ReVirt is part of the CoVirt project, which investigated on the use of virtual machines to provide security in an operating-system-independent manner to enable the security system to function independently from the guest operating system. ReVirt logs enough information to replay the entire intrusive sequence instruction-by-instruction so that a detailed observation on the attack can be documented. It includes a system called BackTracker that helps system administrators understand (and thereby recover from) an intrusion, by automatically identifying potential sequences of steps that occurred in an intrusion. Starting with a single detection point (e.g., a suspicious file), BackTracker identifies files and processes that could have affected that detection point and displays chains of events in a dependency graph.
MC4J provides a rich management interface to Java Management Extensions (JMX) based servers. It displays a tree structure of the managed components and provides the ability to view, alter, and graph attributes of live state. It currently supports JBoss, WebLogic, WebSphere, and Tomcat application servers as well as those based on JSR 160, MX4J, or JMX Reference Implementation services.
NetEclipse is a suite of tools created for testing TCP/IP weaknesses and using them in a non-conventional way, such as testing security and limits of IP version 4 protocols. This project will include a sniffer, a TCP hijacker, an ARP poisoner and a TCP tunnel through ICMP/IGMP packets. Only the sniffer is currently complete.
mimic is a server that mimics Internet servers. It includes imitators for ftpd and telnetd, and can be extended with scripting to support other types of imitation. Users will believe they are connected to authentic services (such as ftpd or telnetd) but will never be able to log in. Everything that they type is logged. In addition, scripting new imitator services is simple. The program includes a one-liner example of a fully-functional echo server. The project's goal is to create a script for imitating most, if not all, popular Internet services.
Uplog is an UDP-based ping program that gives an ASCII graphical log of packet loss. Once per second, it sends a UDP packet to the echo port of the target host and waits for a reply. If it gets a reply an X is written, otherwise a dot is written to the log file. If a packet with an incorrect sequence number arrives, a colon is written to the log file. By examining the log file, one can easily see when and how the packet losses occur.
Webtester is an application which is intended to be used in the testing and validation of Web-based applications. By reading an XML configuration file, the application is able to call URLs and use regular expressions to examine the results. Features include support for SSL, cookies, and variable assignment/substitution when sending and examining data.
Bandwidth Management Tools is a total bandwidth management solution for Linux and can be used for firewalling, traffic graphing, and shaping. It is not based on any currently-available bandwidth management software and supports packet queues, bursting, complex traffic flow hierarchies, flow groups, traffic logging, and a simple real-time monitoring front-end.
ADMLogger is a log analyzing engine. Using this core, users could easily build upon it with plugins. With very little Perl programming knowledge, it may become a powerful tool in a System Administrator's toolbox. ADMLogger creates email reports that can be formatted plain text or full HTML, which is up to the plugin designers to support. The main system has an HTML preference, so if your plugin ignores it, so be it. ADMLogger will also remove all filtered entries from the main syslog file into a second file so your other entries are more noticable.