Paolo Perego's avatar

You are behind a proxy. You can modify other data related to your profile by this link.

Paolo Perego's avatar

Paolo Perego

pperego

Member of the group
Involved Projects and Packages

NOTE: Automatically created during Factory devel project migration by admin.

NOTE: Automatically created during Factory devel project migration by admin.

Maintainer Bugowner

This script allows to generate RPM spec or DEB dsc files from Python modules.
It allows to list Python modules or search for them on the Python Package Index
(PyPI). Conveniently, it can fetch tarballs and changelogs making it an
universal tool to package Python modules.

Rpmlint is a tool to check common errors on rpm packages. Binary and
source packages can be checked.

Maintainer

American fuzzy lop is a security-oriented fuzzer that employs a novel type of compile-time instrumentation and genetic algorithms to automatically discover clean, interesting test cases that trigger new internal states in the targeted binary. This substantially improves the functional coverage for the fuzzed code. The compact synthesized corpora produced by the tool are also useful for seeding other, more labor- or resource-intensive testing regimes down the road.

Compared to other instrumented fuzzers, afl-fuzz is designed to be practical: it has modest performance overhead, uses a variety of highly effective fuzzing strategies and effort minimization tricks, requires essentially no configuration, and seamlessly handles complex, real-world use cases - say, common image parsing or file compression libraries.

Maintainer

This project was created for package vsftpd via attribute OBS:Maintained

This project was created for package vsftpd via attribute OBS:Maintained

This project was created for package keepassx via attribute OBS:Maintained

Maintainer

Various security tools that don't need their own subproject.

Please have a look at the Subprojects, listed at the 'Subprojects' tab for more tools.

Maintainer Bugowner

Provides library functionality and command-line tools to
communicate with a FIDO device over USB, and to verify attestation and assertion signatures.

Supports the FIDO U2F (CTAP 1) and FIDO 2.0 (CTAP 2) protocols.

Maintainer Bugowner

Libu2f-host provide a C library and command-line tool that implements
the host-side of the U2F protocol. There are APIs to talk to a U2F
device and perform the U2F Register and U2F Authenticate operations.

Maintainer

This is a C library that implements the server-side of the U2F protocol. More precisely, it provides an API for generating the JSON blobs required by U2F devices to perform the U2F Registration and U2F Authentication operations, and functionality for verifying the cryptographic operations.

Maintainer Bugowner

Lynis is a security and system auditing tool. It scans a system on the most interesting parts useful for audits, like:
- Security enhancements
- Logging and auditing options
- Banner identification
- Software availability

Lynis is released as a GPL licensed project and free for everyone to use.

See http://www.rootkit.nl for a full description and documentation.

Maintainer

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.

Maintainer

The PAM U2F module provides an easy way to integrate the Yubikey (or other U2F-compliant authenticators) into your existing user authentication infrastructure. PAM is used by GNU/Linux, Solaris and Mac OS X for user authentication.

Maintainer

Control physical access to a linux computer by locking all of its virtual
terminals / consoles.

physlock is an alternative to vlock, it is equivalent to `vlock -an'. It is
written because vlock blocks some linux kernel mechanisms like hibernate and
suspend and can therefore only be used with some limitations. physlock is
designed to be more lightweight, it does not have a plugin interface and it is
not started using a shell script wrapper.

Maintainer
Maintainer

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester, and a broad range of switches including database fingerprinting, over data fetching from the database, accessing the underlying file system, and executing commands on the operating system via out-of-band connections.

Maintainer
Maintainer

Wfuzz has been created to facilitate the task in web applications assessments
and it is based on a simple concept: it replaces any reference to the FUZZ
keyword by the value of a given payload.

A payload in Wfuzz is a source of data.

This simple concept allows any input to be injected in any field of an HTTP
request, allowing to perform complex web security attacks in different web
application components such as: parameters, authentication, forms,
directories/files, headers, etc.

Wfuzz is more than a web content scanner:

* Wfuzz could help you to secure your web applications by finding and
exploiting web application vulnerabilities. Wfuzz’s web application
vulnerability scanner is supported by plugins.

* Wfuzz is a completely modular framework and makes it easy for even the newest
of Python developers to contribute. Building plugins is simple and takes
little more than a few minutes.

* Wfuzz exposes a simple language interface to the previous HTTP
requests/responses performed using Wfuzz or other tools, such as Burp. This
allows you to perform manual and semi-automatic tests with full context and
understanding of your actions, without relying on a web application scanner
underlying implementation.

It was created to facilitate the task in web applications assessments, it's a
tool by pentesters for pentesters ;)

Maintainer

WhatWeb fingerprints Web servers and Web applications. It can identify content
management systems (CMS), Web application frameworks, default pages for Web
servers, blogs, JavaScript libraries, and more.... Each time you visit a Web
site in your browser, the Web server leaks many hints about the software
delivering the Web page. WhatWeb recognizes these hints and reports what it
finds. WhatWeb has over 70 plugins. Plugins can identify systems with obvious
signs removed by looking for subtle clues. Plugins are flexible and can return
any datatype. For example, plugins can return version numbers, email addresses,
account IDs, and more

Maintainer

XSStrike is a Cross Site Scripting detection suite equipped with four hand written parsers, an intelligent payload generator, a powerful fuzzing engine and an incredibly fast crawler.

Instead of injecting payloads and checking it works like all the other tools do, XSStrike analyses the response with multiple parsers and then crafts payloads that are guaranteed to work by context analysis integrated with a fuzzing engine.

openSUSE Build Service is sponsored by