Open Source Authentication Software

*NOTE* Migrated to http://github.com/cracklib/cracklib Next generation version of libCrack password checking library. As of Oct 2008 (reflected in 2.8.15 code release), licensed under LGPL.

Gobuster is a tool used to brute-force. This project is born out of the necessity to have something that didn't have a fat Java GUI (console FTW), something that did not do recursive brute force, something that allowed me to brute force folders and multiple extensions at once, something that compiled to native on multiple platforms, something that was faster than an interpreted script (such as Python), and something that didn't require a runtime. Provides several modes, like the classic directory brute-forcing mode, DNS subdomain brute-forcing mode, the mode that enumerates open S3 buckets and looks for existence and bucket listings, and the virtual host brute-forcing mode (not the same as DNS!). Since this tool is written in Go you need to install the Go language/compiler/etc. Full details of installation and set up can be found on the Go language website. Once installed you have two options. You need at least go 1.16.0 to compile gobuster.

A java LDAP client with LDIF support, security (inc SSL, SASL & GSSAPI), translated into many languages (inc. Chinese), online help, user forms and many other features. The commercial version is available at https://jxworkbench.com for $9.95. It extends JXplorer to include: - custom LDAP reporting - to pdf, word etc. - Find and Replace with regexp and attribute substitution - A secure password vault to store directory connections - etc. Support for JXplorer and JXWorkbench is available at http://jxplorer.org. Commercial support available from sales@jxworkbench.com

Windows LDAP editor, includes support for POSIX groups and accounts, SAMBA accounts, some Postfix objects and more

Fail2ban scans log files (e.g. /var/log/apache/error_log) and bans IPs that show the malicious signs -- too many password failures, seeking for exploits, etc. Generally Fail2Ban is then used to update firewall rules to reject the IP addresses for a specified amount of time, although any arbitrary other action (e.g. sending an email) could also be configured. Out of the box Fail2Ban comes with filters for various services (apache, courier, ssh, etc). Fail2Ban is able to reduce the rate of incorrect authentications attempts however it cannot eliminate the risk that weak authentication presents. Configure services to use only two factor or public/private authentication mechanisms if you really want to protect services.

EJBCA is an enterprise class PKI Certificate Authority built on JEE technology. It is a robust, high performance, platform independent, flexible, and component based CA to be used standalone or integrated in other JEE applications.

Provides rich traffic management features such as load balancing, dynamic upstream, canary release, circuit breaking, authentication, observability, and more. Based on the Nginx library and etcd. Cloud-native microservices API gateway, delivering the ultimate performance, security, open source and scalable platform for all your APIs and microservices. Apache APISIX is based on Nginx and etcd. Compared with traditional API gateways, APISIX has dynamic routing and plug-in hot loading, which is especially suitable for API management under micro-service system. You can use Apache APISIX as a traffic entrance to process all business data, including dynamic routing, dynamic upstream, dynamic certificates, A/B testing, canary release, blue-green deployment, limit rate, defense against malicious attacks, metrics, monitoring alarms, service observability, service governance, etc.

LDAP Explorer is a multi platform, graphical LDAP tool that enables you to browse, modify and manage LDAP servers.

Spring Security is a powerful and highly customizable authentication and access-control framework. It is the de-facto standard for securing Spring-based applications. Spring Security is a framework that focuses on providing both authentication and authorization to Java applications. Like all Spring projects, the real power of Spring Security is found in how easily it can be extended to meet custom requirements. Spring Security uses a Gradle-based build system. In the instructions, ./gradlew is invoked from the root of the source tree and serves as a cross-platform, self-contained bootstrap mechanism for the build. Be sure that your JAVA_HOME environment variable points to the jdk-11 folder extracted from the JDK download.

CID (Closed In Directory) is a set of bash scripts for inserting and managing Linux computers in Active Directory domains. Modifications made to the system allow Linux to behave like a Windows computer within AD.

Atricore’s JOSSO is an open source and commercially supported Internet Single Sign-On (FSSO) solution for point-and-click and standards-based (SAML2) Internet-scale SSO implementations. For more information contact us at : http://www.josso.org

Zentyal Server is an easy to use and affordable Linux server, specially designed to meet the needs of small and medium businesses Thanks to Zentyal's Samba integration, Zentyal provides native compatibility with Microsoft Active Directory, allowing you to join Microsoft clients to a domain and manage them easily. Zentyal Server incorporates all the network services required in a small and medium business environment: * Directory & Domain Server with native compatibility with Microsoft Active Directory * Mail Server with ActiveSync and webmail * Gateway with firewall and proxy * Infrastructure Server with DNS/DHCP server, Certification Authority and Virtual Private Networks For more information and download, please access the project's home page.

A lib for generating Style Sheets with JavaScript. JSS is an authoring tool for CSS which allows you to use JavaScript to describe styles in a declarative, conflict-free and reusable way. It can compile in the browser, server-side or at build time in Node. JSS is framework agnostic. It consists of multiple packages, the core, plugins, framework integrations and others. If you’re interested in playing around with JSS, you can use an online code playground. Try a Hello World example on CodeSandbox. JSS generates actual CSS, not Inline Styles. It supports every existing CSS feature. CSS rules are created once and reused across the elements using its class name in contrary to Inline Styles. Also, when DOM elements get updated, previously created CSS rules are applied. JSS generates unique class names by default. It allows avoiding the typical CSS problem, where everything is global by default. It completely removes the need for naming conventions.

ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. The BeyondCorp Model is designed by Google and secures applications in Zero-Trust networks. An Identity & Access Proxy is typically deployed in front of (think API Gateway) web-facing applications and is capable of authenticating and optionally authorizing access requests. The Access Control Decision API can be deployed alongside an existing API Gateway or reverse proxy. Ory offers a support plan for Ory Network Hybrid, including Ory on private cloud deployments. If you have a self-hosted solution and would like help, consider a support plan! The team at Ory has years of experience in cloud computing. Ory's offering is the only official program for qualified support from the maintainers.

league/oauth2-server is a standards compliant implementation of an OAuth 2.0 authorization server written in PHP which makes working with OAuth 2.0 trivial. You can easily configure an OAuth 2.0 server to protect your API with access tokens, or allow clients to request new access tokens and refresh them. The latest version of this package supports PHP 7.2, PHP 7.3, PHP 7.4, PHP 8.0. The openssl and json extensions are also required. All HTTP messages passed to the server should be PSR-7 compliant. This ensures interoperability with other packages and frameworks. The library uses PHPUnit for unit tests. We use Github Actions, Scrutinizer, and StyleCI for continuous integration. In order to prevent man-in-the-middle attacks, the authorization server MUST require the use of TLS with server authentication as defined by RFC2818 for any request sent to the authorization and token endpoints. The client MUST validate the authorization server’s TLS certificate as defined by RFC6125.

The uuid package generates and inspects UUIDs based on RFC 4122 and DCE 1.1: Authentication and Security Services. This package is based on the github/pborman/uuid package. It differs from these earlier packages in that a UUID is a 16 byte array rather than a byte slice. One loss due to this change is the ability to represent an invalid UUID (vs a NIL UUID). Full go doc style documentation for the package can be viewed online without installing this package by using the GoDoc site.

A class for PHP to talk to Active Directory through LDAP.

Opens up IIS Proxy Servers using NTLM to non-Microsoft browsers, etc

phpLDAPadmin is a web-based LDAP administration tool for managing your LDAP server. With it you can browse your LDAP tree, view LDAP schema, perform searches, create, delete, copy and edit LDAP entries. You can even copy entries between servers.

AutoIndex is a PHP script that makes a table that lists the files in a directory, and lets users access the files and subdirectories. It includes searching, icons for each file type, an admin panel, uploads, access logging, file descriptions, and more.

Web application for browsing and searching contact details within an LDAP directory. Supports Microsoft/Samba Active Directory, OpenLDAP and Novell eDirectory.

LDAP Account Manager (LAM) is a webfrontend for managing accounts stored in an LDAP directory. You can use templates for account creation and use multiple configuration profiles. Account information can be exported as PDF file.

An open source implementation of the FIDO2 protocol to support passwordless strong authentication using public-key cryptography. Supports registration, authentication (all platforms), and transaction authorization (for native Android apps).

This small perl program allows you to easily export LDAP entries from an LDAP server (MS ActiveDirectory for example) to csv format. It can export various csv formats and can deal with mutlivalued attributes.

Configure Unix users and groups in a MySQL database. It is system-wide like NIS or LDAP! It features open-ended database design and persistent connections. Works with NSS-compatible systems (Linux, Solaris, FreeBSD).