiffieHellman/
PR: ports/120010
Submitted by: Ditesh Shashikant Gathani <ditesh at gathani.org>
enforcement of Windows 95/98/NT/3.x and Unix server administration through the
use of comparative system snapshots. FCheck can provide notification of any
differences found through use of your event management system, printer, and/or
email when any monitored files or directories are altered, including any
additions and/or deletions.
WWW: http://www.geocities.com/fcheck2000/
a web application that uses Microsoft SQL Server as its back-end.
Its main goal is to provide a remote shell on the vulnerable DB server,
even in a very hostile environment. It should be used by penetration
testers to help and automate the process of taking over a DB Server when
a SQL Injection vulnerability has been discovered.
WWW: http://sqlninja.sourceforge.net/
PR: ports/117276
Submitted by: Valerio Daelli <valerio.daelli at gmail.com>
A module that facilitates the dynamic creation of rules for snort.
PR: ports/120193
Submitted by: Paul Schmehl <pauls@utdallas.edu>
Approved by: garga (mentor)
- Maia Mailguard is a web-based interface and management system based on
the popular amavisd-new e-mail scanner and SpamAssassin. Written in Perl
and PHP, Maia Mailguard gives end-users control over how their mail is
processed by virus scanners and spam filters, while giving mail administrators
the power to configure site-wide defaults and limits.
WWW: http://www.maiamailguard.com/
PR: ports/119325
Submitted by: Janky Jay <ek@purplehat.org> (maintainer)
Approved by: linimon (mentor)
Guard (GPG). It requires the GPG executable to be on the system.
Though GPG can support symmetric-key cryptography, this package is intended
only to facilitate public-key cryptography.
WWW: http://pear.php.net/package/Crypt_GPG/
XORSearch is a program to search for a given string in an XOR or
ROL encoded binary file. An XOR encoded binary file is a file where
some (or all) bytes have been XORed with a constant value (the key).
A ROL (or ROR) encoded file has it bytes rotated by a certain number
of bits (the key). XOR and ROL/ROR encoding is used by malware
programmers to obfuscate strings like URLs.
XORSearch will try all XOR keys (0 to 255) and ROL keys (1 to 7)
when searching. I programmed XORSearch to include key 0, because
this allows to search in an unencoded binary file (X XOR 0 equals
X).
If the search string is found, XORSearch will print it until the 0
(byte zero) is encountered or until 50 characters have been printed,
which ever comes first. 50 is the default value, it can be changed
with option -l. Unprintable characters are replaced by a dot.
WWW: http://blog.didierstevens.com/programs/xorsearch/
Author: Didier Stevens
compressed file's password. If you forget your encrypted file password,
this program is the solution. This program can crack zip,7z and rar file
passwords.
WWW: http://sourceforge.net/projects/rarcrack
PR: ports/117630
Submitted by: Philippe Audeoud <jadawin at tuxaco.net>
software supports ike v1 communications between two gateways or a
a client and a gateway.
For more information please visit ...
WWW: http://www.shrew.net/
PR: ports/116684
Submitted by: mgrooms at shrew.net
of TIS fwtk and maintains API backwards compatibility. The design goal
is to make it simple yet powerful; no performance hacks allowed in the
code and library dependencies are reduced to minimum.
WWW: http://sourceforge.net/projects/openfwtk
PR: ports/117194
Submitted by: Anton Karpov <toxa at toxahost.ru>
It performs "black-box" scans, i.e. it does not study the source code of
the application but will scans the webpages of the deployed webapp,
looking for scripts and forms where it can inject data.
Once it gets this list, Wapiti acts like a fuzzer, injecting payloads to
see if a script is vulnerable.
WWW: http://wapiti.sourceforge.net/
PR: ports/116873
Submitted by: Philippe Audeoud <jadawin at tuxaco.net>
AfterGlow is a collection of scripts which facilitate the
process of generating event graphs and treemaps. AfterGlow
1.x is written in Perl and generates output that can be
read by GraphViz or LGL. All the scripts and other files
for afterglow are installed in ${DATADIR}
WWW: http://sourceforge.net/projects/afterglow
PR: ports/115186
Submitted by: Paul Schmehl <pauls@utdallas.edu>
ssss is an implementation of Shamir's secret sharing scheme
for UNIX/linux machines. It is free software, the code is
licensed under the GNU GPL. ssss does both: the generation
of shares for a known secret and the reconstruction of a
secret using user provided shares. The software was written
in 2006 by B. Poettering, it links against the GNU libgmp
multiprecision library (version 4.1.4 works well) and
requires the /dev/random entropy source.
PR: ports/115949
Submitted by: Lukasz Komsta <luke@novum.am.lublin.pl>
The seccure toolset implements a selection of asymmetric
algorithms based on elliptic curve cryptography (ECC). In
particular it offers public key encryption / decryption,
signature generation / verification and key establishment.
ECC schemes offer a much better key size to security ratio
than classical systems (RSA, DSA). Keys are short enough
to make direct specification of keys on the command line
possible (sometimes this is more convenient than the
management of PGP-like key rings). seccure builds on this
feature and therefore is the tool of choice whenever
lightweight asymmetric cryptography -- independent of key
servers, revocation certificates, the Web of Trust or even
configuration files -- is required.
PR: ports/115943
Submitted by: Lukasz Komsta <luke@novum.am.lublin.pl>
New port of Hamachi VPN, using Linux official binary and a
patch on tuncfg.c based on the official OSX release.
Hamachi is a software that eases the creation of secure
VPNs even between nodes that would not be able to connect
to each other (server-assisted connection can be established
from two NATted client, if at least one of the two NAT
associates the port to the client not checking remote host).
UPX port is required in order to decompress the linux binary
and avoid run-time dependency on /proc.
PR: ports/112982
Submitted by: Lapo Luchini <lapo@lapo.it>
The OpenVPN Auth-LDAP Plugin implements username/password
authentication via LDAP for OpenVPN 2.x. It also includes
some integration with the OpenBSD packet filter, supporting
adding and removing VPN clients from PF tables.
WWW: http://dpw.threerings.net/projects/openvpn-auth-ldap/
PR: ports/113925
Submitted by: Nick Barkas <snb@threerings.net>
This is a Python based package of tools that can be used to assess
the security of a web server (including automated advanced tests,
e.g. for XSS or SQL injection vulnerabilities).
I did not get this port to work with the py-google port, there for
a local copy of pygoogle is included and packaged with this port.
and extracts sessions for a number of different appplications:
ssh, telnet, smtp, irc, ftp, etc. The data are formatted into
an html file and can be used to replay some sessions.
Sshkeydata is a perl script that attempts to recreate ssh
sessions extracted by chaosreader by estimating what commands
may have been typed.
Both scripts are installed in ${PREFIX}/bin
WWW: http://sourceforge.net/projects/chaosreader
PR: ports/115125
Submitted by: pauls
Net::Server::Mail::ESMTP::AUTH is an extension to provide
support for SMTP authentication with Net::Server::Mail::ESMTP
module.
Currently only LOGIN and PLAIN methods are supported.
WWW: http://search.cpan.org/dist/Net-Server-Mail-ESMTP-AUTH/
Author: Sylvain Cresto <scresto [_at_] gmail.com>
PR: ports/114785 (with corrections)
Submitted by: Zane C. Bowers <vvelox@vvelox.net>
ClamTk is a GUI front-end for ClamAV using gtk2-perl. It is designed to
be an easy-to-use frontend for Unix systems.
WWW: http://clamtk.sourceforge.net/
Author: Dave M <dave.nerd@gmail.com>
provides Web Single SignOn (SSO) across or within organizational
boundaries. It allows sites to make informed authorization decisions
for individual access of protected online resources in a
privacy-preserving manner.
This software is a C++ implementation of the Service Provider
component of the Shibboleth can be used in Apache Web servers. The
service provider manages secured resources. User access to resources
is based on assertions received by the service provider (SP) from
an identity provider.
WWW: http://shibboleth.internet2.edu/
PR: ports/114663
Submitted by: Janos Mohacsi <janos.mohacsi@bsd.hu>
Alliance standards; it defines processes for federated identities,
single sign-on and related protocols. Lasso is built on top of
libxml2, XMLSec and OpenSSL and is licensed under the GNU General
Public License (with an OpenSSL exception).
WWW: http://lasso.entrouvert.org/
PR: ports/114639
Submitted by: Gea-Suan Lin <gslin at gslin.org>
