to the execve() function provided by libc as to log every call
to syslog (authpriv). system administrators may find snoopy
useful in tasks such as light/heavy system monitoring, tracking other
administrator's actions as well as getting a good 'feel' of
what's going on in the system (for example apache running cgi
scripts).
WWW: http://sourceforge.net/projects/snoopylogger/
PR: ports/108691
Submitted by: Philippe Audeoud <jadawin at tuxaco.net>
AES, Blowfish, Cast5, IDEA and DES cyphers.
WWW: http://www.aolserver.com/
- Martin Matuska
martin@matuska.org
PR: ports/105781
Submitted by: Martin Matuska <martin@matuska.org>
Approved by: erwin (mentor)
with PKCS#11 providers for end-user applications.
pkcs11-helper allows using multiple PKCS#11 providers at
the same time, enumerating available token certificates, or
selecting a certificate directly by serialized id, handling
card removal and card insert events, handling card re-insert
to a different slot, supporting session expiration and much
more all using a simple API.
pkcs11-helper is not designed to manage card content, since
object attributes are usually vendor specific, and 99% of
application need to access existing objects in order to
perform signature and decryption.
WWW: http://www.opensc-project.org/pkcs11-helper/
2006-12-01 print/ec-fonts-mftraced: Installs files before 'make install'
2006-12-01 print/yatex-xemacs-mule: hangs during build
2006-12-01 security/gnu-crypto: Does not compile
2006-12-01 www/linux-beonex: Security issues. From http://www.beonex.com/ 'The currently available Beonex Communicator 0.8 builds have several known security bugs'
files.
The Windows systems (98, ME, 2000, XP and 2003 Server) can store thumbnails
and metadata of the picture files contained in the directories of its FAT32
or NTFS filesystems.
The thumbnails and associated metadata are stored in Thumbs.db files.
The Thumbs.db files are undocumented OLE structured files.
Once a picture file has been deleted from the filesystem, the related thumbnail
and associated metada remain stored in the Thumbs.db file. So, the data
contained in those Thumbs.db files are an helpful source of information
for the forensics investigator.
WWW: http://vinetto.sourceforge.net/
PR: ports/107235
Submitted by: Aleksander Fafula <alex at BSDGuru.org>
Pantera uses an improved version of SpikeProxy to provide a powerful web
application analysis engine.
Goals:
The primary goal of Pantera is to combine automated capabilities with complete
manual testing to get the best penetration testing results.
WWW: http://www.owasp.org/index.php/Category:OWASP_Pantera_Web_Assessment_Studio_Project
PR: ports/105291
Submitted by: Yonatan <onatan at gmail.com>
decentralized and doesn't entirely crumble if one company turns evil
or goes out of business.
An OpenID identity is just a URL. You can have multiple identities in
the same way you can have multiple URLs. All OpenID does is provide a
way to prove that you own a URL (identity).
Anybody can run their own site using OpenID, and anybody can be an
OpenID server, and they all work with each other without having to
register with or pay anybody to "get started". An owner of a URL can
pick which OpenID server to use.
WWW: http://www.openidenabled.com/openid/libraries/perl/
specification as well as making API changes that should make
integration with applications easier.
This library allows the use of XRI as OpenID identifiers, allowing users
to log in with their i-names. For full XRI compatibility,
relying parties integrating this library should take note of the user's
CanonicalID, as described in the "Identifying the End User" section of
the OpenID 2.0 specification.
WWW: http://www.openidenabled.com/openid/libraries/python/
maintains compatibility with Password Safe files. MyPasswordSafe has the
following features:
* Safes are encrypted when they are stored to disk.
* Passwords never have to be seen, because they are copied to the clipboard.
* Random passwords can be generated.
* Window size, position, and column widths are remembered.
* Passwords remain encrypted until they need to be decrypted at the dialog and
file levels.
* A safe can be made active so it will always be opened when MyPasswordSafe
starts.
* Supports Unicode in the safes.
* Languages supported: English and French.
WWW: http://www.semanticgap.com/myps/
Python secure hash and message digest module MD5, SHA1, SHA224, SHA256,
SHA384 and SHA512 (backported from Python 2.5 for use on 2.3 and 2.4)
WWW: http://code.krypto.org/python/hashlib/
examines the sequence of client-server exchanges, their relative
layer 7 payload sizes, and transmission intervals (as opposed to
inspecting the contents, which is what most passive fingerprinters
and "smart" sniffers would do to analyze transmissions). This is
then matched against a database of traffic pattern signatures to
infer some interesting facts about the traffic.
PR: ports/106351
Submitted by: trasz <trasz at pin.if.uz.zgora.pl>
ClamAV clamd service - an anti-virus daemon process.
You can find more information about clam anti-virus at
WWW: http://www.clamav.net/
File::Scan::ClamAV was originally based on the Clamd module
Submitted by: Jan-Peter Koopmann <Jan-Peter.Koopmann at seceidos.de>
an open source intrusion detection system.
The actual interface and GUI server are written in tcl/tk.
Sguil also relies on other open source software
in order to function properly.
The client requires gpg, iwidgets and other tcl packages and may
also use wireshark, festival and tls depending on your selection
of options. Run "make config" in the port to see what options
are available.
Sguil currently functions as an analysis interface and has
no snort sensor or rule management capabilities.
WWW: http://sguil.sourceforge.net/index.phppauls@utdallas.edu
PR: ports/105496
Submitted by: Paul Schmehl <pauls at utdallas.edu>
Platform-independent tool for Authenticode signing of EXE/CAB files - uses
OpenSSL and libcurl. It also supports timestamping.
PR: ports/105353
Submitted By: Nick Barkas <snb@threerings.net>
Approved By: flz (mentor)
Security Monitoring (NSM). NSM is the collection,
analysis, and escalation of indications and warnings
to detect and respond to intrusions. NSM tools are
used more for network audit and specialized
applications than traditional alert-centric "intrusion
detection" systems.
Want to learn more about Network Security Monitoring
(NSM)? Then check out Richard Bejtlich's recently
released book, The Tao of Network Security Monitoring:
Beyond Intrusion Detection. An excerpt reads:
"Network security monitoring (NSM) equips security
staff to deal with the inevitable consequences of too
few resources and too many responsibilities. NSM collects
the data needed to generate better assessment, detection,
and response processes--resulting in decreased impact from
unauthorized activities."
WWW: http://sguil.sourceforge.net/index.phppauls@utdallas.edu
PR: ports/104227
Submitted by: Paul Schmehl <pauls at utdallas.edu>
(www.snort.org), an open source intrusion detection system.
The actual interface and GUI server are written in tcl/tk
(www.tcl.tk). Sguil also relies on other open source software
in order to function properly.
The sensor list includes security/barnyard, security/snort,
security/sancp, tcpdump (a part of the OS) and devel/tcltls as
well as lang/tcl84 and lang/tclX. Care has been taken to ensure
that everything you need to build a working sguil operation is
in the FreeBSD ports system or part of the OS already.
Sguil currently functions as an analysis interface and has
no snort sensor or rule management capabilities.
WWW: http://sguil.sourceforge.net/index.phppauls@utdallas.edu
PR: ports/95018
Submitted by: Paul Schmehl <pauls at utdallas.edu>
This is the Metasploit Project. The goal is to provide useful
information to people who perform penetration testing, IDS signature
development, and exploit research. This site was created to fill the
gaps in the information publicly available on various exploitation
techniques and to create a useful resource for exploit developers. The
tools and information on this site are provided for legal penetration
testing and research purposes only.
This port is an in-development version of the upcoming Metasploit Framework.
It is based on Ruby instead of perl, and has a different license.
WWW: http://www.metasploit.org
PR: ports/101280
Submitted by: Yonatan <onatan at gmail.com>
over time. It does this by checking for changes on the target
machine(s), which includes the details about the services running on
them as well as the service state. PBNJ parses the data from a scan
and stores it in a database. PBNJ uses Nmap to perform scans.
WWW: http://www.sf.net/projects/pbnj
PR: ports/100904
Submitted by: Joshua D. Abraham <jabra(at)ccs.neu.edu>
your files, is immune to filenames containing spaces, carriage returns,
dashes, or any other special characters. You can use it in place of rm
in cron jobs, together with "find ... -print0". The output of fwipe0 is
specially designed to be parsed easily by machine, so it can be embedded
in other applications which need secure file erasure.
WWW: http://jeenyus.net/~budney/linux/software/fwipe.html
PR: ports/103488
Submitted by: David Thiel <lx(at)redundancy.redundancy.org>
Simple HTTP Scanner is a creation made for web site pen testing. You can
check for directories and files on the remote web server and get some
server information like the webserver running.
WWW: http://sourceforge.net/projects/shttpscanner/
Author: Paisterist <paisterist@users.sourceforge.net>
1.1. TLS Lite supports non-traditional authentication methods such as SRP,
shared keys, and cryptoIDs in addition to X.509 certificates. TLS Lite is pure
Python, however it can access OpenSSL, cryptlib, pycrypto, and GMPY for faster
crypto operations. TLS Lite integrates with httplib, xmlrpclib, poplib,
imaplib, smtplib, SocketServer, asyncore, and Twisted.
WWW: http://trevp.net/tlslite/
PR: ports/102923
Submitted by: Alexander Botero-Lowry <alex at foxybanana.com>
It was designed to protect servers and users from known and
unknown flaws in PHP applications and the PHP core.
Suhosin comes in two independent parts, that can be used
separately or in combination. The first part is a small patch
against the PHP core, that implements a few low-level
protections against bufferoverflows or format string
vulnerabilities and the second part is a powerful PHP extension
that implements all the other protections.
Suhosin is binary compatible to normal PHP installation,
which means it is compatible to 3rd party binary extension
like ZendOptimizer.
WWW: http://www.suhosin.org/
