List of applications (Português)/Security (Português)
Segurança
Para guias detalhados, veja a página principal da ArchWiki, Segurança.
Segurança da rede
See also Wikipedia:Comparison of packet analyzers.
- airgeddon — Multi-use bash script to audit wireless networks
- Arpwatch — Tool that monitors ethernet activity and keeps a database of Ethernet/IP address pairings.
- bettercap — Swiss army knife for network attacks and monitoring.
- darkstat — Captures network traffic, calculates statistics about usage, and serves reports over HTTP.
- dsniff — Collection of tools for network auditing and penetration testing.
- EtherApe — Graphical network monitor for Unix modeled after etherman. Featuring link layer, IP and TCP modes, it displays network activity graphically. Hosts and links change in size with traffic. Color coded protocols display.
- Ettercap — Multipurpose Network sniffer/analyser/interceptor/logger.
- https://ettercap.github.io/ettercap/ || CLI: ettercap, GUI: ettercap-gtk
- GNOME Network Tools — GNOME interface for various networking tools.
- Honeyd — Tool that allows the user to set up and run multiple virtual hosts on a computer network.
- http://www.honeyd.org/ || honeydAUR
- hping — Command-line oriented TCP/IP packet assembler/analyzer.
- IPTraf — Console-based network monitoring utility.
- jnettop — top-like console network traffic visualizer.
- justniffer — Network protocol analyzer that captures network traffic and produces logs in a customized way, can emulate Apache web server log files, track response times and extract all "intercepted" files from the HTTP traffic.
- Kismet — 802.11 layer2 wireless network detector, sniffer, and intrusion detection system.
- LinSSID — Graphical wireless scanner.
- Nemesis — Command-line network packet crafting and injection utility.
- Net Activity Viewer — Graphical network connections viewer, similar in functionality with Netstat.
- netsniff-ng — High performance Linux network sniffer for packet inspection.
- ngrep — grep-like utility that allows you to search for network packets on an interface.
- Nmap — Security scanner used to discover hosts and services on a computer network, thus creating a "map" of the network.
- https://nmap.org/ || CLI: nmap, GUI: zenmapAUR
- Ntop — Network probe that shows network usage in a way similar to what top does for processes.
- https://www.ntop.org/ || ntopAUR
- pyNeighborhood — GTK-based SMB/CIFS browsing utility.
- Smb4K — Advanced network neighborhood browser and Samba share mounting utility for KDE.
- Snort — Network intrusion prevention and detection system.
- https://www.snort.org/ || snortAUR
- Spectools — A set of utilities for spectrum analyzer hardware including Wi-Spy devices.
- https://web.archive.org/web/20181030235934/https://www.kismetwireless.net/spectools/ || spectoolsAUR
- Sshguard — Daemon that protects SSH and other services against brute-force attacts, similar to Fail2ban.
- Suricata — High performance Network IDS, IPS and Network Security Monitoring engine.
- Tcpdump — Common console-based packet analyzer that allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network.
- tcptrace — TCP dump file analysis tool.
- http://tcptrace.org/ || tcptrace[link quebrado: package not found]
- vnStat — Console-based network traffic monitor that keeps a log of network traffic for the selected interfaces.
- wifiphisher — Fast automated phishing attacks against WPA networks.
- https://github.com/wifiphisher/wifiphisher || wifiphisherAUR[link quebrado: package not found]
- Wireshark — Network protocol analyzer that lets you capture and interactively browse the traffic running on a computer network.
- https://www.wireshark.org/ || CLI: wireshark-cli, GUI: wireshark-qt
- Xplico — Network forensics analysis tool (NFAT), which is a software that reconstructs the contents of acquisitions performed with a packet sniffer.
- Zeek — Powerful network analysis framework that is much different from the typical IDS you may know.
- https://zeek.org/ || zeekAUR
Gerenciamento de firewall
Veja iptables#Front-ends.
Detecção de ameaças e vulnerabilidades
- AFICK — Security tool that allows to monitor the changes on your files systems, and so can detect intrusions.
- Lynis — Security and system auditing tool to harden Unix/Linux systems.
- Metasploit Framework — An advanced open-source platform for developing, testing, and using exploit code.
- Nessus — Comprehensive vulnerability scanning program.
- OpenVAS — Framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. FOSS Nessus fork.
- https://www.openvas.org/ || openvasAUR[link quebrado: package not found]
- OSSEC — Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
- https://ossec.github.io/ || ossec-agentAUR[link quebrado: package not found] ossec-localAUR ossec-serverAUR
- Samhain — Host-based intrusion detection system (HIDS) provides file integrity checking and log file monitoring/analysis, as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes.
- https://www.la-samhna.de/samhain/index.html || samhainAUR[link quebrado: package not found]
- Tiger — Security tool that can be use both as a security audit and intrusion detection system.
- Tripwire — Intrusion detection system.
Segurança de arquivos
- AIDE — Verificador de integridade de arquivos e diretórios.
- https://aide.github.io || aideAUR
- Logcheck — Utilitário simples que visa possibilitar ao administrador do sistema visualização de arquivos de log que são produzidos nas máquinas em seu controle.
- https://web.archive.org/web/20180314152834/http://logcheck.alioth.debian.org/ || not packaged? search in AUR
- Logwatch — Sistema customizável de análise de log.
- OpenDLP — OpenDLP é uma ferramenta de prevenção de perda de dados gratuita e de código aberto, com e sem base em agente, com gereciamento centralizado e massivamente distribuível.
- https://code.google.com/archive/p/opendlp/ || not packaged? search in AUR
Anti malware
- ClamAV — Open source antivirus engine for detecting trojans, viruses, malware & other malicious threats.
- ClamTk — Graphical front-end for ClamAV using Perl and Gtk libraries. It is designed to be an easy-to-use, lightweight, on-demand antivirus scanner for Linux systems.
- https://gitlab.com/dave_m/clamtk/-/wikis/home || clamtk, Nautilus plugin: clamtk-gnomeAUR, MATE plugin: clamtk-mateAUR[link quebrado: package not found], Thunar plugin: thunar-sendto-clamtkAUR
- Linux Malware Detect — Malware scanner designed around the threats faced in shared hosted environments.
- Rootkit Hunter — Checks machines for the presence of rootkits and other unwanted tools.
- Hostsblock — A script that downloads, sorts, and compiles multiple ad- and malware-blocking hosts files.
Programas de backup
See also Synchronization and backup programs#Incremental backups and Wikipedia:Comparison of backup software.
- Déjà Dup — Simple GTK backup program. It hides the complexity of doing backups the 'right way' (encrypted, off-site, and regular) and uses duplicity as the backend.
- borg — Deduplicating backup program with compression and authenticated encryption that supports backing up over ssh
- Duplicati — Backup client that securely stores encrypted, incremental, compressed backups on cloud storage services and remote file servers.
- duplicity — Simple command-line utility which allows encrypted compressed incremental backup to nearly any storage.
- Duply — Command-line front-end for duplicity which simplifies running it. It manages backup job settings in profiles and allows to batch execute commands.
- https://www.duply.net/ || duplyAUR
- restic — Fast, secure, efficient backup program that supports backing up to many cloud services.
- Tarsnap — Secure, efficient proprietary online backup service.
Bloqueadores de tela
See also Session lock.
Atenção: Only sflock, physlock, Cinnamon Screensaver, MATE Screensaver and GNOME Screensaver are able to block tty access. See Xorg#Block TTY access on how to manually block tty access.
- betterlockscreen — i3lock-color wrapper. Betterlockscreen allows you to cache images with different filters and lockscreen with blazing speed.
- Cinnamon Screensaver — Screen locker for the Cinnamon desktop.
- Deepin Screensaver — A lightweight Qt5 based screensaver.
- GNOME Screensaver — Screen locker for the GNOME Flashback desktop.
- i3lock — A simple screen locker. Provides user feedback and uses PAM authentication. The background can be set to an image or solid color.
- i3lock-blur — Fork of i3lock which can use your desktop with the blur effect applied as a background.
- i3lock-color — Fork of i3lock with color and positioning configuration support and can use your desktop with the blur effect applied as a background.
- Light-locker — A simple locker (forked from gnome-screensaver) that aims to have simple, sane, secure defaults and be well integrated with the desktop while not carrying any desktop-specific dependencies. It relies on LightDM for locking and unlocking your session via ConsoleKit/UPower or logind/systemd.
- MATE Screensaver — Screensaver and locker for MATE Desktop Environment.
- physlock — Screen and console locker.
- sflock — Simple screen locker utility for X, based on slock. Provides a very basic user feedback.
- slock — Very simple and lightweight X screen locker. Offers only a black background when locked, there are no animations or text fields.
-
sxlock — Fork of sflock with a few enhancements. Provides basic user feedback, uses PAM authentication, supports DPMS and RandR. Supports
sxlock.service
to lock the screen on suspend/hibernation. See the README for more information.
- tsscreenlock — Screen locker used in theShell. Shows music controls, and if used with theShell, also shows desktop notifications.
- vlock — TTY locker. A mirror of the original vlock is available at github.
- xfce4-screensaver — A screen saver and locker that aims to have simple, sane, secure defaults and be well integrated with the xfce desktop.
- xlockmore — Simple X11 screen lock with PAM support.
- XScreenSaver — Screen saver and locker for the X Window System.
- XSecureLock — X11 screen lock utility designed with the primary goal of security.
- xtrlock — Very lightweight X display locker. Keeps windows visible and displays lock icon instead of mouse cursor. Typing password followed by enter unlocks the screen.
Auditoria de senha
- John — John the Ripper password cracker.
- Hashcat — Multithreaded advanced password recovery utility.
Gerenciadores de senha
See also KeePass.
Console
- gopass — Advanced console based password manager, supporting GnuPG and other backends.
- KeePassC — Curses-based password manager compatible to KeePass v.1.x.
- LastPass — Hosted password manager.
- pass — Simple console-based password manager featuring flat text file organization and GnuPG encryption.
- pwsafe — Unix command-line program that manages encrypted password databases.
- spm — Simple Password Manager written entirely in POSIX shell using PGP. Fast, lightweight and easily scriptable.
- tpm — tiny password manager, inspired by pass, written entirely in POSIX shell.
- Ylva — Command-line password manager, written in C, uses OpenSSL.
Gráfico
- Bitwarden — Open source password manager with desktop, mobile, browser, and CLI versions. Cloud or self-hosted.
- https://bitwarden.com/ || bitwarden-binAUR[link quebrado: package not found], bitwarden-cli
- Encryptr — Zero-knowledge, cloud-based password manager.
- Enpass — A multiplatform password manager
- Figaro's Password Manager 2 — GTK2 port of Figaro's Password Manager with some new enhancements.
- GNOME Password Safe — Password manager for GNOME which makes use of the KeePass v.4 format.
- Ked Password Manager — A password manager that helps to manage large numbers of passwords.
- KeePass Password Safe — Mono-based password manager, which helps you to manage your passwords in a secure way.
- KeePassX — Qt-based password manager. Compatible with KeePass v.1.x and KeePass v.2.x.
- https://www.keepassx.org/ || version 1: keepassxAUR, version 2: keepassx2AUR
- KeePassXC — Community fork of KeePassX with more active development. Compatible with KeePass v.1.x (import only) and KeePass v.2.x.
- KDE Wallet Manager — Tool to manage the passwords on your system. By using the KDE wallet subsystem it not only allows you to keep your own secrets but also to access and manage the passwords of every application that integrates with the wallet.
- kwalletmanager5 || kwalletmanager
- OTPClient — Highly secure and easy to use GTK software for two-factor authentication that supports both Time-based One-time Passwords (TOTP) and HMAC-Based One-Time Passwords (HOTP).
- Passbook — Modern password manager for GNOME.
- Password Gorilla — A cross-platform password manager.
- Password Safe — Simple and secure password manager.
- QPass — Easy to use password manager with built-in password generator.
- QtPass — GUI for pass, the standard unix password manager.
- Revelation — Password manager for the GNOME desktop.
- Seahorse — GNOME application for managing encryption keys and passwords in the GNOME Keyring.
- Universal Password Manager — Allows you to store usernames, passwords, URLs and generic notes in an encrypted database protected by one master password.
- http://upm.sourceforge.net/ || upmAUR[link quebrado: package not found]
Criptografia
Verificadores de hash
-
cfv — Pequeno utilitário para testar e criar arquivos de soma de verificação, suporta arquivos
.sfv
,.csv
,.crc
,.md5
,md5sum
,sha1sum
,.torrent
,par
e.par2
.
- GtkHash — Um utilitário GTK para computar message digests ou somas de verificação.
- hashdeep — Ferramentas multiplataformas que computam hashes, ou message digests, para qualquer número de arquivos.
- Parano — Uma interface gráfica do GNOME para criar/editar/verificar arquivos MD5 e SFV.
- https://sourceforge.net/projects/parano.berlios/ || paranoAUR[link quebrado: package not found]
- Quick Hash GUI — Uma GUI para habilitar seleção rápida e subsequente de hash em arquivos (individualmente ou recursivamente atravês de uma estrutura de diretório), texto e discos (no Linux).
- RHash — Utilitário para verificação de somas de hash (SFV, CRC, etc). Suporta vários algoritmos.
- MassHash — Um conjunto de ferramentas que fazem hash em arquivos (ambos CLI e GUI GTK) escrito em Python. Algoritmos suportados incluem MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512.
- Parchive — Utilitário que cria e usa arquivos PAR2 para detectar danos em arquivos de dados e os repara se necessário.
Criptografia, assinatura, esteganografia
- ccrypt — Um utilitário da linha de comando para criptografar e descriptografar arquivos e fluxo de dados baseados em Rijndael.
- Enigmail — Uma extensão de segurança para Mozilla Thunderbird e Seamonkey. Possibilita que você escreva e receba mensagens de email assinadas e/ou criptografadas com o padrão OpenPGP.
- https://enigmail.net || thunderbird-extension-enigmail[link quebrado: package not found]
- GNOME Keysign — Aplicação GTK/GNOME que usa GnuPG para assinar as chaves de outras pessoas. De forma rápida, fácil e segura.
- GnuPG — O projeto completo e de implementação livre do GNU do padrão OpenPGP como definido pelo RFC4880. Grátis e de código aberto substituto do PGP, majoritariamente usado para assinatura digital de pacotes.
- GPG-Crypter — Interface gráfica para o GnuPG(GPG) que usa GTK3 e a biblioteca GPGME.
- gzsteg — Utilitário que pode esconder dados em arquivos compactados do gzip.
- https://www.nic.funet.fi/pub/crypt/steganography/ || not packaged? search in AUR
- Keybase — Diretório de chaves que associa identidades de mídia social, com suporte a conversas criptografadas, armazenamento na nuvem e repositórios git em múltiplas plataformas.
- KGpg — Interface simples para GnuPG e KDE.
- Kleopatra — Gerenciador de certificados e GUI para criptografia do KDE. Suporta gerenciamento de certificados X.509 e OpenPGP na caixa de chaves GpgSM e baixa certificados de servidores LDAP.
- minisign — Programa simples que somente implementa assinatura de chave.
- Seahorse — Aplicação do GNOME para gerenciar chaves e senhas de criptografia no seu chaveiro.
-
scrypt — Utilitário da linha de comando que tem a função de derivação de chave
scrypt
com maior segurança em relação à memória.
- steghide — Um utilitário de esteganografia que tem a capacidade de esconder dados em vários tipos de arquivos de imagem e áudio.
Criptografia de dados em repouso
Veja Criptografia de dados em repouso.
Elevação de privilégios
- doas — Uma versão portável do doas, comando do OpenBSD, conhecido por ter um tamanho substancialmente menor do que o sudo.
- su — Comando para assumir a identidade de outro usuário no sistema.
- sudo — Comando para delegar a capacidade de executar comandos como root ou outro usuário enquanto oferece uma trilha de auditoria.