Iron Bars SHell is a restricted Unix shell. The user can not step out of, nor access, files outside the home directory. Two ASCII configuration files are used for more control. The system administrator can define which commands may be executed by the user. No other executables are allowed. The admin also has the opportunity to define what kind of files the user may create. If a file has a certain extension (such as .mp3, .c, etc.), ibsh automatically erases it.
564f410fffd469de4d5689545f4a392e61e77ebeb6ac0fcbbbfa119f068ca836
Network Security Policy Compiler (NetSPoC) is a tool for security management of large networks with different security domains. It generates configuration files for packet filters controlling the borders of security domains. It provides its own language for describing security policy and the topology of a network. The security policy is a set of rules that state which packets are allowed to pass the network and which are not. NetSPoC is topology aware - a rule for traffic from A to B is automatically applied to all managed packet filters on the path from A to B.
243418d60e57fa3bfa11190c0fb64b2485bddb5fd1ac19e2289b446db630a18a
chroot_safe is a alternative method for chrooting dynamically linked applications in a sane and safe manner. By using a little dynamic linking trick it delays the chrooting until after dynamic linking has completed, thereby eliminating the need to have a copy of the binary or libraries within the chroot. This greatly simplifies the process of chrooting an application, as you often do not need any files besides the data files within the chroot. In addition to chrooting the application, it also drops root privileges before allowing the application to start.
dcdd299e0275838531bbc53de3bb5ecd70f99d0af5fa328e8de761b4de4623bf
Absinthe is a gui-based tool that automates the process of downloading the schema and contents of a database that is vulnerable to Blind SQL Injection. This is the same tool that was released as SQueaL at Defcon 12 and Blackhat USA 2004. Mac OS X version.
6d0507e7664151f65415759c55cb1a8a7879b3c99a49b859952b3d324f7cd0cc
Absinthe is a gui-based tool that automates the process of downloading the schema and contents of a database that is vulnerable to Blind SQL Injection. This is the same tool that was released as SQueaL at Defcon 12 and Blackhat USA 2004. Windows version.
270cc0d92bfd0dd7c514299861b77f2a82f117d4a0048d8796d96b959753781e
Absinthe is a gui-based tool that automates the process of downloading the schema and contents of a database that is vulnerable to Blind SQL Injection. This is the same tool that was released as SQueaL at Defcon 12 and Blackhat USA 2004. Linux version.
c153337d7ec7025eca51a2bb830a3f57729095cd23935b4701b8f1953ed2c37c
Iron Bars SHell is a restricted Unix shell. The user can not step out of, nor access, files outside the home directory. Two ASCII configuration files are used for more control. The system administrator can define which commands may be executed by the user. No other executables are allowed. The admin also has the opportunity to define what kind of files the user may create. If a file has a certain extension (such as .mp3, .c, etc.), ibsh automatically erases it.
9a2cef47abd5caa27076db8a28060b9ab94e7678e57aad299fdce735b7b099ae
Iron Bars SHell is a restricted Unix shell. The user can not step out of, nor access, files outside the home directory. Two ASCII configuration files are used for more control. The system administrator can define which commands may be executed by the user. No other executables are allowed. The admin also has the opportunity to define what kind of files the user may create. If a file has a certain extension (such as .mp3, .c, etc.), ibsh automatically erases it.
3facb37e0d7191a0c82b7cedb4235847db2011855f87f8c7ecd16a4dce9b821b
Network Security Policy Compiler (NetSPoC) is a tool for security management of large networks with different security domains. It generates configuration files for packet filters controlling the borders of security domains. It provides its own language for describing security policy and the topology of a network. The security policy is a set of rules that state which packets are allowed to pass the network and which are not. NetSPoC is topology aware - a rule for traffic from A to B is automatically applied to all managed packet filters on the path from A to B.
36ad93d22dd3d6d661363e790f450553658797d5d87590ad9c511dbb2bc6024e
Network Security Policy Compiler (NetSPoC) is a tool for security management of large networks with different security domains. It generates configuration files for packet filters controlling the borders of security domains. It provides its own language for describing security policy and the topology of a network. The security policy is a set of rules that state which packets are allowed to pass the network and which are not. NetSPoC is topology aware - a rule for traffic from A to B is automatically applied to all managed packet filters on the path from A to B.
76844598b6b447c7bb9e420a50ff52ed6ecc052e1dbf3655c6be89aad39cace6
Absinthe is a gui-based tool that automates the process of downloading the schema and contents of a database that is vulnerable to Blind SQL Injection. This is the same tool that was released as SQueaL at Defcon 12 and Blackhat USA 2004.
8f146cfecd14c0ce57b34a33e8ce1df5d91feebb3e8bd19a345e66b239bc9df6
IP Sentinel is a tool that prevents unauthorized usage of IP addresses within an ethernet broadcast domain by answering ARP requests. After receiving faked replies, requesting parties store the MAC in their ARP tables and will send future packets to this invalid MAC, rendering the IP unreachable. Features chroot non-root operation.
bf6c4443f1f69359a7f1539f1829663bc7ccabb44f992221471e7e9fb72d636f
chroot_safe is a alternative method for chrooting dynamically linked applications in a sane and safe manner. By using a little dynamic linking trick it delays the chrooting until after dynamic linking has completed, thereby eliminating the need to have a copy of the binary or libraries within the chroot. This greatly simplifies the process of chrooting an application, as you often do not need any files besides the data files within the chroot. In addition to chrooting the application, it also drops root privileges before allowing the application to start.
a7edcb94d5151e85cfca6aa29e7fa53b02ba44a136a77ce6928f25e9fff09d1d
SQLAT is a suite of tools which could be useful for pen-testing a MS SQL Server. The tools do dictionary attacks, upload files, read registry and dump the SAM. They do this by wrapping extended stored procedures. There is also a tool for doing a minimal analysis of a SQL Server with output as HTML. You need to be 'sa' to run some of the tools, but this usually isn't a problem. SQLAT works over port 1433.
33ef7508838012b697f29ea87790514fe74b23e77d4da94f5351850384e86cad
Flawfinder searches through source code for potential security flaws, listing potential security flaws sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but on the values of the parameters of the function. Secure Programming HOWTO here.
c156cf959f7a9c4c10625b1c8ef1ea7336369ee5ba5b1d6bdaeddd1e59a9a630
chroot_safe is a alternative method for chrooting dynamically linked applications in a sane and safe manner. By using a little dynamic linking trick it delays the chrooting until after dynamic linking has completed, thereby eliminating the need to have a copy of the binary or libraries within the chroot. This greatly simplifies the process of chrooting an application, as you often do not need any files besides the data files within the chroot. In addition to chrooting the application, it also drops root privileges before allowing the application to start.
5de888e571c5635d7d75d7754c7bc8a68bcdac7207e4c743ecf483d9b9f9d29f
Flawfinder searches through source code for potential security flaws, listing potential security flaws sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but on the values of the parameters of the function. Secure Programming HOWTO here.
27fb48f92c40f6e25f1c853ffe53587493d87e7ee8a55a0a5870cc54e3bdc919
JailUtils is a collection of utilities for managing FreeBSD jails. They facilitate the orderly startup and shutdown of jails, list processes in jails, and do various other things.
c9d041599e62770672605ddf3c368a7c224e70f5897a27edcdf1db91ecdf06eb
netjail is a user-space mechanism for limiting the ability of a process to connect sockets in the PF_INET and PF_UNIX domain. The main motivation for this is to foil (or discover) spyware or "call home" code in suspect pieces of binary-distribution-only programs.
2062e3bd63e3da7ecd933c31add9dd03a66dafd8760d66429f68c0271fa79398
jailed implements a non-privileged jailroot. It allows an environment to be specified, does std(in/out/err) redirection, and can restart a failed child. Tested on OpenBSD and Gentoo Linux.
f1ffa44fc4b1cace7bef9c2fbacba49de070e0b0151a188fd8751869bcb32405
PAM Lockout Module is used to lock out users or groups from access to the machine. The module only supports authentication queries, and the command line arguments are used to pass the names of the locked out users and groups.
bf1c67b3f1ae9919c19c093509b6013c34d6c0826326c7b54b3e7698a6e67eab
Network Security Policy Compiler (NetSPoC) is a tool for security management of large networks with different security domains. It generates configuration files for packet filters controlling the borders of security domains. It provides its own language for describing security policy and the topology of a network. The security policy is a set of rules that state which packets are allowed to pass the network and which are not. NetSPoC is topology aware - a rule for traffic from A to B is automatically applied to all managed packet filters on the path from A to B.
54d61d636c96d5d398a4b34945bc256c442d6d1f232877f25f75a52a1bee7523
Jail Chroot Project is an attempt of write a tool that builds a chrooted environment. The main goal of Jail is to be as simple as possible, and highly portable. The most difficult step when building a chrooted environment is to set up the right libraries and files. Here, Jail comes to the rescue with a tool to automatically configures & builds all the required files, directories and libraries.
af4880f077acc054eac6ca5fdd7c692df6a5e0ac40abc1500fa7d79b3725de77
IP Sentinel is a tool that prevents unauthorized usage of IP addresses within an ethernet broadcast domain by answering ARP requests. After receiving faked replies, requesting parties store the MAC in their ARP tables and will send future packets to this invalid MAC, rendering the IP unreachable. Features chroot non-root operation.
48b53b8f19c25acf1368831f6082565e60816e1e7455da58e3eef0e6fcb9bfaa
Glibc heap protection patch for Glibc v2.3.2 - Uses the canary method to detect and block heap overflows. Note that this will not stop attacks against the GOT or PLT. An analysis of the performance and detection capabilities of this patch is available here.
3da8e273df467c4ae9bfa63a05dd6ebd62c4ac7a7647b01c8ced31d2479bda97