for C programmers. This format provides a reasonable level of
security by utilizing SHA-256 in addition to a random salt to
mitigate dictionary and rainbow table attacks.
WWW: http://sourceforge.net/projects/kageki
PR: ports/128328
Submitted by: Matt D. Harris <mattdharris@users.sourceforge.net>
Reworked by: myself
through the OpenVPN Management Interface.
Main features
* Simple & lightweight just a client GUI to start/stop your OpenVPN tunnels
and nothing more
* Integrated with the Gnome Desktop (support for the Keyring and notification
daemon)
* Support for Auth and Private-Key OpenVPN authentication methods
WWW: http://code.google.com/p/tuntun/
PR: ports/128097
Submitted by: Anderson S. Ferreira <anderson at cnpm.embrapa.br>
using JavaScript on the client side.
This is very useful to prevent spam robots collecting email addresses from your
site, included is a method to add mailto links to the text being generated.
WWW: http://pear.php.net/package/HTML_Crypt
the best crypto algorithms from the Crypto++ library.
WWW: http://allmydata.org/trac/pycryptopp
PR: ports/126977
Submitted by: Wen Heping <wenheping at gmail.com>
QCA aims to provide a straightforward and cross-platform crypto
API, using Qt datatypes and conventions. QCA separates the API from
the implementation, using plugins known as Providers. The advantage
of this model is to allow applications to avoid linking to or
explicitly depending on any particular cryptographic library. This
allows one to easily change or upgrade crypto implementations
without even needing to recompile the application. QCA should work
everywhere Qt does, including Windows/Unix/MacOSX.
Capabilities:
TLS, CMS, X.509, RSA, DSA, Diffie-Hellman, PKCS#7, PKCS#12, SHA0,
SHA1, SHA224, SHA256, SHA384, SHA512, MD2, MD4, MD5, RIPEMD160,
Blowfish, DES, 3DES, AES128, AES192, AES256, CAST5, HMAC(SHA1, MD5,
RIPEMD160), PBKDF1(MD2, SHA1), PBKDF2(SHA1)
WWW: http://delta.affinix.com/qca/
to the OpenSSL programs.
ssl-admin will help you do the following tasks with SSL certificates:
* Create your own CA certificate.
* Create new Certificate Signing Requests
* Sign existing Certificate Signing Requests
* Manage Certificate Revokation Lists
* Export configurations and certificates for OpenVPN.
PR: ports/125875
Submitted by: Eric Crist <ecrist at secure-computing.net>
The Crypt::OpenSSL::AES module implements a wrapper around
OpenSSL's AES (Rijndael) library.
PR: ports/125387
Submitted by: John Ferrell <jdferrell3 at yahoo.com>
tool. It is meant to complement active crawlers and manual proxies more
commonly used for this task, and is optimized specifically for an accurate and
sensitive detection, and automatic annotation, of potential problems and
security-relevant design patterns based on the observation of existing,
user-initiated traffic in complex web 2.0 environments.
WWW: http://code.google.com/p/ratproxy/
PR: ports/125249
Submitted by: Steven Kreuzer <skreuzer@exit2shell.com>
servers via a single "gateway" host. It is useful for establishing Net::SSH
connections to servers behind firewalls, but can also be used to forward ports
and establish connections of other types, like HTTP, to servers with i
restricted access.
* Easily manage forwarded ports
* Establish Net::SSH connections through firewalls
WWW: http://net-ssh.rubyforge.org/gateway
PR: ports/125053
Submitted by: Philip M. Gollucci <pgollucci@p6m7g8.com>
SSH (and requires the Net::SSH library), and allows files and directory trees
to copied to and from a remote server.
* Transfer files or entire directory trees to or from a remote host via SCP
* Can preserve file attributes across transfers
* Can download files in-memory, or direct-to-disk
* Support for SCP URI's, and OpenURI
WWW: http://net-ssh.rubyforge.org/scp
PR: ports/125052
Submitted by: Philip M. Gollucci <pgollucci@p6m7g8.com>
The port is deprecated since it is not supported by the FreeBSD
Security Officer anymore. The reason for this is that the ca-roots
port makes promises with regard to CA verification which the current
Security Officer (and deputy) do not want to make.
For people who need a general root certificate list see the
security/ca_root_ns, but note that the difference in guarantees with
regard to which CAs are included in ca_root_ns vs. ca-roots. The
ca_root_ns port basically makes no guarantees other than that the
certificates comes from the Mozilla project.
Note that the ca-roots MOVED file entry on purpose does not point at
ca_root_ns due to the change in CA guarantees.
With hat: security-officer
Single Packet Authorization (SPA).
fwknop stands for the "FireWall KNock OPerator", and
implements an authorization scheme called Single Packet
Authorization (SPA). This method of authorization is based
around a default-drop packet filter (fwknop supports both
iptables on Linux systems and ipfw on FreeBSD and Mac OS X
systems) and libpcap.
SPA requires only a single encrypted packet in order to
communicate various pieces of information including desired
access through an iptables policy and/or complete commands
to execute on the target system. By using iptables to
maintain a "default drop" stance, the main application of
this program is to protect services such as OpenSSH with
an additional layer of security in order to make the
exploitation of vulnerabilities (both 0-day and unpatched
code) much more difficult. With fwknop deployed, anyone
using nmap to look for sshd can't even tell that it is
listening; it makes no difference if they have a 0-day
exploit or not. The authorization server passively monitors
authorization packets via libcap and hence there is no
"server" to which to connect in the traditional sense.
Access to a protected service is only granted after a valid
encrypted and non-replayed packet is monitored from an
fwknop client (see the following network diagram; the SSH
session can only take place after the SPA packet is monitored):
PR: ports/118229
Submitted by: Sean Greven <sean.greven@gmail.com>
are hosting browser exploits that can infect visiting users with
malware. It functions as an HTTP proxy server and intercepts all
browser requests. SpyBye uses a few simple rules to determine if
embedded links on your web page are harmlesss, unknown or maybe
even dangerous.
SpyBye analyzes all downloads in the background and provides you
with a warning notification whenever it encounters content that
is potentially malicious. At that point, you can click on the link
in the notification and receive a more detailed analysis of the web page.
WWW: http://www.spybye.org/
PR: ports/123945
Submitted by: Paul Schmel <pauls utdallas.edu>
Approved by: tabthorpe (mentor)
OpenVAS stands for Open Vulnerability Assessment System and
is a network security scanner with associated tools like a
graphical user fontend. The core is a server component with
a set of network vulnerability tests (NVTs) to detect
security problems in remote systems and applications.
WWW: http://www.openvas.org/
PR: ports/123128
Submitted by: Tomoyuki Sakurai <cherry@trombik.org>
OpenVAS stands for Open Vulnerability Assessment System and
is a network security scanner with associated tools like a
graphical user fontend. The core is a server component with
a set of network vulnerability tests (NVTs) to detect
security problems in remote systems and applications.
WWW: http://www.openvas.org/
PR: ports/123130
Submitted by: Tomoyuki Sakurai <cherry@trombik.org>
OpenVAS stands for Open Vulnerability Assessment System and
is a network security scanner with associated tools like a
graphical user fontend. The core is a server component with
a set of network vulnerability tests (NVTs) to detect
security problems in remote systems and applications.
WWW: http://www.openvas.org/
PR: ports/123127
Submitted by: Tomoyuki Sakurai <cherry@trombik.org>
OpenVAS stands for Open Vulnerability Assessment System and
is a network security scanner with associated tools like a
graphical user fontend. The core is a server component with
a set of network vulnerability tests (NVTs) to detect
security problems in remote systems and applications.
WWW: http://www.openvas.org/
PR: ports/123129
Submitted by: Tomoyuki Sakurai <cherry@trombik.org>
OpenVAS stands for Open Vulnerability Assessment System and
is a network security scanner with associated tools like a
graphical user fontend. The core is a server component with
a set of network vulnerability tests (NVTs) to detect
security problems in remote systems and applications.
WWW: http://www.openvas.org/
PR: ports/123131
Submitted by: Tomoyuki Sakurai <cherry@trombik.org>
passphrases. An object of this type is a passphrase recogniser: its
job is to recognise whether an offered passphrase is the right one.
For security, such passphrase recognisers usually do not themselves
know the passphrase they are looking for; they can merely recognise it
when they see it. There are many schemes in use to achieve this
effect, and the intent of this class is to provide a consistent
interface to them all, hiding the details.
The CPAN package Authen::Passphrase contains implementations of
several specific passphrase schemes in addition to the base class.
WWW: http://search.cpan.org/dist/Authen-Passphrase/
Approved by: erwin (mentor)
key setup very expensive. ("Eks" stands for "expensive key
schedule".) This doesn't make it significantly cryptographically
stronger, but is intended to hinder brute-force attacks. It also
makes it unsuitable for any application requiring key agility. It was
designed by Niels Provos and David Mazieres for password hashing in
OpenBSD.
Eksblowfish is a parameterised (family-keyed) cipher. It takes a cost
parameter that controls how expensive the key scheduling is. It also
takes a family key, known as the "salt". Cost and salt parameters
together define a cipher family. Within each family, a key determines
an encryption function in the usual way.
This distribution also includes an implementation of "bcrypt", the
Unix crypt() password hashing algorithm based on Eksblowfish.
WWW: http://search.cpan.org/dist/Crypt-Eksblowfish/
Approved by: erwin (mentor)
2008-04-07 net-mgmt/ap-utils: Does not work with gcc4.2; appears to be abandoned
2008-03-31 multimedia/xfce4-xmms-controller-plugin: Project is dead
2008-05-15 www/pear-HTTP_Session: Use www/pear-HTTP_Session2 instead
2008-05-04 security/bioapitool: All functionallity of this tools has been merged with pam_bsdbioapi
capable to perform an extensive database management system back-end
fingerprint, retrieve remote DBMS databases, usernames, tables, columns,
enumerate entire DBMS, read system files and much more taking advantage of web
application programming security flaws that lead to SQL injection
vulnerabilities.
WWW: http://sqlmap.sourceforge.net/
PR: ports/123851
Submitted by: Tomoyuki Sakurai <cherry at trombik.org>
Pwman3 is written in python. It uses sql for storage
and all data is encrypted when it isn't being viewed on screen.
WWW: http://pwman.bleurgh.com
PR: ports/123074
Submitted by: Yarodin <yarodin at gmail.com>
library.
Features
* Defaults to AES 128 CBC
* Will use the systems OpenSSL library for transparent hardware crypto
support
* Single class object oriented access to most commonly used features
* Ruby like
WWW: http://ezcrypto.rubyforge.org/
PR: ports/122805
Submitted by: Steven Kreuzer