Open Source Solaris Security Software

DAR is a command-line backup and archiving tool that uses selective compression (not compressing already compressed files), strong encryption, may split an archive in different files of given size and provides on-fly hashing, supports differential backup with or without binary delta, ftp and sftp protocols to remote cloud storage Archive internal's catalog, allows very quick restoration even a single file from a huge, eventually sliced, compressed, encrypted archive eventually located on a remote cloud storage, by only reading/fetching the necessary data to perform the operation. Dar saves *all* UNIX inode types, takes care of hard links, sparse files as well as Extended Attributes (MacOS X file forks, Linux ACL, SELinux tags, user attributes) and some Filesystem Specific Attributes (Linux ext2/3/4, Mac OS X HFS+) more details at: http://dar.linux.free.fr/doc/Features.html

EJBCA is an enterprise class PKI Certificate Authority built on JEE technology. It is a robust, high performance, platform independent, flexible, and component based CA to be used standalone or integrated in other JEE applications.

Ettercap is a multipurpose sniffer/interceptor/logger for switched LAN. It supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis. Development has been moved to GitHub, https://github.com/Ettercap/ettercap

syslog-ng is the log management solution that improves the performance of your SIEM solution by reducing the amount and improving the quality of data feeding your SIEM. With syslog-ng Store Box, you can find the answer. Search billions of logs in seconds using full text queries with Boolean operators to pinpoint critical logs. syslog-ng Store Box provides secure, tamper-proof storage and custom reporting to demonstrate compliance. syslog-ng can deliver data from a wide variety of sources to Hadoop, Elasticsearch, MongoDB, and Kafka as well as many others. syslog-ng flexibly routes log data from X sources to Y destinations. Instead of deploying multiple agents on hosts, organizations can unify their log data collection and management. syslog-ng Store Box provides automated archiving, tamper-proof encrypted storage, granular access controls to protect log data. The largest appliance can store up to 10TB of raw logs.

Autopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools. It can be used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover photos from your camera's memory card.

The Sleuth Kit is a C++ library and collection of open source file system forensics tools that allow you to, among other things, view allocated and deleted data from NTFS, FAT, FFS, EXT2, Ext3, HFS+, and ISO9660 images.

WipeFreeSpace is a program to securely erase/wipe/overwrite/shred the free space on file systems WITHOUT DESTROYING EXISTING FILES, to prevent recovery of deleted sensitive data. This allows protecting the user's privacy when e.g. selling the drive or the whole computer. The following filesystems are supported: - Ext2/3/4, - NTFS, - XFS, - ReiserFSv3/4, - FAT12/16/32, - MinixFS1/2, - JFS, - HFS/HFS+, - OCFS. The following wiping methods are supported: Gutmann-like, random, Schneier, DoD. Additionally, WipeFreeSpace can finalize wiping the filesystem by writing blocks of zeros, which is friendly for sparse files, virtual systems and other places where zeroed-out space is not physically allocated. See the project homepage https://wipefreespace.sourceforge.io and the project Wiki in the menu above. To prevent clear-text data from being left on the drive in the first place, you can use LibSecRm (https://libsecrm.sourceforge.io), which wipes the data on-the-fly.

PAM module which permits authentication for arbitrary services via ssh-agent. Written with sudo in mind, but like any auth PAM module, can be used for for many purposes.

tcpreplay is a suite of tools to edit and replay captured network traffic.

jpcap is a set of Java classes which provide an interface and system for network packet capture. A protocol library and tool for visualizing network traffic is included. jpcap utilizes libpcap, a widely deployed system library for packet capture.

The OVAL Interpreter is a freely available reference implementation that demonstrates the evaluation of OVAL Definitions. Based on a set of OVAL Definitions the interpreter collects system information, evaluates it, and generates a detailed OVAL Results file. Developed to demonstrate the usability of OVAL Definitions and to ensure correct syntax and adherence to the OVAL Schemas by definition writers, it is not a fully functional scanning tool nor an enterprise scanning tool. It is a simplistic, command-line application that has the ability to execute OVAL Content on an end system. To learn more about organizations that provide OVAL content and tools or otherwise support the OVAL Language, please see the OVAL Adoption Program (http://oval.mitre.org/adoption/).

Netdiscover is a network address discovering tool that was developed mainly for those wireless networks without DHCP servers, though it also works on wired networks. It sends ARP requests and sniffs for replies.

cppcrypto provides optimized implementations of cryptographic primitives. Hash functions: BLAKE, BLAKE2, Echo, Esch, Groestl, JH, Kupyna, MD5, SHA-1, SHA-2, SHA-3, SHAKE, Skein, SM3, Streebog, Whirlpool. Block ciphers: Anubis, Aria, Camellia, CAST-256, Kalyna, Kuznyechik, Mars, Serpent, Simon, SM4, Speck, Threefish, Twofish, and Rijndael (AES) with all block/key sizes. Stream ciphers: HC-128, HC-256, Salsa20, XSalsa20, ChaCha, XChaCha. Encryption modes: CBC, CTR. AEAD modes: Encrypt-then-MAC (EtM), GCM, OCB, ChaCha-Poly1305, Schwaemm. Streaming AEAD. MAC functions: HMAC, Poly1305. Key derivation functions: PBKDF2, scrypt, Argon2, HKDF. Includes sample command-line tools: - 'digest' - for calculating and verifying file checksum(s) using any of the supported hash algorithms (similar to md5sum or RHash). - 'cryptor' - for file encryption using Serpent-256 algorithm in AEAD mode. Check out the cppcrypto web site linked below for programming documentation.

Hexadecimal and raw packet injector and sniffer. Can be easily combined with other tools to provide a powerful cmdline framework for raw network access.

The goal of Operation Project X is to crack the 2048-bit RSA private encryption key Microsoft uses to sign Xbox media, by using distributed computing. This key could be used by Xbox owners to run homebrew code on their machines.

Calypso is a file sharing client using the anonymous network MUTE. Developped using C++ and Qt. For windows and linux, portable to other environments.

Libnids - NIDS E-component, based on Linux kernel. This library provides IP defragmentation, TCP reassembly and port scan detection.

Logsurfer is a program for monitoring system logs in real-time, and reporting on the occurrence of events. It is capable of grouping information together to enhance loganalysis and create automatic reports.

mac-robber is a digital forensics and incident response tool that can be used with The Sleuth Kit to create a timeline of file activity for mounted file systems.

SING stands for 'Send ICMP Nasty Garbage'. It is a tool that sends ICMP packets fully customized from command line. Its main purpose is to replace the ping command but adding certain enhancements (Fragmentation, spoofing,...)

NewPKI is a PKI based on the OpenSSL low-level API, all the datas are handled through a database, which provides a much more flexible PKI than with OpenSSL, such as seeking a certificate with a search engine.

What you need for managing your passwords, including the passwords of your online accounts, bank accounts and ... with the corresponding URLs. The passwords are encrypted by AES. Can be used on almost all operating systems including Windows & Linux.

JPAM is a Java PAM bridge. PAM, or Pluggable Authentication Modules, is a standard security architecture used Unix, Linux and Mac OS X systems. JPAM permists the use of PAM authentication services to Java applications running on those platforms.

The Nemesis Project is designed to be a command line based, portable human IP stack for UNIX-like and Windows systems. The suite is broken down by protocol, and should allow for useful scripting of injected packets from simple shell scripts.

LibSecRm (LIBrary for SECure ReMoval) is a set of replacements for these standard C functions which cause data removing from files. The data is first securely wiped on-the-fly, to protect the user's privacy, then the original functions are called. There is NO NEED to rebuild your software, because LibSecRm is a pre-loadable library, meaning you just need to RUN the software with LibSecRm loaded. LibSecRm is also a development library. The following wiping methods are supported: Gutmann-like, random, Schneier, DoD. See the project homepage https://libsecrm.sourceforge.io and the project Wiki in the menu above. To wipe data that was left on the drive by using "normal" delete operations, you can take a look at WipeFreeSpace (https://wipefreespace.sourceforge.io), which wipes the space used by files marked as deleted (and other things, too).