Open Source Solaris Security Software

DAR is a command-line backup and archiving tool that uses selective compression (not compressing already compressed files), strong encryption, may split an archive in different files of given size and provides on-fly hashing, supports differential backup with or without binary delta, ftp and sftp protocols to remote cloud storage Archive internal's catalog, allows very quick restoration even a single file from a huge, eventually sliced, compressed, encrypted archive eventually located on a remote cloud storage, by only reading/fetching the necessary data to perform the operation. Dar saves *all* UNIX inode types, takes care of hard links, sparse files as well as Extended Attributes (MacOS X file forks, Linux ACL, SELinux tags, user attributes) and some Filesystem Specific Attributes (Linux ext2/3/4, Mac OS X HFS+) more details at: http://dar.linux.free.fr/doc/Features.html

EJBCA is an enterprise class PKI Certificate Authority built on JEE technology. It is a robust, high performance, platform independent, flexible, and component based CA to be used standalone or integrated in other JEE applications.

Ettercap is a multipurpose sniffer/interceptor/logger for switched LAN. It supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis. Development has been moved to GitHub, https://github.com/Ettercap/ettercap

PAM module which permits authentication for arbitrary services via ssh-agent. Written with sudo in mind, but like any auth PAM module, can be used for for many purposes.

syslog-ng is the log management solution that improves the performance of your SIEM solution by reducing the amount and improving the quality of data feeding your SIEM. With syslog-ng Store Box, you can find the answer. Search billions of logs in seconds using full text queries with Boolean operators to pinpoint critical logs. syslog-ng Store Box provides secure, tamper-proof storage and custom reporting to demonstrate compliance. syslog-ng can deliver data from a wide variety of sources to Hadoop, Elasticsearch, MongoDB, and Kafka as well as many others. syslog-ng flexibly routes log data from X sources to Y destinations. Instead of deploying multiple agents on hosts, organizations can unify their log data collection and management. syslog-ng Store Box provides automated archiving, tamper-proof encrypted storage, granular access controls to protect log data. The largest appliance can store up to 10TB of raw logs.

Autopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools. It can be used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover photos from your camera's memory card.

WipeFreeSpace is a program to securely erase/wipe/overwrite/shred the free space on file systems WITHOUT DESTROYING EXISTING FILES, to prevent recovery of deleted sensitive data. This allows protecting the user's privacy when e.g. selling the drive or the whole computer. The following filesystems are supported: - Ext2/3/4, - NTFS, - XFS, - ReiserFSv3/4, - FAT12/16/32, - MinixFS1/2, - JFS, - HFS/HFS+, - OCFS. The following wiping methods are supported: Gutmann-like, random, Schneier, DoD. Additionally, WipeFreeSpace can finalize wiping the filesystem by writing blocks of zeros, which is friendly for sparse files, virtual systems and other places where zeroed-out space is not physically allocated. See the project homepage https://wipefreespace.sourceforge.io and the project Wiki in the menu above. To prevent clear-text data from being left on the drive in the first place, you can use LibSecRm (https://libsecrm.sourceforge.io), which wipes the data on-the-fly.

Logsurfer is a program for monitoring system logs in real-time, and reporting on the occurrence of events. It is capable of grouping information together to enhance loganalysis and create automatic reports.

The Sleuth Kit is a C++ library and collection of open source file system forensics tools that allow you to, among other things, view allocated and deleted data from NTFS, FAT, FFS, EXT2, Ext3, HFS+, and ISO9660 images.

tcpreplay is a suite of tools to edit and replay captured network traffic.

Netdiscover is a network address discovering tool that was developed mainly for those wireless networks without DHCP servers, though it also works on wired networks. It sends ARP requests and sniffs for replies.

jpcap is a set of Java classes which provide an interface and system for network packet capture. A protocol library and tool for visualizing network traffic is included. jpcap utilizes libpcap, a widely deployed system library for packet capture.

cppcrypto provides optimized implementations of cryptographic primitives. Hash functions: BLAKE, BLAKE2, Echo, Esch, Groestl, JH, Kupyna, MD5, SHA-1, SHA-2, SHA-3, SHAKE, Skein, SM3, Streebog, Whirlpool. Block ciphers: Anubis, Aria, Camellia, CAST-256, Kalyna, Kuznyechik, Mars, Serpent, Simon, SM4, Speck, Threefish, Twofish, and Rijndael (AES) with all block/key sizes. Stream ciphers: HC-128, HC-256, Salsa20, XSalsa20, ChaCha, XChaCha. Encryption modes: CBC, CTR. AEAD modes: Encrypt-then-MAC (EtM), GCM, OCB, ChaCha-Poly1305, Schwaemm. Streaming AEAD. MAC functions: HMAC, Poly1305. Key derivation functions: PBKDF2, scrypt, Argon2, HKDF. Includes sample command-line tools: - 'digest' - for calculating and verifying file checksum(s) using any of the supported hash algorithms (similar to md5sum or RHash). - 'cryptor' - for file encryption using Serpent-256 algorithm in AEAD mode. Check out the cppcrypto web site linked below for programming documentation.

Libnids - NIDS E-component, based on Linux kernel. This library provides IP defragmentation, TCP reassembly and port scan detection.

This script is capable of cracking multiple hashes from a CSV-file like e.g. dumps from sqlmap. Over 17.000 md5-hashes in a CSV-file get cracked with a 14.300.000 lines wordlist in less then 1 min. Lines wich cant get cracked with the wordlist get stored in a .leftToCrack-File to further process with another Wordlist or the bruteforce-tool. In addition to the wordlist-cracker I created also a bruteforce-tool named CSVHashBrutforcer.

noexec - package for preventing process(es) from executing system call execve

Calypso is a file sharing client using the anonymous network MUTE. Developped using C++ and Qt. For windows and linux, portable to other environments.

JPAM is a Java PAM bridge. PAM, or Pluggable Authentication Modules, is a standard security architecture used Unix, Linux and Mac OS X systems. JPAM permists the use of PAM authentication services to Java applications running on those platforms.

FEHASHMAC is the largest collection of publicly known hash algorithms integrated into a command-line utility. FEHASHMAC contains a set of known test vectors and results for each algorithm such that the correct implementation for each hardware platform and compiler version can directly be verified. Currently 57 hash algorithms like sha1 sha224 sha256 sha384 sha512 and variants, sha3 and shake, all SHA3 finalists and blake3, md2 md4 md5 md6, rmd128 rmd160 rmd256 rmd320, whirl gost lash160 lash256 lash384 lash512 tiger2 and RFC 2104 HMAC and KMAC support are included, plus SHA3 extensions kmac128, kmac256, kmacxof128, kmacxof256 for message.

mac-robber is a digital forensics and incident response tool that can be used with The Sleuth Kit to create a timeline of file activity for mounted file systems.

The Nemesis Project is designed to be a command line based, portable human IP stack for UNIX-like and Windows systems. The suite is broken down by protocol, and should allow for useful scripting of injected packets from simple shell scripts.

openSNMP is a multi-threaded SNMPv3 engine. This project supports the Simple Network Management Protocol version 3. In particular, it is designed to match the architecture of the Internet Engineering Task Force SNMPv3 standard (RFCs 3410-15).

The OVAL Interpreter is a freely available reference implementation that demonstrates the evaluation of OVAL Definitions. Based on a set of OVAL Definitions the interpreter collects system information, evaluates it, and generates a detailed OVAL Results file. Developed to demonstrate the usability of OVAL Definitions and to ensure correct syntax and adherence to the OVAL Schemas by definition writers, it is not a fully functional scanning tool nor an enterprise scanning tool. It is a simplistic, command-line application that has the ability to execute OVAL Content on an end system. To learn more about organizations that provide OVAL content and tools or otherwise support the OVAL Language, please see the OVAL Adoption Program (http://oval.mitre.org/adoption/).

This tool will allow obfuscation of UNIX scripts listing an interpreter as the first line. It is most useful for distributing functionality in a commercial product or a high user volume environment where you wish to hide proprietary information.

Reveal Rootkit detects processes hidden by rootkits. It is intended to run out of cron or similar services on a regular base and avoids verbose output as long as nothing was found. It's fast and shouldn't produce false positives. Reveal RootKit is tested mainly on Linux but should work on other POSIX systems with a /proc filesystem, too.