smtpscan is a remote SMTP server version detector. It can be used to
guess which mail software is used on a remote server, that may hide its
SMTP banner.
from Jim Geovedi <jim@corebsd.or.id>
minor cleanups by me
fixed 91 bits HMAC bug, fixed minor compile warnings for the
external DTD patch, fixed bug with EVP ciphers for OpenSSL 0.9.7
when last block was not processed for padding, etc.
For the moment, this disables dynamic module loading and bundles
together all the ciphers into the main library. When libtool-1.4
hits our tree, the updated ltdl support can be used to re-enable
the dynloading.
- print the times of last seen, etc in proper, human-readable format
- print the times in local timezone format, not GMT
- quick hack to make dstumbler beep when it discovers a new base
station. it works, as opposed to what was there before (using /dev/spkr)
Thanks to Nikolay Sturm for testing sound
submitted by Claudio Jeker <cjeker@diehard.n-r-g.com>
This is Crypt::Rijndael, an XS-based implementation of the newly-selected
Advanced Encryption Standard algorithm Rijndael, designed by Joan Daemen
and Vincent Rijmen.
naddy@ OK
--
integrit is an alternative to file integrity verification programs
like tripwire and aide. It helps you determine whether an intruder
has modified a computer system.
From: Margarida Sequeira <niness@devilness.org>
- new user interface (config file)
- single daemon can listen on multiple ports
- delayed DNS lookup added
- configurable timeouts
- chroot support
- private key file for a certificate can be kept in a separate file
of -current since a few days ago thanks to millert@
NOTE: If you are not tracking -current and are using the -current ports
tree this where you will run into trouble as dependencies on these ports
are removed. For -current users, make sure your system is up-to-date
from Wesley Griffin <wgriffin@jtan.com>
This module implements the Digital Signature Algorithm (DSA) using
a thin XS wrapper to the DSA functions in OpenSSL.
from Wesley Griffin <wgriffin@jtan.com>
This module is an XS perl module designed to provide basic RSA
functionality. It does this by providing a glue to the RSA functions
in the OpenSSL library.
"o Fixed a deadlock that would prevent some plugins from
completing
o Fixed a possible (although rare) corruption issue in the
reports (the script IDs could under some circumstances be random)
o Fixed a potential segfault in the execution of nasl scripts"
From maintainer reinhard@
ok lebel brad
XML Security Library is a C library based on LibXML2 and OpenSSL. The
library was created with a goal to support major XML security
standards:
* XML Signature
* XML Encryption
* Canonical XML
* Exclusive Canonical XML
Submitted by: Jim Geovedi <jim@corebsd.or.id>
a MS SQL Server. The tools are still in development but tend to
be quite stable.
The tools do dictionary attacks, upload files, read registry and
dump the SAM. They do this by wrapping extended stored procedures.
There is also a tool for doing a minimal analysis of a SQL Server
with output as HTML. You need to be 'sa' to run some of the tools,
but this usually isn't a problem.
The tool temporarily restores the xp_cmdshell if it is removed and
the dll is still left on the system.
SQLAT works over port 1433, it doesn't do named pipes. It doesn't
do integrated security either. This is because it is based on the
FreeTDS driver from www.freetds.org.
WWW: http://www.cqure.net/
- move idea patches to patches directory.
- remove unneeded patch-cipher_Makefile_am.
- remove deprecated NEED_VERSION.
you need an updated gas for this to work on i386.
discussed with reinhard@.
A nilsimsa code is something like a hash, but unlike hashes, a small
change in the message results in a small change in the nilsimsa code.
The Digest::Nilsimsa module allows you to compute nilsimsa codes from within
Perl programs.
--
bsd-airtools provides a complete toolset for wireless 802.11b auditing.
Namely, it contains a curses-based AP detection application, dstumbler,
that is similar to netstumbler. It can be used to detect wireless
access points and connected nodes, view signal to noise graphs, and
interactively scroll through scanned APs and view statistics for each.
It also contains a BSD-based WEP cracking application, called dweputils.
Finally, this package includes several tools to allow testing and
analysis of all 14 of the prism2 chipset's debug modes.
WWW: http://www.dachb0den.com/projects/bsd-airtools.html
MAINTAINER= Jason Peel <jsyn@openbsd.org>
portions looked over by pval@ and brad@
Changes :
- applied patch to fix CTX_set_default_passwd_cb() contributed
by Timo Kujala <timo.kujala@@intellitel_.com>, --Sampo
- applied patch to add various API functions by mikem@open.com_.au
- 5.005_03 compat fix for Handle.pm from Jim Mintha <jim@@ic._uva.nl>
--
fragroute intercepts, modifies, and rewrites egress traffic destined for
a specified host, implementing most of the attacks described in the
Secure Networks "Insertion, Evasion, and Denial of Service: Eluding
Network Intrusion Detection" paper of January 1998.
It features a simple ruleset language to delay, duplicate, drop,
fragment, overlap, print, reorder, segment, source-route, or otherwise
monkey with all outbound packets destined for a target host, with
minimal support for randomized or probabilistic behaviour.
WWW: http://www.monkey.org/~dugsong/fragroute/
MAINTAINER= Jason Peel <jsyn@openbsd.org>
MASTER_SITE_BACKUP explicitly instead
- remove HOMEPAGE references
- handle configuration file the right way
- do installation a better way
- rename/mod patch; add $OpenBSD$
- NO_REGRESS
- add MASTER_SITE_PACKETSTORM as backup
- license is public domain
- NO_REGRESS
- stylize
- rename patch
- sprinkle $OpenBSD$
- mod DESCR
- regen PLIST
- take over maintainership (this ok dugsong@)
---
CryptKit is a developer's toolkit implementing several of the most
modern and efficient cryptographic algorithms. The kit is primarily
written in ANSI C for speed and subsequently wrapped with SWIG for
ease of use in python.
CryptKit is small and fast, mainly because it implements excellent
algorithms: Rijndael (AES), SHA 256 bits, Elliptic Curve PKI,
Diffie-Hellman key exchange and Nyberg-Ruppel signature/verification.
These modules are combined to provide a faster, lighter and easier
to use secure socket alternative to SSL. CryptKit is not compatible
with SSL. Whereas SSL aims to support a wide variety of algorithms
that essentially perform the same task ( like DES/RC4/RC2 or MD5/SHA
), CryptKit takes the minimalist approach of implementing only one
version of each crypto primitve. Great care went into selecting the
best of what was available.
WWW: http://eevolved.com/cryptkit/
Perl module to calculate SHA1 digests
---
The Digest::SHA1 module allows you to use the NIST SHA-1 message
digest algorithm from within Perl programs. The algorithm takes
as input a message of arbitrary length and produces as output a
160-bit "fingerprint" or "message digest" of the input.
Submit and Maintain : Marc Matteo <marcm@lectroid.net>
* Format string bug fixed in protocol.c
smtp, pop3 and nntp in client mode were affected.
(stunnel clients could be attacked by malicious servers)
* Certificate chain can be supplied with -p option or in stunnel.pem.
* Problem with -r and -l options used together fixed.
* memmove() instead of memcpy() is used to move data in buffers.
* More detailed information about negotiated ciphers is printed.
* New ./configure options: "--enable-no-rsa" and "--enable-dh".
- Support for ACE (WinACE) Archiver
- Support for additional packers
- Support for newer versions of packers
- Support for BZIP compression format
- Support for additional LHA compression formats, LH6 and LH7
- Support for zcompress compression format
- Support for PDF 5.0 files
- Improved scanning for MIME formats
- Support for Unicode and Unicode big-endian saved scripts
- Support for Compiled Help files
- Support for Microsoft Exchange internal data-transfer format
- Support for Internet Message Connector (IMC) Archive format.
- Support for uncompressed VBA in Visio files
- Improved heuristic analysis for 32-bit Windows applications
- Support for compressed RTF and HTML in Microsoft Outlook messages
- Support for Script Component Type Libraries
- Improved performance when scanning Windows 32 applications
- Define NO_REGRESS
- replace all LOG_DEBUG to LOG_INFO
- use snprintf() instead of sprintf() in debuglog.c
- stop if /tmp/pcsc already exists
- clean and remove /tmp/pcsc on exit
Patches by Dr. Ludovic Rousseau <ludovic.rousseau@free.fr> and
already submitted to upstream project. Thanks.
---
PC/SC Architecture for most Unix type operating systems. Allows
easy porting of Windows smartcard software to other operating
systems. Supports many types of serial, PCMCIA, and USB smartcard
readers and cryptographic tokens.
WWW: http://www.linuxnet.com/
Tested by Dr. Ludovic Rousseau and me.
--
Logcheck is a scheduled auditing tool that scans system log files
for security violations and unusual activity. Reports of suspicious
log entries are mailed to a specified user (usually root).
WWW: http://www.psionic.com/abacus/logcheck
MAINTAINER= Srebrenko Sehic <haver@insecure.dk>
ccrypt is a utility for encrypting and decrypting files and streams.
It was designed to replace the standard unix crypt utility, which is
notorious for using a very weak encryption algorithm. ccrypt is based
on the Rijndael cipher, which is the U.S. government's chosen
candidate for the Advanced Encryption Standard. This cipher is believed
to provide very strong security.
--
Zebedee is a simple program to establish an encrypted, compressed TCP or
UDP tunnel between two systems. This allows traffic such as telnet, ftp,
VNC, and X to be protected from snooping as well as potentially gaining
performance over low-bandwidth networks from compression.
WWW: http://www.winton.org.uk/zebedee/
Submitted by Jon Leonard <jleonard@iss.net>
Passive OS fingerprinting technique based on information coming
from remote host when it establishes connection to our system.
Captured packets contains enough information to determine OS - and,
unlike active scanners (nmap, queSO) - without sending anything to
this host.
---
IO::Socket::SSL is a class implementing an object oriented interface
to SSL sockets. The class is a descendent of IO::Socket::INET and
provides a subset of the base class's interface methods as well as
SSL specific methods.
either support more than one protocol to attack or support parallized
connects.
Currently this tool supports TELNET, FTP, POP3, IMAP, HTTP Basic and Cisco
authentication only, however the module engine for new services is very easy
so it won't take a long time until more services are supported.
---
Python OpenSSL Wrappers(POW) is a set of comprehensive wrappers for
Python of the OpenSSL libraries. POW will provide a 'slim' interface
which will still enable Python developers to fully utilize OpenSSL.
WWW: http://pow.sourceforge.net
the 1.0.4 release and because the problem was later fixed in 1.0.5 (and
later versions). Here is a quote from the NEWS file about this issue:
--cut--
* WARNING: The semantics of --verify have changed to address a
problem with detached signature detection. --verify now ignores signed
material given on stdin unless this is requested by using a "-" as the
name for the file with the signed material. Please check all your
detached signature handling applications and make sure that they don't
pipe the signed material to stdin without using a filename together with
"-" on the the command line.
--cut--
The patch introduce a problem in the way verifying a signature returned
a value of 2 instead of 0 (when the signature was properly verified).
The symptom showed itself in mutt for example.
This problem was found by Anders Arnholm <anders@arnholm.nu>
markus@ asked me to commit this.
---
GnuPGInterface is a Python module to interface with GnuPG. It
concentrates on interacting with GnuPG via filehandles, providing
access to control GnuPG via versatile and extensible means.
- setsockopt() optlen set according to the optval for Solaris.
- Minor NetBSD compatibility fixes by Martti Kuparinen.
- Minor MSVC6 compatibility fixes by Patrick Mayweg.
- SSL close_notify timeout reduced to 10 seconds of inactivity.
- Socket close instead of reset on close_notify timeout.
- Some source arrangement and minor bugfixes.
- Critical section added around non MT-safe TCP Wrappers code.
- Problem with "select: Interrupted system call" error fixed.
- errno replaced with get_last_socket_error() for Win32.
- Some FreeBSD/NetBSD patches to ./configure from Martti Kuparinen.
- Local mode process pid logged.
- Default FQDN (localhost) removed from stunnel.cnf
- ./configure changed to recognize POSIX threads library on OSF.
- New -O option to set socket options.
--
APG (Automated Password Generator) is the tool set for random
password generation. It features: a built-in ANSI X9.17 RNG (Random
Number Generator)(CAST/SHA1), two methods for password generation:
FIPS 181 and truly random, configurable lengths and numbers of
passwords. Two components are supported, a network daemon (apgd)
and a command line client (apg). The command line tool does not
require the network daemon.
WWW: http://www.adel.nursat.kz/apg/
MAINTAINER= Jose Nazario <jose@crimelabs.net>
ok pvalchev@
was found that there was a trojaned version of aide floating there.
However, our checksum checking would have found the difference, but
I prefer to play it safe and remove that obviously unsecure host from
the Aide's MASTER_SITES (they should use OpenBSD :)).
Thanks to Heikki Korpela <heko@iki.fi> for bringing this to me.
- MAX_CLIENTS is calculated based on FD_SETSIZE, now.
- Problems with closing SSL in transfer() fixed.
- -I option to bind a static local IP address added.
- Debug output of info_callback redesigned.
Maintainer : COUDERC Damien <couderc.damien@wanadoo.fr>
---
GnuPG Made Easy (GPGME) is a library designed to make access to
GnuPG easier for applications.
It provides a High-Level Crypto API for encryption, decryption,
signing, signature verification and key management. Currently it
uses GnuPG as it's backend but the API isn't restricted to this
engine; in fact it is planned to add other backends to it.
--
Chrootuid makes it easy to run network services at a low privilege
level and with restricted file system access. This utility employs
both chroot and su to confine users to specified areas by assigning
appropriate userids.
Chrootuid was written by Wietse Venema; this port includes Phil
Pennock's initgroups patch.
WWW: http://www.porcupine.org/
MAINTAINER= Jason Peel <jsyn@openbsd.org>
An initial port skeleton was donated by the farmer who uses BSD.
o transposition.grid-controls added (rectangular grid transposition
ciphers)
o steganalysis.word-gaps added (hidden cipher breaker)
o Various cosmetic changes
o Made source pane editable updating view pane dynamically. Got rid of
old "edit source" option.
o Moved hillclimb-cracker's progress bar onto widget display
o Description area in plugin-viewer
o Plugins share variables by not using 'static'
o New plugin->menu_string and menu items
o Added optional source pane to make the source/view idea more obvious
- Some transfer() bugfixes/improvements.
- STDIN/STDOUT are no logner assumed to be non-socket decriptors.
- Problem with --with-tcp-wrappers patch fixed.
- pop3 and nntp support bug fixed by Martin Germann.
- -o option to append log messages to a file added.
- Changed error message for SSL error 0.
- Serious bug resulting in random transfer() hangs fixed.
- Separate file descriptors are used for inetd mode.
- -f (foreground) logs are now stamped with time.
- New ./configure option: --with-tcp-wrappers by Brian Hatch.
- pop3 protocol client support (-n pop3) by Martin Germann.
- nntp protocol client support (-n nntp) by Martin Germann.
- RFC 2487 (smtp STARTTLS) client mode support.
- Transparency support for Tru64 added.
- Some #includes for AIX added.
--
hlfl (High Level Firewall Language) permits writing firewall rulesets
using its high level language, and transforms them into rules for
real software, including IPFilter, ipchains, Netfilter and Cisco IOS.
hlfl attempts to make the best use of the features of the underlying
firewall, such that a conversion from stateless to stateful requires
no modification to the original script.
hlfl was initiated by Renaud Deraison, co-founder of the Nessus
Project.
WWW: http://www.hlfl.org/
MAINTAINER= Jason Peel <jsyn@openbsd.org>
--
Encrypt/decrypt stdin using the Advanced Encryption Standard winner
"Rijndael" encryption algorithm in Cipher Block Feedback (stream)
mode. Uses /dev/urandom to create a salt. Prepends the output stream
with salt when encrypting, strips it off when decrypting.
WWW: http://aescrypt.sourceforge.net/
--
Corkscrew is a tool for tunneling SSH through HTTP proxies.
Corkscrew has been tested against the Gauntlet, CacheFlow, and
JunkBuster proxies.
WWW: http://www.agroman.net/corkscrew/
Submitted by Jason Peel <jsyn@nthought.com>
that can be played with ordinary sound players. The phone conversation can
either be played directly from the network or from a tcpdump output file.
Vomit is also capable of inserting wavefiles into ongoing telephone
conversations. Vomit can be used as a network debugging tool, a speaker
phone, etc ...
vomit is written by Niels Provos and the port created by Jason Peel.
--
The Siphon Project is a portable passive network mapping suite. In
the latest public version, Siphon passively maps TCP ports and
performs passive operating system detection. Through the magic of
RFC ambiguity and programmer uniqueness, different machines exhibit
telltale characteristics that enable Siphon to make a fairly accurate
guess at what operating system is running on machines sending packets
out over the wire. The beauty of this method is that our tool does
not need to send out a slew of non-RFC compliant packets that trip
intrusion detection systems. In fact, we send out no packets at
all. Whereas nmap crashes some machines and network hardware when
performing its active OS detection tests, Siphon would never crash
remote machines. Siphon is available for UNIX and Win32.
WWW: http://www.gravitino.net/projects/siphon/
Submitted by Jason Peel <jsyn@nthought.com>
--
The Sentinel project is designed to be a portable, accurate
implementation of all publicly known promiscuous detection
techniques.
These include:
DNS Test - Etherping Test - ARP Test - ICMP Ping Latency Test
--
AIDE (Advanced Intrusion Detection Environment) is a free replacement
for Tripwire. It does the same things as the semi-free Tripwire and
more.
What does it do?
It creates a database from the regular expression rules that it
finds from the config file. Once this database is initialized it
can be used to verify the integrity of the files. It has several
message digest algorithms (md5,sha1,rmd160,tiger,haval,etc.) that
are used to check the integrity of the file. More algorithms can
be added with relative ease. All of the usual file attributes can
also be checked for inconsistencies. It can read databases from
older or newer versions. See the manual pages within the distribution
for further info. There is also a beginning of a manual.
WWW: http://www.cs.tut.fi/~rammer/aide.html
*) Fixed a format string bug which is exploitable if --batch is not used.
*) Checked all translations for format strings bugs.
*) Removed the Russian translation due to too many bugs.
*) Fixed keyserver access and expire time calculation.
ok maintainer
