---
CryptKit is a developer's toolkit implementing several of the most
modern and efficient cryptographic algorithms. The kit is primarily
written in ANSI C for speed and subsequently wrapped with SWIG for
ease of use in python.
CryptKit is small and fast, mainly because it implements excellent
algorithms: Rijndael (AES), SHA 256 bits, Elliptic Curve PKI,
Diffie-Hellman key exchange and Nyberg-Ruppel signature/verification.
These modules are combined to provide a faster, lighter and easier
to use secure socket alternative to SSL. CryptKit is not compatible
with SSL. Whereas SSL aims to support a wide variety of algorithms
that essentially perform the same task ( like DES/RC4/RC2 or MD5/SHA
), CryptKit takes the minimalist approach of implementing only one
version of each crypto primitve. Great care went into selecting the
best of what was available.
WWW: http://eevolved.com/cryptkit/
Perl module to calculate SHA1 digests
---
The Digest::SHA1 module allows you to use the NIST SHA-1 message
digest algorithm from within Perl programs. The algorithm takes
as input a message of arbitrary length and produces as output a
160-bit "fingerprint" or "message digest" of the input.
Submit and Maintain : Marc Matteo <marcm@lectroid.net>
* Format string bug fixed in protocol.c
smtp, pop3 and nntp in client mode were affected.
(stunnel clients could be attacked by malicious servers)
* Certificate chain can be supplied with -p option or in stunnel.pem.
* Problem with -r and -l options used together fixed.
* memmove() instead of memcpy() is used to move data in buffers.
* More detailed information about negotiated ciphers is printed.
* New ./configure options: "--enable-no-rsa" and "--enable-dh".
- Support for ACE (WinACE) Archiver
- Support for additional packers
- Support for newer versions of packers
- Support for BZIP compression format
- Support for additional LHA compression formats, LH6 and LH7
- Support for zcompress compression format
- Support for PDF 5.0 files
- Improved scanning for MIME formats
- Support for Unicode and Unicode big-endian saved scripts
- Support for Compiled Help files
- Support for Microsoft Exchange internal data-transfer format
- Support for Internet Message Connector (IMC) Archive format.
- Support for uncompressed VBA in Visio files
- Improved heuristic analysis for 32-bit Windows applications
- Support for compressed RTF and HTML in Microsoft Outlook messages
- Support for Script Component Type Libraries
- Improved performance when scanning Windows 32 applications
- Define NO_REGRESS
- replace all LOG_DEBUG to LOG_INFO
- use snprintf() instead of sprintf() in debuglog.c
- stop if /tmp/pcsc already exists
- clean and remove /tmp/pcsc on exit
Patches by Dr. Ludovic Rousseau <ludovic.rousseau@free.fr> and
already submitted to upstream project. Thanks.
---
PC/SC Architecture for most Unix type operating systems. Allows
easy porting of Windows smartcard software to other operating
systems. Supports many types of serial, PCMCIA, and USB smartcard
readers and cryptographic tokens.
WWW: http://www.linuxnet.com/
Tested by Dr. Ludovic Rousseau and me.
--
Logcheck is a scheduled auditing tool that scans system log files
for security violations and unusual activity. Reports of suspicious
log entries are mailed to a specified user (usually root).
WWW: http://www.psionic.com/abacus/logcheck
MAINTAINER= Srebrenko Sehic <haver@insecure.dk>
ccrypt is a utility for encrypting and decrypting files and streams.
It was designed to replace the standard unix crypt utility, which is
notorious for using a very weak encryption algorithm. ccrypt is based
on the Rijndael cipher, which is the U.S. government's chosen
candidate for the Advanced Encryption Standard. This cipher is believed
to provide very strong security.
--
Zebedee is a simple program to establish an encrypted, compressed TCP or
UDP tunnel between two systems. This allows traffic such as telnet, ftp,
VNC, and X to be protected from snooping as well as potentially gaining
performance over low-bandwidth networks from compression.
WWW: http://www.winton.org.uk/zebedee/
Submitted by Jon Leonard <jleonard@iss.net>
Passive OS fingerprinting technique based on information coming
from remote host when it establishes connection to our system.
Captured packets contains enough information to determine OS - and,
unlike active scanners (nmap, queSO) - without sending anything to
this host.
---
IO::Socket::SSL is a class implementing an object oriented interface
to SSL sockets. The class is a descendent of IO::Socket::INET and
provides a subset of the base class's interface methods as well as
SSL specific methods.
either support more than one protocol to attack or support parallized
connects.
Currently this tool supports TELNET, FTP, POP3, IMAP, HTTP Basic and Cisco
authentication only, however the module engine for new services is very easy
so it won't take a long time until more services are supported.
---
Python OpenSSL Wrappers(POW) is a set of comprehensive wrappers for
Python of the OpenSSL libraries. POW will provide a 'slim' interface
which will still enable Python developers to fully utilize OpenSSL.
WWW: http://pow.sourceforge.net
the 1.0.4 release and because the problem was later fixed in 1.0.5 (and
later versions). Here is a quote from the NEWS file about this issue:
--cut--
* WARNING: The semantics of --verify have changed to address a
problem with detached signature detection. --verify now ignores signed
material given on stdin unless this is requested by using a "-" as the
name for the file with the signed material. Please check all your
detached signature handling applications and make sure that they don't
pipe the signed material to stdin without using a filename together with
"-" on the the command line.
--cut--
The patch introduce a problem in the way verifying a signature returned
a value of 2 instead of 0 (when the signature was properly verified).
The symptom showed itself in mutt for example.
This problem was found by Anders Arnholm <anders@arnholm.nu>
markus@ asked me to commit this.
---
GnuPGInterface is a Python module to interface with GnuPG. It
concentrates on interacting with GnuPG via filehandles, providing
access to control GnuPG via versatile and extensible means.
- setsockopt() optlen set according to the optval for Solaris.
- Minor NetBSD compatibility fixes by Martti Kuparinen.
- Minor MSVC6 compatibility fixes by Patrick Mayweg.
- SSL close_notify timeout reduced to 10 seconds of inactivity.
- Socket close instead of reset on close_notify timeout.
- Some source arrangement and minor bugfixes.
- Critical section added around non MT-safe TCP Wrappers code.
- Problem with "select: Interrupted system call" error fixed.
- errno replaced with get_last_socket_error() for Win32.
- Some FreeBSD/NetBSD patches to ./configure from Martti Kuparinen.
- Local mode process pid logged.
- Default FQDN (localhost) removed from stunnel.cnf
- ./configure changed to recognize POSIX threads library on OSF.
- New -O option to set socket options.
--
APG (Automated Password Generator) is the tool set for random
password generation. It features: a built-in ANSI X9.17 RNG (Random
Number Generator)(CAST/SHA1), two methods for password generation:
FIPS 181 and truly random, configurable lengths and numbers of
passwords. Two components are supported, a network daemon (apgd)
and a command line client (apg). The command line tool does not
require the network daemon.
WWW: http://www.adel.nursat.kz/apg/
MAINTAINER= Jose Nazario <jose@crimelabs.net>
ok pvalchev@
was found that there was a trojaned version of aide floating there.
However, our checksum checking would have found the difference, but
I prefer to play it safe and remove that obviously unsecure host from
the Aide's MASTER_SITES (they should use OpenBSD :)).
Thanks to Heikki Korpela <heko@iki.fi> for bringing this to me.
- MAX_CLIENTS is calculated based on FD_SETSIZE, now.
- Problems with closing SSL in transfer() fixed.
- -I option to bind a static local IP address added.
- Debug output of info_callback redesigned.
Maintainer : COUDERC Damien <couderc.damien@wanadoo.fr>
---
GnuPG Made Easy (GPGME) is a library designed to make access to
GnuPG easier for applications.
It provides a High-Level Crypto API for encryption, decryption,
signing, signature verification and key management. Currently it
uses GnuPG as it's backend but the API isn't restricted to this
engine; in fact it is planned to add other backends to it.
--
Chrootuid makes it easy to run network services at a low privilege
level and with restricted file system access. This utility employs
both chroot and su to confine users to specified areas by assigning
appropriate userids.
Chrootuid was written by Wietse Venema; this port includes Phil
Pennock's initgroups patch.
WWW: http://www.porcupine.org/
MAINTAINER= Jason Peel <jsyn@openbsd.org>
An initial port skeleton was donated by the farmer who uses BSD.
o transposition.grid-controls added (rectangular grid transposition
ciphers)
o steganalysis.word-gaps added (hidden cipher breaker)
o Various cosmetic changes
o Made source pane editable updating view pane dynamically. Got rid of
old "edit source" option.
o Moved hillclimb-cracker's progress bar onto widget display
o Description area in plugin-viewer
o Plugins share variables by not using 'static'
o New plugin->menu_string and menu items
o Added optional source pane to make the source/view idea more obvious
- Some transfer() bugfixes/improvements.
- STDIN/STDOUT are no logner assumed to be non-socket decriptors.
- Problem with --with-tcp-wrappers patch fixed.
- pop3 and nntp support bug fixed by Martin Germann.
- -o option to append log messages to a file added.
- Changed error message for SSL error 0.
- Serious bug resulting in random transfer() hangs fixed.
- Separate file descriptors are used for inetd mode.
- -f (foreground) logs are now stamped with time.
- New ./configure option: --with-tcp-wrappers by Brian Hatch.
- pop3 protocol client support (-n pop3) by Martin Germann.
- nntp protocol client support (-n nntp) by Martin Germann.
- RFC 2487 (smtp STARTTLS) client mode support.
- Transparency support for Tru64 added.
- Some #includes for AIX added.
--
hlfl (High Level Firewall Language) permits writing firewall rulesets
using its high level language, and transforms them into rules for
real software, including IPFilter, ipchains, Netfilter and Cisco IOS.
hlfl attempts to make the best use of the features of the underlying
firewall, such that a conversion from stateless to stateful requires
no modification to the original script.
hlfl was initiated by Renaud Deraison, co-founder of the Nessus
Project.
WWW: http://www.hlfl.org/
MAINTAINER= Jason Peel <jsyn@openbsd.org>
--
Encrypt/decrypt stdin using the Advanced Encryption Standard winner
"Rijndael" encryption algorithm in Cipher Block Feedback (stream)
mode. Uses /dev/urandom to create a salt. Prepends the output stream
with salt when encrypting, strips it off when decrypting.
WWW: http://aescrypt.sourceforge.net/
--
Corkscrew is a tool for tunneling SSH through HTTP proxies.
Corkscrew has been tested against the Gauntlet, CacheFlow, and
JunkBuster proxies.
WWW: http://www.agroman.net/corkscrew/
Submitted by Jason Peel <jsyn@nthought.com>
that can be played with ordinary sound players. The phone conversation can
either be played directly from the network or from a tcpdump output file.
Vomit is also capable of inserting wavefiles into ongoing telephone
conversations. Vomit can be used as a network debugging tool, a speaker
phone, etc ...
vomit is written by Niels Provos and the port created by Jason Peel.
--
The Siphon Project is a portable passive network mapping suite. In
the latest public version, Siphon passively maps TCP ports and
performs passive operating system detection. Through the magic of
RFC ambiguity and programmer uniqueness, different machines exhibit
telltale characteristics that enable Siphon to make a fairly accurate
guess at what operating system is running on machines sending packets
out over the wire. The beauty of this method is that our tool does
not need to send out a slew of non-RFC compliant packets that trip
intrusion detection systems. In fact, we send out no packets at
all. Whereas nmap crashes some machines and network hardware when
performing its active OS detection tests, Siphon would never crash
remote machines. Siphon is available for UNIX and Win32.
WWW: http://www.gravitino.net/projects/siphon/
Submitted by Jason Peel <jsyn@nthought.com>
--
The Sentinel project is designed to be a portable, accurate
implementation of all publicly known promiscuous detection
techniques.
These include:
DNS Test - Etherping Test - ARP Test - ICMP Ping Latency Test
--
AIDE (Advanced Intrusion Detection Environment) is a free replacement
for Tripwire. It does the same things as the semi-free Tripwire and
more.
What does it do?
It creates a database from the regular expression rules that it
finds from the config file. Once this database is initialized it
can be used to verify the integrity of the files. It has several
message digest algorithms (md5,sha1,rmd160,tiger,haval,etc.) that
are used to check the integrity of the file. More algorithms can
be added with relative ease. All of the usual file attributes can
also be checked for inconsistencies. It can read databases from
older or newer versions. See the manual pages within the distribution
for further info. There is also a beginning of a manual.
WWW: http://www.cs.tut.fi/~rammer/aide.html
*) Fixed a format string bug which is exploitable if --batch is not used.
*) Checked all translations for format strings bugs.
*) Removed the Russian translation due to too many bugs.
*) Fixed keyserver access and expire time calculation.
ok maintainer
