Open Source Unix Shell Security Software

Network Security Toolkit (NST) is a bootable ISO image (Live USB Flash Drive) based on Fedora 42 providing easy access to best-of-breed Open Source Network Security Applications and should run on most x86_64 systems. The main intent of developing this toolkit was to provide the security professional and network administrator with a comprehensive set of Open Source Network Security Tools. The majority of tools published in the article: Top 125 Security Tools by INSECURE.ORG are available in the toolkit. An advanced Web User Interface (WUI) is provided for system/network administration, navigation, automation, network monitoring, host geolocation, network analysis and configuration of many network and security applications found within the NST distribution. In the virtual world, NST can be used as a network security analysis, validation and monitoring tool on enterprise virtual servers hosting virtual machines.

The IPCop Firewall is a Linux firewall distribution. It is geared towards home and SOHO users. The IPCop web-interface is very user-friendly and makes usage easy.

Duply is a shell front end for the duplicity backup tool https://duplicity.us . It simplifies the usage by implementing backup job profiles, batch commands and more. Secure backup to non-trusted file spaces made easy.

Untangle is a Linux-based network gateway with pluggable modules for network applications like spam blocking, web filtering, anti-virus, anti-spyware, intrusion prevention, bandwidth control, captive portal, VPN, firewall, and more. Visit http://untangle.com

Prowler is an Open Source security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening, and forensics readiness. It contains more than 200 controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks. Prowler is a command-line tool that helps you with AWS security assessment, auditing, hardening, and incident response. It follows guidelines of the CIS Amazon Web Services Foundations Benchmark (49 checks) and has more than 100 additional checks related to GDPR, HIPAA, PCI-DSS, ISO-27001, FFIEC, SOC2, and others. +200 checks covering security best practices across all AWS regions and most AWS services. Get a direct colorful or monochrome report. Get an HTML, CSV, JUNIT, JSON, or JSON ASFF (Security Hub) format report.

This project will serve as a central hosting/bug tracking center for modifications to the SmoothWall.org firewall distribution. Support and information for the "mods" posted here can be found on the SmoothWall.org forums, the SmoothWall.org IRC server, or

Development of this project has been moved to https://github.com/jonelo/jacksum. This site has been left for historical purposes ONLY, you find older Jacksum versions here. Please visit the GitHub site for current development. Jacksum 1.7.0 is a platform independent checksum utility (written entirely in Java) for computing and verifying (integrity check) checksums, CRC and hashes (fingerprints). It supports 58 popular hash algorithms and a lot of unique features.

MySecureShell is a sftp-server developing tool which help to make a ftp server like proftpd but very securised with SSH encryption. This software is highly configurable and very easy to install and use. Project has moved to https://github.com/mysecureshell/mysecureshell !

CacheGuard-OS, amongst other functions, embeds a Web Gateway allowing you to have control over what type of Web content is allowed in your organization, by whom and when. The Web Gateway works as a transparent or explicit Web proxy and blocks malware and other unwanted contents such as ads or adult websites at gateway even in an encrypted format (HTTPS). In addition, its caching capability allows you to cache bandwidth-intensive traffic such as YouTube or Windows updates in order to save your bandwidth. CacheGuard Web Gateway is distributed as an open source OS called CacheGuard-OS that you can install on a virtual or hardware machine of your choice. Once installed on a machine, CacheGuard-OS transforms that machine into a network appliance. In addition to the Web Gateway, CacheGuard-OS includes multitude of other services such as VPN, WAF and WAN optimization. CacheGuard products are especially designed to address SME requirements by providing functional solutions.

cSploit is a mass password changer interactive shell script for cpanel usernames along with their respective login passwords it also changes their FTP, MySQL passwords also. And save changed passwords with their respective usernames in a text file. It gives you flexibility to specify custom filename to save password. (This makes filename hard to guess.) This script also allows you to select the specific type of random generated passwords.

Penetration-Testing-Toolkit is a web based project to automate Scanning a network,Exploring CMS, Generating Undectable metasploit payload, DNS-Queries, IP related informations, Information Gathering, Domain related info etc

Easy to use firewall configuration script, featuring statefull connection tracking, bandwidth limiting and bandwidth logging.

X-Itools: eXtended Internet Tools. Suite of tools composed of several collaboration modules. Old and initial project born in 1999, 1st published in 2001 on Sourceforge. X-Itools E-mail management module (log analysis) initiated in 2004 with Web 1.0 technologies (private SVN server). X-Itools development restarted since 2011, on the basis of a unique module: E-mail management module (log analysis). Now based on web 2.0 technologies (ExtJS 4.1) and devel restarted because of a particular interest given to it by a world wide Organization (United Nations). Module renamed "X-Itools ELSE", for "X-Itools E-mail Log Search Engine". Some features: Log analysis and correlation of Postfix and Exchange servers, statistics, policy manager, in-deep analysis, automated network graphs for e-mail tracing, CSV export... The Swiss knife of Messaging Admins. In 2015, X-Itools ELSE is no more limited to E-mail logs: Apache logs are also processed and related stats and dashboards will be there!

Packet2sql will convert any text file/log file which contains ipchains packet logs into a stream of SQL inserts which can be used as the base for a firewall-analyzing database application.

Script that allows the easy creation of OpenVPN endpoints in any AWS region. Creating a VPN endpoint is done with a single command that takes ~3 minutes. It will create the proper security groups. It spins up a tagged ec2 instance and configures OpenVPN software. Once the instance is configured an OpenVPN configuration file is downloaded and ready to use. There is also functionality to see which instances are running in which region and the ability to terminate the instance when done. Additional functionality includes specifying instance type, generating ssh keypairs, specifying custom AMI, changing login user, and more to come. Create on-demand OpenVPN Endpoints in AWS that can easily be destroyed after done only pay for what you use.

NOTICE: The format of this project has been changed from ISO to using ansible and has been moved to GitHub. Github link: https://github.com/Bifrozt/bifrozt-ansible

CACANMS is an acronym for Computer Aided Campus Area Network Management System. The system consists of software components and a library of about 60 classes. It is divided into three types of subsystems which reside on different servers and communicate.

EDSS stands for Easy Debian Security Script and it is a very easy to use script that installs additional software, configures the software, and scans a GNU/Linux Debian server for possible security risks.

This is an easily configurable firewall which runs under ipchains or iptables (2.2 kernel, or 2.4). Requires no knowledge of iptables/ipchains.

ExamLog is a Log analyzer, developed for syslog messages. It works on a Unix/Linux console, searching for user defined patterns. ExamLog, can divide and clasify syslog messages, and send them to a remote/local postgresql DataBase.

Frankenwall is a bash shell script intended to create a highly secure IPTables based linux firewall/router with QOS/traffic shaping/bandwidth management. Be certain you know EXACTLY what your network needs before using Frankenwall. Wimps need not apply.

GNet Server - Network compression client/server software. Compresses data over slow networks to save on the cost of bandwidth. Server is developed for Unix and Windows platforms, The client will run on Windows based PCs.

GPODCS is a Certification Authority developed in the ESA Grid Processing On Demand (gpod.eo.esa.int) project. It offers a PKI infrastructure and GSI authorization management. GPODCS is portable, reliable, easy to install, configure and personalize.

GTCop Professional Security Appliance aims to provide a powerful tool for satellite communications, with enhanced QoS and bandwidth controls. As derived from IPCop Firewall, it is a stable, secure, easy to configure and maintain GNU/Linux firewall box.

Green Screen: A Linux based Advanced Syslog Server for Juniper NetScreen Firewalls - Can be expanded later to support other products. It can capture syslog messages, parse them, store them in a MySQL database. A Web GUI interface is also included.