Commit graph

1001 commits

Author SHA1 Message Date
Cy Schubert
e6b64bdbf9 Retire fwbuilder and libfwbuilder version 2. They are no longer supported
by their developer.
2008-11-06 01:09:10 +00:00
Marcelo Araujo
ed985f6615 - libpwstor is a library implementing a password storage format
for C programmers.  This format provides a reasonable level of
security by utilizing SHA-256 in addition to a random salt to
mitigate dictionary and rainbow table attacks.

WWW: http://sourceforge.net/projects/kageki

PR:		ports/128328
Submitted by:	Matt D. Harris <mattdharris@users.sourceforge.net>
Reworked by:	myself
2008-10-24 16:08:00 +00:00
Martin Wilke
7b79f0ccb4 Tuntun is an applet for Gnome panel that manage a list of vpn connections
through the OpenVPN Management Interface.

Main features

 * Simple & lightweight just a client GUI to start/stop your OpenVPN tunnels
   and nothing more
 * Integrated with the Gnome Desktop (support for the Keyring and notification
   daemon)
 * Support for Auth and Private-Key OpenVPN authentication methods

 WWW:	http://code.google.com/p/tuntun/

PR:		ports/128097
Submitted by:	Anderson S. Ferreira <anderson at cnpm.embrapa.br>
2008-10-16 21:43:35 +00:00
Peter Pentchev
481da2d4cc Initial import of paperkey-0.8, a simple tool for extracting the truly
secret parts of a PGP secret key for backup purposes.

Obtained from:	http://www.jabberwocky.com/software/paperkey/
Author:		David Shaw <dshaw@jabberwocky.com>
2008-10-06 14:09:46 +00:00
Emanuel Haupt
99207a0b60 Add op 1.32, controlled privilege escalation tool 2008-09-30 14:03:37 +00:00
Martin Wilke
43254f4a72 HTML_Crypt provides methods to encrypt text, which can be later be decrypted
using JavaScript on the client side.

This is very useful to prevent spam robots collecting email addresses from your
site, included is a method to add mailto links to the text being generated.

WWW:	http://pear.php.net/package/HTML_Crypt
2008-09-23 08:09:18 +00:00
Martin Wilke
785015f0b9 This package allows you to encrypt and decrypt strings or long integer arrays
with the XXTEA encryption algorithm, which is secure, fast and suitable for web
development.

WWW:	http://pear.php.net/package/Crypt_XXTEA
2008-09-23 08:08:31 +00:00
Martin Wilke
5837bf2776 Provides methods needed to generate and verify MicroIDs.
WWW:	http://pear.php.net/package/Crypt_MicroID/
2008-09-23 08:07:57 +00:00
Martin Wilke
2661e4d8e2 pycryptopp is a set of Python wrappers for a few of
the best crypto algorithms from the Crypto++ library.

WWW:   http://allmydata.org/trac/pycryptopp

PR:		ports/126977
Submitted by:	Wen Heping <wenheping at gmail.com>
2008-09-05 14:23:43 +00:00
Jean Milanez Melo
21dd0fcf29 - Add entry for security/snortsam. 2008-09-03 23:03:30 +00:00
Cy Schubert
5583daec2c Welcome fwbuilder and libfwbuilder 3.0.0, replacing 2.1.19. The old version
is deprecated and scheduled for deletion as it is no longer supported by its
author.
2008-09-02 21:32:26 +00:00
Martin Wilke
991984ad31 This is a Camellia package for Ruby. Camellia engine is implemented in "C".
Supported key length : 128bit/192bit/256bit
Supported modes of operation : ECB/CFB/CBC

WWW:	http://info.isl.ntt.co.jp/crypt/eng/camellia/index.html

PR:		ports/126390
Submitted by:	Yoshisato YANAGISAWA <osho at pcc-software.org>
2008-08-13 07:26:06 +00:00
Joe Marcus Clarke
55278cda1b Add pam_helper, a small utility which allows non-PAM or non-setuid
applications to make use of PAM's authentication services.
2008-08-09 07:53:16 +00:00
Alexey Dokuchaev
942d912ee5 Switzerland is a tool for testing networks, ISPs, and firewalls developed
by the Electronic Frontier Foundation (www.eff.org).

WWW: http://www.eff.org/testyourisp/switzerland
2008-08-08 10:17:13 +00:00
Martin Wilke
7e45300e38 Taking a hint from the similarly-named Java Cryptography Architecture,
QCA aims to provide a straightforward and cross-platform crypto
API, using Qt datatypes and conventions. QCA separates the API from
the implementation, using plugins known as Providers. The advantage
of this model is to allow applications to avoid linking to or
explicitly depending on any particular cryptographic library. This
allows one to easily change or upgrade crypto implementations
without even needing to recompile the application. QCA should work
everywhere Qt does, including Windows/Unix/MacOSX.

Capabilities:
TLS, CMS, X.509, RSA, DSA, Diffie-Hellman, PKCS#7, PKCS#12, SHA0,
SHA1, SHA224, SHA256, SHA384, SHA512, MD2, MD4, MD5, RIPEMD160,
Blowfish, DES, 3DES, AES128, AES192, AES256, CAST5, HMAC(SHA1, MD5,
RIPEMD160), PBKDF1(MD2, SHA1), PBKDF2(SHA1)

WWW: http://delta.affinix.com/qca/
2008-08-05 00:12:57 +00:00
Li-Wen Hsu
a450e37ff7 Add sshguard-ipfilter, protect hosts from brute force attacks against
ssh and other services using ipfilter.

PR:		ports/125975
Submitted by:	Mij <mij at bitchx.it>
2008-07-26 13:54:03 +00:00
Beech Rintoul
7d1ecb1bb4 ssl-admin was designed to create a user-friendly, menu-driven interface
to the OpenSSL programs.

ssl-admin will help you do the following tasks with SSL certificates:
  * Create your own CA certificate.
  * Create new Certificate Signing Requests
  * Sign existing Certificate Signing Requests
  * Manage Certificate Revokation Lists
  * Export configurations and certificates for OpenVPN.

PR:		ports/125875
Submitted by:	Eric Crist <ecrist at secure-computing.net>
2008-07-26 03:19:08 +00:00
Wesley Shields
1f0de0e8e8 New port: FlowTag is a GUI interface for exploring the TCP flows in a
PCAP file.  It's strengths lie in:

   * rapid reconstruction of flows (via indexing),
   * visual selection of source IP and destination TCP ports;
   * filtering by time, packet count, and/or byte count
   * tagging flows with keywords

PR:		ports/125624
Submitted by:	Lee Hinman <lee@writequit.org>
2008-07-18 13:20:51 +00:00
Beech Rintoul
d1db430476 - New port p5-Crypt-OpenSSL-AES-0.02
The Crypt::OpenSSL::AES module implements a wrapper around
OpenSSL's AES (Rijndael) library.

PR:		ports/125387
Submitted by:	John Ferrell <jdferrell3 at yahoo.com>
2008-07-09 04:27:39 +00:00
Pav Lucistnik
19fd4a8b23 Ratproxy is a semi-automated, largely passive web application security audit
tool. It is meant to complement active crawlers and manual proxies more
commonly used for this task, and is optimized specifically for an accurate and
sensitive detection, and automatic annotation, of potential problems and
security-relevant design patterns based on the observation of existing,
user-initiated traffic in complex web 2.0 environments.

WWW: http://code.google.com/p/ratproxy/

PR:		ports/125249
Submitted by:	Steven Kreuzer <skreuzer@exit2shell.com>
2008-07-08 21:35:23 +00:00
Marcelo Araujo
c8d9993367 Net::SSH::Gateway is a library for programmatically tunneling connections to
servers via a single "gateway" host. It is useful for establishing Net::SSH
connections to servers behind firewalls, but can also be used to forward ports
and establish connections of other types, like HTTP, to servers with i
restricted access.

* Easily manage forwarded ports
* Establish Net::SSH connections through firewalls

WWW: http://net-ssh.rubyforge.org/gateway

PR:		ports/125053
Submitted by:	Philip M. Gollucci <pgollucci@p6m7g8.com>
2008-07-05 23:06:19 +00:00
Marcelo Araujo
38fff32d11 Net::SCP is a pure-Ruby implementation of the SCP protocol. This operates over
SSH (and requires the Net::SSH library), and allows files and directory trees
to copied to and from a remote server.

* Transfer files or entire directory trees to or from a remote host via SCP
* Can preserve file attributes across transfers
* Can download files in-memory, or direct-to-disk
* Support for SCP URI's, and OpenURI

WWW: http://net-ssh.rubyforge.org/scp

PR:		ports/125052
Submitted by:	Philip M. Gollucci <pgollucci@p6m7g8.com>
2008-07-05 23:03:07 +00:00
Simon L. B. Nielsen
0cb1d7b8dc Retire the ca-roots ports, which expired long ago.
The port is deprecated since it is not supported by the FreeBSD
Security Officer anymore.  The reason for this is that the ca-roots
port makes promises with regard to CA verification which the current
Security Officer (and deputy) do not want to make.

For people who need a general root certificate list see the
security/ca_root_ns, but note that the difference in guarantees with
regard to which CAs are included in ca_root_ns vs. ca-roots.  The
ca_root_ns port basically makes no guarantees other than that the
certificates comes from the Mozilla project.

Note that the ca-roots MOVED file entry on purpose does not point at
ca_root_ns due to the change in CA guarantees.

With hat:	security-officer
2008-06-29 16:48:01 +00:00
Mark Linimon
2acbbfeef7 s/pear-Auth_OpenID2/php-Auth_OpenID2/ to go with what was actually
repocopied.

Reported by:	portsmon
2008-06-26 06:31:32 +00:00
Edwin Groothuis
1c31ebf4f5 [repocopy] security/php-Auth_OpenID -> security/php-Auth_OpenID2
Now supporting OpenID protocol version 2

PR:		ports/124737
Submitted by:	Edwin Groothuis <edwin@mavetju.org>
2008-06-24 13:04:04 +00:00
Roman Bogorodskiy
d05287091d Remove security/gnutls-devel for a time while the experimental branch
is not active.
2008-06-23 17:34:35 +00:00
Pav Lucistnik
ee5c0a974d - Delete expired security/amavisd port: depends on misc/compat3x, which has
security problems; old version
2008-06-18 23:15:47 +00:00
Pav Lucistnik
f7c224c164 - Expired: No longer supported. Use p5-openxpki-client-html-mason instead 2008-06-18 21:00:59 +00:00
Pav Lucistnik
e6aabc2ce1 Delete security/cyrus-sasl, it has been expired for a year and a half. 2008-06-17 19:01:59 +00:00
Edwin Groothuis
be29a34732 New port: security/fwknop fwknop,"FireWall KNock OPerator", implements
Single Packet Authorization (SPA).

	fwknop stands for the "FireWall KNock OPerator", and
	implements an authorization scheme called Single Packet
	Authorization (SPA). This method of authorization is based
	around a default-drop packet filter (fwknop supports both
	iptables on Linux systems and ipfw on FreeBSD and Mac OS X
	systems) and libpcap.

	SPA requires only a single encrypted packet in order to
	communicate various pieces of information including desired
	access through an iptables policy and/or complete commands
	to execute on the target system. By using iptables to
	maintain a "default drop" stance, the main application of
	this program is to protect services such as OpenSSH with
	an additional layer of security in order to make the
	exploitation of vulnerabilities (both 0-day and unpatched
	code) much more difficult. With fwknop deployed, anyone
	using nmap to look for sshd can't even tell that it is
	listening; it makes no difference if they have a 0-day
	exploit or not. The authorization server passively monitors
	authorization packets via libcap and hence there is no
	"server" to which to connect in the traditional sense.
	Access to a protected service is only granted after a valid
	encrypted and non-replayed packet is monitored from an
	fwknop client (see the following network diagram; the SSH
	session can only take place after the SPA packet is monitored):

PR:		ports/118229
Submitted by:	Sean Greven <sean.greven@gmail.com>
2008-06-13 03:43:51 +00:00
Philippe Audeoud
f5a4191b5c SpyBye is a tool to help web masters determine if their web pages
are hosting browser exploits that can infect visiting users with
malware. It functions as an HTTP proxy server and intercepts all
browser requests. SpyBye uses a few simple rules to determine if
embedded links on your web page are harmlesss, unknown or maybe
even dangerous.

SpyBye analyzes all downloads in the background and provides you
with a warning notification whenever it encounters content that
is potentially malicious. At that point, you can click on the link
in the notification and receive a more detailed analysis of the web page.

WWW: http://www.spybye.org/

PR:		ports/123945
Submitted by:	Paul Schmel <pauls utdallas.edu>
Approved by:	tabthorpe (mentor)
2008-06-05 19:40:32 +00:00
Edwin Groothuis
b998e4e008 [NEW PORT] security/openvas-server: A security scanner: a fork of Nessus
OpenVAS stands for Open Vulnerability Assessment System and
	is a network security scanner with associated tools like a
	graphical user fontend. The core is a server component with
	a set of network vulnerability tests (NVTs) to detect
	security problems in remote systems and applications.

	WWW: http://www.openvas.org/

PR:		ports/123128
Submitted by:	Tomoyuki Sakurai <cherry@trombik.org>
2008-06-04 13:18:59 +00:00
Edwin Groothuis
cbc685fd82 [NEW PORT] security/openvas-plugins: Plugins for OpenVAS
OpenVAS stands for Open Vulnerability Assessment System and
	is a network security scanner with associated tools like a
	graphical user fontend. The core is a server component with
	a set of network vulnerability tests (NVTs) to detect
	security problems in remote systems and applications.

	WWW: http://www.openvas.org/

PR:		ports/123130
Submitted by:	Tomoyuki Sakurai <cherry@trombik.org>
2008-06-04 13:17:20 +00:00
Edwin Groothuis
2b7aa4172c [NEW PORT] security/openvas-libraries: Libraries for OpenVAS
OpenVAS stands for Open Vulnerability Assessment System and
	is a network security scanner with associated tools like a
	graphical user fontend. The core is a server component with
	a set of network vulnerability tests (NVTs) to detect
	security problems in remote systems and applications.

	WWW: http://www.openvas.org/

PR:		ports/123127
Submitted by:	Tomoyuki Sakurai <cherry@trombik.org>
2008-06-04 13:15:44 +00:00
Edwin Groothuis
654aeea25d [NEW PORT] security/openvas-libnasl: NASL libraries for OpenVAS
OpenVAS stands for Open Vulnerability Assessment System and
	is a network security scanner with associated tools like a
	graphical user fontend. The core is a server component with
	a set of network vulnerability tests (NVTs) to detect
	security problems in remote systems and applications.

	WWW: http://www.openvas.org/

PR:		ports/123129
Submitted by:	Tomoyuki Sakurai <cherry@trombik.org>
2008-06-04 13:14:01 +00:00
Edwin Groothuis
63b216ec54 [NEW PORT] security/openvas-client: A GUI client for OpenVAS
OpenVAS stands for Open Vulnerability Assessment System and
	is a network security scanner with associated tools like a
	graphical user fontend. The core is a server component with
	a set of network vulnerability tests (NVTs) to detect
	security problems in remote systems and applications.

	WWW: http://www.openvas.org/

PR:		ports/123131
Submitted by:	Tomoyuki Sakurai <cherry@trombik.org>
2008-06-04 13:12:03 +00:00
Felippe de Meirelles Motta
2c95e37407 SquidClamAV is an interface to perform antivirus checks on data passing through Squid Proxy.
WWW: http://www.samse.fr/GPL/squidclamav/

PR:		ports/119236
Submitted by:	Laurent LEVIER <llevier@argosnet.com>
Approved by:	araujo (mentor)
2008-06-03 02:49:07 +00:00
Henrik Brix Andersen
5027b59c5e This is the base class for a system of objects that encapsulate
passphrases.  An object of this type is a passphrase recogniser: its
job is to recognise whether an offered passphrase is the right one.
For security, such passphrase recognisers usually do not themselves
know the passphrase they are looking for; they can merely recognise it
when they see it.  There are many schemes in use to achieve this
effect, and the intent of this class is to provide a consistent
interface to them all, hiding the details.

The CPAN package Authen::Passphrase contains implementations of
several specific passphrase schemes in addition to the base class.

WWW: http://search.cpan.org/dist/Authen-Passphrase/

Approved by:	erwin (mentor)
2008-06-01 21:01:12 +00:00
Henrik Brix Andersen
dd297c8112 Perl XS interface for a portable traditional crypt function.
WWW: http://search.cpan.org/dist/Crypt/UnixCrypt_XS/

Approved by:	erwin (mentor)
2008-06-01 20:59:20 +00:00
Henrik Brix Andersen
5fbae18db0 Eksblowfish is a variant of the Blowfish cipher, modified to make the
key setup very expensive.  ("Eks" stands for "expensive key
schedule".)  This doesn't make it significantly cryptographically
stronger, but is intended to hinder brute-force attacks.  It also
makes it unsuitable for any application requiring key agility.  It was
designed by Niels Provos and David Mazieres for password hashing in
OpenBSD.

Eksblowfish is a parameterised (family-keyed) cipher.  It takes a cost
parameter that controls how expensive the key scheduling is.  It also
takes a family key, known as the "salt".  Cost and salt parameters
together define a cipher family.  Within each family, a key determines
an encryption function in the usual way.

This distribution also includes an implementation of "bcrypt", the
Unix crypt() password hashing algorithm based on Eksblowfish.

WWW: http://search.cpan.org/dist/Crypt-Eksblowfish/

Approved by:	erwin (mentor)
2008-06-01 20:58:23 +00:00
Henrik Brix Andersen
5b499869df This perl module implements the LGI$HPWD password hashing function
from VMS, and some associated VMS username and password handling
functions.

WWW: http://search.cpan.org/dist/Authen-DecHpwd/

Approved by:	erwin (mentor)
2008-06-01 20:57:22 +00:00
Martin Wilke
192e2cf766 2008-05-15 net-p2p/dclibc: Abandoned, not used, website disappeared
2008-04-07 net-mgmt/ap-utils: Does not work with gcc4.2; appears to be abandoned
2008-03-31 multimedia/xfce4-xmms-controller-plugin: Project is dead
2008-05-15 www/pear-HTTP_Session: Use www/pear-HTTP_Session2 instead
2008-05-04 security/bioapitool: All functionallity of this tools has been merged with pam_bsdbioapi
2008-05-30 19:15:53 +00:00
Rong-En Fan
a3fc1c77b5 sqlmap is an automatic SQL injection tool entirely developed in Python. It is
capable to perform an extensive database management system back-end
fingerprint, retrieve remote DBMS databases, usernames, tables, columns,
enumerate entire DBMS, read system files and much more taking advantage of web
application programming security flaws that lead to SQL injection
vulnerabilities.

WWW:	http://sqlmap.sourceforge.net/

PR:		ports/123851
Submitted by:	Tomoyuki Sakurai <cherry at trombik.org>
2008-05-22 10:24:56 +00:00
Rong-En Fan
a4c22a85d4 Pwman3 is a console based password management application.
Pwman3 is written in python. It uses sql for storage
and all data is encrypted when it isn't being viewed on screen.

WWW: http://pwman.bleurgh.com

PR:		ports/123074
Submitted by:	Yarodin <yarodin at gmail.com>
2008-05-06 03:09:35 +00:00
Marcelo Araujo
dc1a37eb33 - Project was renamed security/barnyard-sguil6 to security/barnyard-sguil.
PR:		ports/122648, ports/122700
Submitted by:	Paul Schmehl <pauls@utdallas.edu> (maintainer)
2008-05-03 13:19:34 +00:00
Brooks Davis
a48d77bbbc Admit I'm never going to actually fix security/drupal4-ldap_integration,
particularly since it's clear no one uses it and remove it from the tree.
2008-04-30 18:54:45 +00:00
Pav Lucistnik
caab36701d - Remove, it's ancient and newer version is included in base of all supported
releases

Suggested by:	sam
2008-04-25 23:21:09 +00:00
Cheng-Lung Sung
142e001b57 EzCrypto is an easy to use wrapper around the poorly documented OpenSSL ruby
library.

Features
    * Defaults to AES 128 CBC
    * Will use the systems OpenSSL library for transparent hardware crypto
      support
    * Single class object oriented access to most commonly used features
    * Ruby like

WWW:  http://ezcrypto.rubyforge.org/

PR:		ports/122805
Submitted by:	Steven Kreuzer
2008-04-16 06:49:40 +00:00
Simon Barner
9d891d2bd5 Add fprint_demo 0.4, demo and test application for libfprint. 2008-04-15 21:15:40 +00:00
Simon Barner
aca903d334 Add pam_fprint 0.2, PAM module offering finger print authentication
using libfprint.
2008-04-15 21:15:09 +00:00