Open Source Python Security Software

Web Security Dojo is a virtual machine that provides the tools, targets, and documentation to learn and practice web application security testing. A preconfigured, stand-alone training environment ideal for classroom and conferences. No Internet required to use. Ideal for those interested in getting hands-on practice for ethical hacking, penetration testing, bug bounties, and capture the flag (CTF). A single OVA file will import into VirtualBox and VMware. There is also an Ansible script for those brave souls that want transform their stock Ubuntu into a virtual dojo. Bow to your sensei! username: dojo password: dojo

An open source implementation of the FIDO2 protocol to support passwordless strong authentication using public-key cryptography. Supports registration, authentication (all platforms), and transaction authorization (for native Android apps).

The wolfSSL embedded SSL library (formerly CyaSSL) is a lightweight, portable, C-language-based SSL/TLS library targeted at IoT, embedded, and RTOS environments primarily because of its size, speed, and feature set. It works seamlessly in desktop, enterprise, and cloud environments as well. wolfSSL supports industry standards up to the current TLS 1.2 and DTLS 1.2, is up to 20 times smaller than OpenSSL, offers a simple API, an OpenSSL compatibility layer, OCSP and CRL support, is backed by the robust wolfCrypt cryptography library, and much more. wolfSSL relies on the FIPS 140-2 validated wolfCrypt library for all cryptographic functionality. Visit http://wolfssl.com/wolfSSL/fips.html for more info!

yaSSL, or yet another SSL, is an embedded ssl library for programmers building security functionality into their applications and devices. yaSSL is highly portable, and runs on standard as well as embedded platforms(QNX, ThreadX, VxWorks, Tron) yaSSL is still available but no longer being developed. Current development on the same project continues under wolfSSL. Visit yaSSL Home above for the latest stable release.

THE STP CODE HAS MOVED TO GITHUB. THE CODE HERE IS STALE. PLEASE CHECKOUT THE FOLLOWING WEBSITE: http://stp.github.io/

UNICORE is a software suite for building federated systems, providing secure and seamless access to heterogeneous resource such as compute clusters and file systems. UNICORE deals with authentication, user mapping and authorization, and provides a comprehensive set of RESTful APIs for HPC access and workflows. Contributors: visit https://github.com/UNICORE-EU

A.I. security app. Development ceased.

This is a apache v2.0 authentication module. Based on html form authentication and cookie authentication session. Cookie session are stored in memcache deamon. Can be used has an simple "Single Signe-On" (SSO). All the code source and the bug tracking has migrated to github: https://github.com/ZenProjects/Apache-Authmemcookie-Module All the documentation are here: https://zenprojects.github.io/Apache-Authmemcookie-Module/

The CILogon project facilitates secure access to Cyberinfrastructure (CI) via open source identity and access management software.

This project is intended to host developer clients for openhuman.org web services - free collaborative protection system against userbase contamination by disposable email addressing (DEA) and public accounts.

Eng: Digital Signature with x.509 certificates and smartcards for PDFand PAdES format documents in Spanish for Windows OS (8 and 10). Esp: Firma Digital de documents electrónicos PDF en formato PAdES con certificados digitales X.509 y tokens criptográficos en español.

An alternative Identification system that is a replacement for Microsoft's Passport and the Liberty Alliance. Its a simple architecture that is setup so anyone can run a server and thereby have control over their online identification.

Injection Wizard is an application for injecting traffic into WEP protected Wi-Fi networks, like aireplay-ng, but it's much more easy to use and it can work with worse conditions.

Honeypots for servers, VoIP, social networks and web applications

Konfidi is a trust framework that uses topical trust values from a social network of authenticated people. When you receive an email from someone you do not know, but he/she is in the network, Konfidi will compute an inferred trust value for you.

MINI is a secure service discovery protocol for the M2MI ad-hoc networking library and written in Java (and soon, Python).

OpenSEED is open source implementation for SEED, the 128-bit Symmetric Block Cipher which is used widely among Korean Financial & Banking Companies. OpenSEED will implement TLS over SEED, also.

OpenSQLi-NG is the next generation open source sql injection tool. It silently test and exploit (on-demand) SQL injections conditions. Please refer to the project web site to have the complete description: http://opensqling.sourceforge.net/?page_id=8

IMPORTANT : The project is now being hosted at http://code.google.com/p/ciform Plug'n Auth is an API providing easy integration of different authentication mechanisms into web applications. Within a few steps web admins will be able to change both the authentication backend and the logon frontend at any time with no further effort

RADAR is a pluggable network monitoring platform that allows for reporting and searching at the application layer. Out of the box, RADAR lets you capture SMTP, AIM, YahooIM and YMail traffic. Find out more at: http://www.optaros.com/solutions_radar.html

The Secure Remote Log Monitor (SRLM) project provides client and server utilities that collect application or system log files from multiple systems over an untrusted network onto a central server for analysis and action.

The principal target of Segovia is to generate reports for a set of Security Testing tools. This reports show the different found vulnerabilities in a graphical way. Also they explain the most common reasons and the solution of these vulnerabilities.

WSFuzzer is a fuzzing penetration testing tool used against HTTP SOAP based web services. It tests numerous aspects (input validation, XML Parser, etc) of the SOAP target. It is only to be used against targets that have granted permission to be teste

deface-no-tnx is an anti-defacement system that monitors your Web files and notifies you about unallowed changes. It also replaces the defaced page with a standard "error" page,so that no offensive/joking content can be frauodolently added to your site