Open Source C Security Software for OpenBSD

Ettercap is a multipurpose sniffer/interceptor/logger for switched LAN. It supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis. Development has been moved to GitHub, https://github.com/Ettercap/ettercap

PAM module which permits authentication for arbitrary services via ssh-agent. Written with sudo in mind, but like any auth PAM module, can be used for for many purposes.

The Sleuth Kit is a C++ library and collection of open source file system forensics tools that allow you to, among other things, view allocated and deleted data from NTFS, FAT, FFS, EXT2, Ext3, HFS+, and ISO9660 images.

Hyenae is a highly flexible platform independent network packet generator. It allows you to reproduce several MITM, DoS and DDoS attack scenarios, comes with a clusterable remote daemon and an interactive attack assistant. *** Hyenae is back *** Hyenae will be continued here: https://sourceforge.net/p/hyenae-ng

The WendzelNNTPd is a IPv6-ready NNTP usenet-server with the main goal to be as easy to use as possible. It is portable (Linux/*BSD/*nix), supports AUTHINFO authentication, contains ACL as well as role based ACL and supports invisible newsgroups. It currently supports MySQL and SQLite backends.

HPN-SSH is a series of performance patches for OpenSSH. By addressing network limitations and CPU limitations significant throughput performance can be realized. Gains of close to two orders of magnitude are possible on long fat network paths. The official git repo is now available at http://github.com/rapier1/openssh-portable. The Sourceforge repository should not be seen as the canonical repository for HPN-SSH. We will update it as we can but users should look to github to generate patches We also support Ubuntu packages. Add them to your package manager with `sudo add-apt-repository ppa:rapier1/hpnssh` Fedora RPMs can be added with, `sudo dnf copr enable rapier1/hpnssh`

pam_mount is a Pluggable Authentication Module that can mount volumes for a user session (login). Supports mounting local filesystems of any kind the normal mount utility supports, with extra code to better support CIFS, FUSE, various crypto, and more.

The Neighbor Discovery Protocol Monitor (NDPMon) is used by Internet Protocol version 6 network administrators for monitoring ICMPv6 packets. NDPMon observes the local network for anomalies in the function of nodes using Neighbor Discovery Protocol (NDP) messages, especially during the Stateless Address Autoconfiguration. When an NDP message is flagged, it notifies the administrator by writing to the syslog or by sending an email report. It may also execute a user-defined script. For IPv6, NDPMon is an equivalent of Arpwatch for IPv4, and has similar basic features with added attacks detection. NDPMon also maintains up-to-date a list of neighbors on the link and watches all advertisements and changes. It permits to track the usage of cryptographically generated interface identifiers or temporary global addresses when Privacy extensions are enable (default behavior in Ubuntu and Windows for example).

Wraith is an open source IRC bot written in C++. It has been in development since late 2003. It is based on Eggdrop 1.6.12 but has since evolved into something much different at its core.

A set of tools, many written in C, to deal with BRO (www.bro.ids.org). and its working environment.

IMPORTANT -- This is an old project that is no longer supported and should not be relied upon for serious applications. If your looking for encryption software, I suggest OpenSSL or GnuPG which are better equipped.

SecurityFusion is an open source network intrusion detection and prevention system based in Hogwash, capable of performing real-time traffic analysis and packet logging on IP networks.

Gobbler: A tool to audit DHCP networks Includes DHCP rogue server detection, DHCP DoS, distributed spoofed port scanner using DHCP to obtain many source IP addresses, mulitple arp scans, filtered port detection, spoofed OS detection (nmap + port 0)

A resource-conscientious, flexible, modular, platform-independent, scalable and robust server based on ircd-ratbox.

Anoubis is a Security Suite which implements a secured environment for applications. The core of the suite is an Application Firewall alongside with a Sandbox. Mechanisms to assure the authenticity of files, directories and applications are provided.

Campagnol is a decentralized VPN over UDP tunneling. It uses UDP hole punching to open connections through NAT/firewall and OpenSSL's DTLSv1 implementation for mutual authentication and encryption.

DSVPN is a Dead Simple VPN, designed to address the most common use case for using a VPN. Runs on TCP. Works pretty much everywhere, including on public WiFi where only TCP/443 is open or reliable. Uses only modern cryptography, with formally verified implementations. Small and constant memory footprint. Doesn't perform any heap memory allocations. Small (~25 KB), with an equally small and readable code base. No external dependencies. Works out of the box. No lousy documentation to read. No configuration file. No post-configuration. Run a single-line command on the server, a similar one on the client and you're done. No firewall and routing rules to manually mess with. Doesn't leak between reconnects if the network doesn't change. Blocks IPv6 on the client to prevent IPv6 leaks. Works on Linux (kernel >= 3.17), macOS and OpenBSD, as well as DragonFly BSD, FreeBSD and NetBSD in client and point-to-point modes. Adding support for other operating systems is trivial.

KISS is a kernel-side host-oriented security tool, which may bring you file integrity checking, file and process hiding and actions handling on special internal events (using a tiny scripting language).

OpenInfreno is an open source root wars toolkit & engine designed to score attackers accessing a network of victims. This project consists of a score server and several tools, as well as documentation and implementation information.

OpenUTM is an open source Unified Threat Management software framework to be used to combine together other open source projects to build an easily managed UTM firewall appliance.

OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single TCP/UDP port. Discussion forums and project wiki can be found here: https://forums.openvpn.net/ http://community.openvpn.net/openvpn

Remote Packet Filter Control Daemon allows remote control and monitoring of OpenBSD's packet filter. It communicates with clients using RPFC protocol running on top of SSL (Secure Socket Layer).

Reveal Rootkit detects processes hidden by rootkits. It is intended to run out of cron or similar services on a regular base and avoids verbose output as long as nothing was found. It's fast and shouldn't produce false positives. Reveal RootKit is tested mainly on Linux but should work on other POSIX systems with a /proc filesystem, too.

SMPPS Project already in its Beta version to 0.9.9 almost in the final version be in the documentation and material help that missing as well as the necessary translations of such material. However, with great joy that I come to the dicer SMPPS this now rather towards what the expectations of the project believed that he would be able: Capture and log packages generate the following protocols without using libpcap, but just using BSD Sockets. protocols: IP TCP UDP ICMP IGMP Inside the ethernet network

Sonate is a java GUI for OpenBSD pf packet filtering. Optional code can be compiled to OpenBSD host to transfer generated configuration using SSL