Open Source BSD Security Software - Page 6

Whisper is for keeping your private communications private. Whisper is designed to be easy to use (no PKI). Also Whispers can be written on paper if you have to. You don't need your correspondent to generate a key before you can Whisper.

jpcap is a set of Java classes which provide an interface and system for network packet capture. A protocol library and tool for visualizing network traffic is included. jpcap utilizes libpcap, a widely deployed system library for packet capture.

Free TACACS+ (tac_plus) engine (written in C++) and webui (PHP) allows network administrators to limit access to network devices. This project (tacplus/webui) use to be on www.networkforums.net. New and improved features been added since the last release on old website. ** New Release of WebUI ** Improved useability More searching capabilities in reports

ModSecurity is a web application firewall that can work either embedded or as a reverse proxy. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.

Libnids - NIDS E-component, based on Linux kernel. This library provides IP defragmentation, TCP reassembly and port scan detection.

QPass is easy to use, open source password manager application with built-in password generator. You can store in it's database such data as passwords and logins which will be encrypted using AES-256 with PBKDF2(number of iterations set by user). Each entry can include additional information about entry such as name, url adress and description.

Remote Desktop (RD) Connection Manager allows easy working with remote desktops and servers. It supports: Citrix ICA, Microsoft Windows terminal services (RDP), VMRC, VNC as well as VDI: VMWare Workstation, VMWare ESX and ESXi servers, Microsoft Hype

ZoneMinder is video and cctv surveillance and security application. It supports multiple video or IP cameras and a sophisticated motion detection system based around zones. Both live streams and historic events can be viewed via the web interface.

chroot_safe, a tool to chroot any application in a sane manner without requring binaries, shared libraries etc within the chroot or any support from the application. Works with any dynamically linked application.

petrovich is a GPLed filesystem integrity checker similar to Tripwire. It is written in Perl using standard perl modules available from www.cpan.org. It currently supports Base64 MD2, MD5, and SHA1 hashes. Petrovich has been tested on windows 2000, Ope

Add security to your desktop by automatically locking and unlocking the screen when you and your phone leave/enter the desk. Think of a proximity detector for your mobile phone via bluetooth.

User-friendly and proficient Java program to keep passwords in encrypted databases. High security standard and data safety measures. Storage of huge text documents and sets of images feasible. File format relies on "Password Safe" V3 files (Twofish-CBC). Compact cross-platform program with PORTABLE modus, ideal for USB sticks, Linux, Mac, etc. Requires Java JRE 1.8 or higher The Password Safe database library is available at project PWSLIB3. For license/usage questions visit the Wiki pages!

HPN-SSH is a series of performance patches for OpenSSH. By addressing network limitations and CPU limitations significant throughput performance can be realized. Gains of close to two orders of magnitude are possible on long fat network paths. The official git repo is now available at http://github.com/rapier1/openssh-portable. The Sourceforge repository should not be seen as the canonical repository for HPN-SSH. We will update it as we can but users should look to github to generate patches We also support Ubuntu packages. Add them to your package manager with `sudo add-apt-repository ppa:rapier1/hpnssh` Fedora RPMs can be added with, `sudo dnf copr enable rapier1/hpnssh`

The Safe C Library provides bound checking memory and string functions per ISO/IEC TR24731. These functions are alternative functions to the existing standard C library that promote safer, more secure programming. The ISO/IEC Programming languages — C spec, C11, now includes the bounded APIs in Appendix K, "Bounds-checking interfaces". This latest upload supports building static library, a shared library and a linux kernel module.

The Nemesis Project is designed to be a command line based, portable human IP stack for UNIX-like and Windows systems. The suite is broken down by protocol, and should allow for useful scripting of injected packets from simple shell scripts.

Developing Open Source AntiVirus Solutions

ANts P2P realizes a third generation P2P net. It protects your privacy while you are connected and makes you not trackable, hiding your identity (ip) and crypting everything you are sending/receiving from others.

ngrep strives to provide most of GNU grep's common features,applying them to the network layer. ngrep is a pcap-aware tool that will allow you to specify extended regular expressions to match against data payloads of packets. SUPPORT/REPORTING BUGS: please use https://github.com/jpr5/ngrep/issues Thank you!

This project is devoted to provide a simple software layer for digital signature, when an hardware cryptographic token is required. The default implementation tries to comply as strictly as possible with the italian law digital signature directives.

qingy is a replacement of getty. Written in C, it uses DirectFB to provide a fast, nice GUI without the overhead of the X Window System. It allows the user to log in and start the session of his choice (text console, gnome, kde, wmaker, ...).

The claude-code-security-review repository implements a GitHub Action that uses Claude (via the Anthropic API) to perform semantic security audits of code changes in pull requests. Rather than relying purely on pattern matching or static analysis, this action feeds diffs and surrounding context to Claude to reason about potential vulnerabilities (e.g. injection, misconfigurations, secrets exposure, etc). When a PR is opened, the action analyzes only the changed files (diff-aware scanning), generates findings (with explanations, severity, and remediation suggestions), filters false positives using custom prompt logic, and posts comments directly on the PR. It supports configuration inputs (which files/directories to skip, model timeout, whether to comment on the PR, etc). The tool is language-agnostic (it doesn’t need language-specific parsers), uses contextual understanding rather than simplistic rules, and aims to reduce noise with smarter filtering.

Coraza is an open-source, enterprise-grade, high-performance Web Application Firewall (WAF) ready to protect your beloved applications. It is written in Go, supports ModSecurity SecLang rulesets and is 100% compatible with the OWASP Core Rule Set. Coraza is a drop-in alternative to replace the soon-to-be abandoned Trustwave ModSecurity Engine and supports industry-standard SecLang rule sets. Coraza runs the OWASP Core Rule Set (CRS) to protect your web applications from a wide range of attacks, including the OWASP Top Ten, with a minimum of false alerts. CRS protects from many common attack categories including: SQL Injection (SQLi), Cross Site Scripting (XSS), PHP & Java Code Injection, HTTPoxy, Shellshock, Scripting/Scanner/Bot Detection & Metadata & Error Leakages. Coraza is a library at its core, with many integrations to deploy on-premise Web Application Firewall instances.

Flashbang is an open-source Flash-security helper tool designed to extract and display flashVars from a SWF that is “naked” (i.e. not wrapped in a bigger application) so that security testers can begin analysis (e.g. for XSS or other vectors) without decompiling the whole SWF. It is built atop Mozilla’s Shumway project. It works in modern browsers via HTML/JS, can also be run locally, and does not upload SWFs to servers (processing stays local). It is still considered alpha quality. Clone the repo using the --recursive flag, so that all necessary submodules are cloned as well. Ideally, clone it into an Apache web-root (or any other web server). Prepare the environment for Shumway to work properly.

Infosec Reference is a curated knowledge base and resource repository for information security practitioners. It aggregates cheat sheets, tooling guides, protocol deep dives, incident response playbooks, and threat actor profiles—all organized under accessible categories (network, web, host, cryptography, auditing). The repo is built as a living wiki of sorts: practitioners contribute updates, expand sections, or refine explanations as the threat landscape evolves. Because security spans many domains, Infosec Reference helps consolidate high-value, battle-tested knowledge into one place, reducing the need to scour scattered blogs or notes. It often contains links to external references, example commands, common workflows, and template policies or checklists. For newer security professionals or teams looking to build a shared reference, it serves as a catalog of contextually verified insights, a starting point for training, or a hub for standardized practices.

Merlin is a cross-platform post-exploitation Command & Control server and agent written in Go. The Merlin server is a self-contained command line program that requires no installation. You just simply download it and run it. The command-line interface only works great if it will be used by a single operator at a time. The Merlin agent can be controlled through Mythic, which features a web-based user interface that enables multiplayer support, and a slew of other features inherent to the project.