「アプリケーション一覧/セキュリティ」の版間の差分

提供: ArchWiki
ナビゲーションに移動 検索に移動
(Pkg/AUR テンプレートの更新)
1行目: 1行目:
 
<noinclude>
 
<noinclude>
 
[[Category:アプリケーション]]
 
[[Category:アプリケーション]]
  +
[[カテゴリ:セキュリティ]]
 
[[Category:ソフトウェア一覧]]
 
[[Category:ソフトウェア一覧]]
 
[[en:List of applications/Security]]
 
[[en:List of applications/Security]]
[[es:List of applications/Security]]
+
[[es:List of applications (Español)/Security]]
[[it:List of applications/Security]]
+
[[it:List of applications (Italiano)/Security]]
[[ru:List of applications/Security]]
+
[[pt:List of applications (Português)/Security]]
[[uk:List of applications/Security]]
+
[[ru:List of applications (Русский)/Security]]
[[zh-hans:List of applications/Security]]
+
[[zh-hans:List of applications (简体中文)/Security]]
[[zh-hant:List of applications/Security]]
+
[[zh-hant:List of applications (正體中文)/Security]]
 
{{List of Applications navigation}}
 
{{List of Applications navigation}}
 
</noinclude>
 
</noinclude>
  +
== Security ==
  +
  +
For detailed guides, see the main ArchWiki page, [[Security]].
  +
  +
<!--
 
== セキュリティ ==
 
== セキュリティ ==
   
22行目: 28行目:
   
 
[[セキュリティ#アプリケーションのサンドボックス化]]の記事を参照してください。
 
[[セキュリティ#アプリケーションのサンドボックス化]]の記事を参照してください。
  +
-->
  +
  +
=== Network security ===
  +
  +
See also [[Wikipedia:Comparison of packet analyzers]].
  +
  +
* {{App|airgeddon|Multi-use bash script to audit wireless networks|https://github.com/v1s1t0r1sh3r3/airgeddon|{{AUR|airgeddon-git}}}}
  +
* {{App|[[Wikipedia:Arpwatch|Arpwatch]]|Tool that monitors ethernet activity and keeps a database of Ethernet/IP address pairings.|https://ee.lbl.gov/|{{Pkg|arpwatch}}}}
  +
* {{App|bettercap|Swiss army knife for network attacks and monitoring.|https://www.bettercap.org/|{{Pkg|bettercap}}}}
  +
* {{App|darkstat|Captures network traffic, calculates statistics about usage, and serves reports over HTTP.|https://unix4lyfe.org/darkstat/|{{Pkg|darkstat}}}}
  +
* {{App|[[Wikipedia:dSniff|dsniff]]|Collection of tools for network auditing and penetration testing.|https://www.monkey.org/~dugsong/dsniff/|{{Pkg|dsniff}}}}
  +
* {{App|[[Wikipedia:EtherApe|EtherApe]]|Graphical network monitor for Unix modeled after etherman. Featuring link layer, IP and TCP modes, it displays network activity graphically. Hosts and links change in size with traffic. Color coded protocols display.|https://etherape.sourceforge.io/|{{Pkg|etherape}}}}
  +
* {{App|[[Wikipedia:Ettercap (software)|Ettercap]]|Multipurpose Network sniffer/analyser/interceptor/logger.|https://ettercap.github.io/ettercap/|CLI: {{Pkg|ettercap}}, GUI: {{Pkg|ettercap-gtk}}}}
  +
* {{App|GNOME Network Tools|GNOME interface for various networking tools.|https://gitlab.gnome.org/GNOME/gnome-nettool|{{Pkg|gnome-nettool}}}}
  +
* {{App|[[Honeyd]]|Tool that allows the user to set up and run multiple virtual hosts on a computer network.|http://www.honeyd.org/|{{AUR|honeyd}}}}
  +
* {{App|hping|Command-line oriented TCP/IP packet assembler/analyzer.|http://hping.org/|{{Pkg|hping}}}}
  +
* {{App|IPTraf|Console-based network monitoring utility.|https://sourceforge.net/projects/iptraf-ng/|{{Pkg|iptraf-ng}}}}
  +
* {{App|jnettop|top-like console network traffic visualizer.|https://sourceforge.net/projects/jnettop/|{{Pkg|jnettop}}}}
  +
* {{App|[[Wikipedia:justniffer|justniffer]]|Network protocol analyzer that captures network traffic and produces logs in a customized way, can emulate Apache web server log files, track response times and extract all "intercepted" files from the HTTP traffic.|http://justniffer.sourceforge.net/|{{AUR|justniffer}}}}
  +
* {{App|Kismet|802.11 layer2 wireless network detector, sniffer, and intrusion detection system.|https://www.kismetwireless.net/|{{Pkg|kismet}}}}
  +
* {{App|LinSSID|Graphical wireless scanner.|https://sourceforge.net/projects/linssid/|{{Pkg|linssid}}}}
  +
* {{App|Nemesis|Command-line network packet crafting and injection utility.|http://nemesis.sourceforge.net/|{{AUR|nemesis}}}}
  +
* {{App|Net Activity Viewer|Graphical network connections viewer, similar in functionality with Netstat.|http://netactview.sourceforge.net/|{{AUR|netactview}}}}
  +
* {{App|[[Wikipedia:netsniff-ng|netsniff-ng]]|High performance Linux network sniffer for packet inspection.|http://netsniff-ng.org/|{{Pkg|netsniff-ng}}}}
  +
* {{App|[[Wikipedia:ngrep|ngrep]]|grep-like utility that allows you to search for network packets on an interface.|https://github.com/jpr5/ngrep|{{Pkg|ngrep}}}}
  +
* {{App|[[Nmap]]|Security scanner used to discover hosts and services on a computer network, thus creating a "map" of the network.|https://nmap.org/|CLI: {{Pkg|nmap}}, GUI: {{AUR|zenmap}}}}
  +
* {{App|[[Ntop]]|Network probe that shows network usage in a way similar to what top does for processes.|https://www.ntop.org/|{{AUR|ntop}}}}
  +
* {{App|pyNeighborhood|GTK-based SMB/CIFS browsing utility.|https://launchpad.net/pyneighborhood|{{AUR|pyneighborhood}}}}
  +
* {{App|Smb4K|Advanced network neighborhood browser and Samba share mounting utility for KDE.|https://smb4k.sourceforge.io/|{{Pkg|smb4k}}}}
  +
* {{App|[[Snort]]|Network intrusion prevention and detection system.|https://www.snort.org/|{{AUR|snort}}}}
  +
* {{App|Spectools|A set of utilities for spectrum analyzer hardware including Wi-Spy devices.|https://www.kismetwireless.net/static/spectools/|{{AUR|spectools}}}}
  +
* {{App|[[Sshguard]]|Daemon that protects SSH and other services against brute-force attacts, similar to Fail2ban.|https://www.sshguard.net/|{{Pkg|sshguard}}}}
  +
* {{App|[[Suricata]]|High performance Network IDS, IPS and Network Security Monitoring engine.|https://suricata-ids.org/|{{AUR|suricata}}}}
  +
* {{App|[[Network Debugging#Tcpdump|Tcpdump]]|Common console-based packet analyzer that allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network.|http://www.tcpdump.org/|{{Pkg|tcpdump}}}}
  +
* {{App|[[Wikipedia:tcptrace|tcptrace]]|TCP dump file analysis tool.|http://tcptrace.org/{{Dead link|2020|12|27|status=403}}|{{Pkg|tcptrace}}}}
  +
* {{App|[[vnStat]]|Console-based network traffic monitor that keeps a log of network traffic for the selected interfaces.|https://humdi.net/vnstat/|{{Pkg|vnstat}}}}
  +
* {{App|What IP|Small GTK application to get info on your IP.|https://gabmus.gitlab.io/whatip/|{{AUR|whatip-git}}}}
  +
* {{App|wifiphisher|Fast automated phishing attacks against WPA networks.|https://github.com/wifiphisher/wifiphisher|{{AUR|wifiphisher-git}}}}
  +
* {{App|[[Wireshark]]|Network protocol analyzer that lets you capture and interactively browse the traffic running on a computer network.|https://www.wireshark.org/|CLI: {{Pkg|wireshark-cli}}, GUI: {{Pkg|wireshark-qt}}}}
  +
* {{App|[[Wikipedia:Xplico|Xplico]]|Network forensics analysis tool (NFAT), which is a software that reconstructs the contents of acquisitions performed with a packet sniffer.|https://www.xplico.org/|{{AUR|xplico}}}}
  +
* {{App|Zeek|Powerful network analysis framework that is much different from the typical IDS you may know.|https://zeek.org/|{{AUR|zeek}}}}
   
  +
<!--
 
====ネットワークセキュリティ====
 
====ネットワークセキュリティ====
 
* {{App|[[Wikipedia:Arpwatch|Arpwatch]]|Ethernet の活動を監視し Ethernet/IP アドレスペアリングのデータベースを保持するツール。|http://ee.lbl.gov/|{{Pkg|arpwatch}}}}
 
* {{App|[[Wikipedia:Arpwatch|Arpwatch]]|Ethernet の活動を監視し Ethernet/IP アドレスペアリングのデータベースを保持するツール。|http://ee.lbl.gov/|{{Pkg|arpwatch}}}}
40行目: 88行目:
 
* {{App|[[vnStat]]|選択したインターフェースのトラフィックをログする、コンソールベースのネットワークトラフィックモニタ。|http://humdi.net/vnstat/|{{Pkg|vnstat}}}}
 
* {{App|[[vnStat]]|選択したインターフェースのトラフィックをログする、コンソールベースのネットワークトラフィックモニタ。|http://humdi.net/vnstat/|{{Pkg|vnstat}}}}
 
* {{App|[[Wireshark]]|コンピュータネットワークで動いているトラフィックを見るためのネットワークプロトコルアナライザー。|http://www.wireshark.org/|{{Pkg|wireshark-cli}} {{Pkg|wireshark-qt}} {{Pkg|wireshark-gtk}}{{Broken package link|置換パッケージ: {{Pkg|wireshark-qt}}}}}}
 
* {{App|[[Wireshark]]|コンピュータネットワークで動いているトラフィックを見るためのネットワークプロトコルアナライザー。|http://www.wireshark.org/|{{Pkg|wireshark-cli}} {{Pkg|wireshark-qt}} {{Pkg|wireshark-gtk}}{{Broken package link|置換パッケージ: {{Pkg|wireshark-qt}}}}}}
  +
-->
   
  +
=== Firewall management ===
  +
  +
See [[iptables#Front-ends]].
  +
  +
=== Threat and vulnerability detection ===
  +
  +
* {{App|AFICK|Security tool that allows to monitor the changes on your file systems, and so can detect intrusions.|http://afick.sourceforge.net/|{{AUR|afick}}}}
  +
* {{App|[[Wikipedia:Lynis|Lynis]]|Security and system auditing tool to harden Unix/Linux systems.|https://cisofy.com/lynis/|{{Pkg|lynis}}}}
  +
* {{App|[[Metasploit Framework]]|An advanced open-source platform for developing, testing, and using exploit code.|https://www.metasploit.com/|{{Pkg|metasploit}}}}
  +
* {{App|[[Nessus]]|Comprehensive vulnerability scanning program.|https://www.tenable.com/products/nessus|{{AUR|nessus}}}}
  +
* {{App|[[OpenVAS]]|Framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. FOSS Nessus fork.|http://www.openvas.org/|{{AUR|openvas-scanner}}}}
  +
* {{App|OSSEC|Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.|https://ossec.github.io/|{{AUR|ossec-agent}} {{AUR|ossec-local}} {{AUR|ossec-server}}}}
  +
* {{App|Samhain|Host-based intrusion detection system (HIDS) provides file integrity checking and log file monitoring/analysis, as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes. |https://www.la-samhna.de/samhain/index.html|{{AUR|samhain}}}}
  +
* {{App|[[Wikipedia:Tiger (security software)|Tiger]]|Security tool that can be use both as a security audit and intrusion detection system.|http://www.nongnu.org/tiger/|{{AUR|tiger}}}}
  +
* {{App|[[Wikipedia:Open Source Tripwire|Tripwire]]|Intrusion detection system.|https://github.com/Tripwire/tripwire-open-source|{{AUR|tripwire-git}}}}
  +
  +
<!--
 
====脅威と脆弱性保護====
 
====脅威と脆弱性保護====
 
* {{App|AFICK|ファイルシステムの変更を監視して侵入を検知するセキュリティツール。|http://afick.sourceforge.net/|{{AUR|afick}}}}
 
* {{App|AFICK|ファイルシステムの変更を監視して侵入を検知するセキュリティツール。|http://afick.sourceforge.net/|{{AUR|afick}}}}
51行目: 117行目:
 
* {{App|Tiger|セキュリティ監査と侵入検知システムの両方の役割を果たすことができるセキュリティツール。|https://www.nongnu.org/tiger/|{{AUR|tiger}}}}
 
* {{App|Tiger|セキュリティ監査と侵入検知システムの両方の役割を果たすことができるセキュリティツール。|https://www.nongnu.org/tiger/|{{AUR|tiger}}}}
 
* {{App|[[Wikipedia:Open Source Tripwire|Tripwire]]|侵入検知システム。|https://github.com/Tripwire/tripwire-open-source|{{AUR|tripwire-git}}}}
 
* {{App|[[Wikipedia:Open Source Tripwire|Tripwire]]|侵入検知システム。|https://github.com/Tripwire/tripwire-open-source|{{AUR|tripwire-git}}}}
  +
-->
  +
  +
=== File security ===
  +
  +
* {{App|[[AIDE]]|File and directory integrity checker.|https://aide.github.io|{{AUR|aide}}}}
  +
* {{App|[[Logwatch]]|Customizable log analysis system.|https://sourceforge.net/projects/logwatch/|{{Pkg|logwatch}}}}
   
  +
<!--
 
====ファイルセキュリティ====
 
====ファイルセキュリティ====
 
* {{App|[[AIDE]]|ファイルとディレクトリの整合性チェッカー。|http://aide.sourceforge.net/|{{AUR|aide}}}}
 
* {{App|[[AIDE]]|ファイルとディレクトリの整合性チェッカー。|http://aide.sourceforge.net/|{{AUR|aide}}}}
57行目: 130行目:
 
* {{App|[[Logwatch]]|カスタマイズできるログ分析システム。|https://sourceforge.net/projects/logwatch/|{{Pkg|logwatch}}}}
 
* {{App|[[Logwatch]]|カスタマイズできるログ分析システム。|https://sourceforge.net/projects/logwatch/|{{Pkg|logwatch}}}}
 
* {{App|OpenDLP|フリーでオープンソース、エージェントあるいはエージェントレスベース、中央管理、データを分散させて損失を防ぐツール。|https://code.google.com/archive/p/opendlp/}}
 
* {{App|OpenDLP|フリーでオープンソース、エージェントあるいはエージェントレスベース、中央管理、データを分散させて損失を防ぐツール。|https://code.google.com/archive/p/opendlp/}}
  +
-->
   
  +
=== Anti malware ===
  +
  +
* {{App|[[ClamAV]]|Open source antivirus engine for detecting trojans, viruses, malware & other malicious threats.|http://www.clamav.net/|{{Pkg|clamav}}}}
  +
* {{App|ClamTk|Graphical front-end for ClamAV using Perl and Gtk libraries. It is designed to be an easy-to-use, lightweight, on-demand antivirus scanner for Linux systems.|https://dave-theunsub.github.io/clamtk/|{{Pkg|clamtk}}, Nautilus plugin: {{AUR|clamtk-gnome}}, MATE plugin: {{AUR|clamtk-mate}}, Thunar plugin: {{AUR|thunar-sendto-clamtk}}}}
  +
* {{App|Linux Malware Detect|Malware scanner designed around the threats faced in shared hosted environments.|https://www.rfxn.com/projects/linux-malware-detect/|{{AUR|maldet}}}}
  +
* {{App|Rootkit Hunter|Checks machines for the presence of rootkits and other unwanted tools.|http://rkhunter.sourceforge.net/|{{Pkg|rkhunter}}}}
  +
* {{App|Hostsblock|A script that downloads, sorts, and compiles multiple ad- and malware-blocking {{ic|hosts}} files.|https://gaenserich.github.io/hostsblock/|{{AUR|hostsblock}}}}
  +
  +
<!--
 
==== アンチマルウェア ====
 
==== アンチマルウェア ====
   
68行目: 151行目:
   
 
{{Box||次の記事を参照してください: [[バックアッププログラム]]|#E5E5FF|#FCFCFC}}
 
{{Box||次の記事を参照してください: [[バックアッププログラム]]|#E5E5FF|#FCFCFC}}
  +
-->
  +
  +
=== Screen lockers ===
  +
  +
{{Merge|Session lock#By environment|Same purpose.}}
  +
  +
See also [[Session lock]].
  +
  +
{{Warning|Only ''sflock'', ''physlock'', ''Cinnamon Screensaver'', ''MATE Screensaver'' and ''GNOME Screensaver'' are able to block tty access. See [[Xorg#Block TTY access]] on how to manually block tty access.}}
  +
  +
* {{App|betterlockscreen|''i3lock-color'' wrapper. Betterlockscreen allows you to cache images with different filters and lockscreen with blazing speed.|https://github.com/pavanjadhaw/betterlockscreen|{{Aur|betterlockscreen}}}}
  +
* {{App|Cinnamon Screensaver|Screen locker for the Cinnamon desktop.|https://github.com/linuxmint/cinnamon-screensaver|{{Pkg|cinnamon-screensaver}}}}
  +
* {{App|Deepin Screensaver|A lightweight Qt5 based screensaver.|https://github.com/linuxdeepin/deepin-screensaver|{{Pkg|deepin-screensaver}}}}
  +
* {{App|GNOME Screensaver|Legacy screen locker for the GNOME desktop. Unmaintained since 2012.|https://wiki.gnome.org/Attic/GnomeScreensaver|{{Pkg|gnome-screensaver}}}}
  +
* {{App|i3lock|A simple screen locker. Provides user feedback and uses PAM authentication. The background can be set to an image or solid color.|https://i3wm.org/i3lock/|{{Pkg|i3lock}}}}
  +
* {{App|i3lock-blur|Fork of ''i3lock'' which can use your desktop with the blur effect applied as a background.|https://github.com/karulont/i3lock-blur|{{Aur|i3lock-blur}}}}
  +
* {{App|i3lock-color|Fork of ''i3lock'' with color and positioning configuration support and can use your desktop with the blur effect applied as a background.|https://github.com/Raymo111/i3lock-color|{{AUR|i3lock-color}}, {{AUR|i3lock-color-git}}}}
  +
* {{App|Light-locker|A simple locker (forked from ''gnome-screensaver'') that aims to have simple, sane, secure defaults and be well integrated with the desktop while not carrying any desktop-specific dependencies. It relies on [[LightDM]] for locking and unlocking your session via ConsoleKit/UPower or ''logind/systemd''.|https://github.com/the-cavalry/light-locker|{{Pkg|light-locker}}}}
  +
* {{App|MATE Screensaver|Screensaver and locker for MATE Desktop Environment.|https://github.com/mate-desktop/mate-screensaver|{{Pkg|mate-screensaver}}}}
  +
* {{App|physlock|Screen and console locker.|https://github.com/muennich/physlock|{{Pkg|physlock}}}}
  +
* {{App|sflock|Simple screen locker utility for X, based on slock. Provides a very basic user feedback.|https://github.com/benruijl/sflock|{{AUR|sflock-git}}}}
  +
* {{App|[[slock]]|Very simple and lightweight X screen locker. Offers only a black background when locked, there are no animations or text fields.|https://tools.suckless.org/slock/|{{Pkg|slock}}}}
  +
* {{App|sxlock|Fork of sflock with a few enhancements. Provides basic user feedback, uses PAM authentication, supports DPMS and RandR. Supports {{ic|sxlock.service}} to lock the screen on suspend/hibernation. See the [https://github.com/lahwaacz/sxlock/blob/master/README.md README] for more information.|https://github.com/lahwaacz/sxlock|{{AUR|sxlock-git}}}}
  +
* {{App|tsscreenlock|Screen locker used in theShell. Shows music controls, and if used with theShell, also shows desktop notifications.|https://github.com/vicr123/tsscreenlock|{{AUR|tsscreenlock}}}}
  +
* {{App|vlock|TTY locker. A mirror of the [https://lists.archlinux.org/pipermail/aur-general/2013-July/024662.html original vlock] is available at [https://github.com/WorMzy/vlock github].|http://kbd-project.org/|{{Pkg|kbd}}}}
  +
* {{App|xfce4-screensaver|A screen saver and locker that aims to have simple, sane, secure defaults and be well integrated with the xfce desktop.|https://git.xfce.org/apps/xfce4-screensaver/about/|{{Pkg|xfce4-screensaver}}}}
  +
* {{App|xlockmore|Simple X11 screen lock with PAM support.|http://sillycycle.com/xlockmore.html|{{Pkg|xlockmore}}}}
  +
* {{App|[[XScreenSaver]]|Screen saver and locker for the X Window System.|https://www.jwz.org/xscreensaver/|{{Pkg|xscreensaver}}}}
  +
* {{App|XSecureLock|X11 screen lock utility designed with the primary goal of security.|https://github.com/google/xsecurelock|{{Pkg|xsecurelock}}}}
  +
* {{App|xtrlock|Very lightweight X display locker. Keeps windows visible and displays lock icon instead of mouse cursor. Typing password followed by enter unlocks the screen.|https://packages.debian.org/sid/xtrlock|{{Pkg|xtrlock}}}}
   
  +
<!--
 
==== スクリーンロック ====
 
==== スクリーンロック ====
 
{{Warning|''sflock'', ''physlock'', ''Cinnamon Screensaver'', ''MATE Screensaver'', ''GNOME Screensaver'' だけが tty アクセスをブロックすることができます。手動でブロックする方法は [[Xorg#TTY のアクセスをブロック]]を見てください。}}
 
{{Warning|''sflock'', ''physlock'', ''Cinnamon Screensaver'', ''MATE Screensaver'', ''GNOME Screensaver'' だけが tty アクセスをブロックすることができます。手動でブロックする方法は [[Xorg#TTY のアクセスをブロック]]を見てください。}}
88行目: 202行目:
 
* {{App|XSecureLock|セキュリティに焦点を置いた X11 のスクリーンロックユーティリティ。|https://github.com/google/xsecurelock|{{AUR|xsecurelock-git}}}}
 
* {{App|XSecureLock|セキュリティに焦点を置いた X11 のスクリーンロックユーティリティ。|https://github.com/google/xsecurelock|{{AUR|xsecurelock-git}}}}
 
* {{App|xtrlock|非常に軽量な X ディスプレイロッカー。ウィンドウは表示したままで、マウスカーソルの代わりにロックアイコンを表示します。パスワードを入力すれば画面のロックは解除されます。|https://packages.debian.org/sid/xtrlock|{{Pkg|xtrlock}}}}
 
* {{App|xtrlock|非常に軽量な X ディスプレイロッカー。ウィンドウは表示したままで、マウスカーソルの代わりにロックアイコンを表示します。パスワードを入力すれば画面のロックは解除されます。|https://packages.debian.org/sid/xtrlock|{{Pkg|xtrlock}}}}
  +
-->
   
  +
=== Password auditing ===
  +
  +
* {{App|[[Wikipedia:John the Ripper|John the Ripper]]|Password cracker.|https://www.openwall.com/john|{{Pkg|john}}}}
  +
* {{App|[[Hashcat]]|Multithreaded advanced password recovery utility.|https://hashcat.net/hashcat|{{Pkg|hashcat}}}}
  +
  +
=== Password managers ===
  +
  +
See also [[KeePass]].
  +
  +
==== Console ====
  +
  +
* {{App|gopass|Advanced console based password manager, supporting GnuPG and other backends.|https://github.com/justwatchcom/gopass|{{Pkg|gopass}}}}
  +
* {{App|KeePassC|Curses-based password manager compatible to KeePass v.1.x.|https://outerhaven.de/keepassc/|{{AUR|keepassc}}}}
  +
* {{App|LastPass|Hosted password manager. |https://www.lastpass.com/|{{Pkg|lastpass-cli}}}}
  +
* {{App|[[pass]]|Simple console-based password manager featuring flat text file organization and GnuPG encryption.|https://www.passwordstore.org/|{{Pkg|pass}}}}
  +
* {{App|pwsafe|Unix command-line program that manages encrypted password databases.|http://nsd.dyndns.org/pwsafe/|{{AUR|pwsafe}}}}
  +
* {{App|spm|Simple Password Manager written entirely in POSIX shell using PGP. Fast, lightweight and easily scriptable.|https://notabug.org/kl3/spm/|{{AUR|spm}}}}
  +
* {{App|tpm|tiny password manager, inspired by pass, written entirely in POSIX shell.|https://github.com/nmeum/tpm|{{AUR|tpm}}}}
  +
* {{App|Ylva|Command-line password manager, written in C, uses OpenSSL.|https://www.ylvapasswordmanager.com/|{{AUR|ylva}}}}
  +
  +
==== Graphical ====
  +
  +
* {{App|Authenticator|Two-factor authentication application built for GNOME.|https://gitlab.gnome.org/World/Authenticator|{{AUR|authenticator}}}}
  +
* {{App|Bitwarden|Open source password manager with desktop, mobile, browser, and CLI versions. Cloud or self-hosted.|https://bitwarden.com/|{{AUR|bitwarden-bin}}, {{AUR|bitwarden-cli}}}}
  +
* {{App|Encryptr|Zero-knowledge, cloud-based password manager.|https://spideroak.com/encryptr/|{{AUR|encryptr}}}}
  +
* {{App|Enpass|A multiplatform password manager|https://www.enpass.io/|{{AUR|enpass-bin}}}}
  +
* {{App|Figaro's Password Manager 2|GTK2 port of [http://fpm.sourceforge.net/ Figaro's Password Manager] with some new enhancements.|https://als.regnet.cz/fpm2/|{{AUR|fpm2}}}}
  +
* {{App|GNOME Password Safe|Password manager for GNOME which makes use of the KeePass v.4 format.|https://gitlab.gnome.org/World/PasswordSafe|{{Pkg|gnome-passwordsafe}}}}
  +
* {{App|Ked Password Manager|A password manager that helps to manage large numbers of passwords.|http://kedpm.sourceforge.net|{{AUR|kedpm}}}}
  +
* {{App|[[KeePass|KeePass Password Safe]]|Mono-based password manager, which helps you to manage your passwords in a secure way.|https://keepass.info/|{{Pkg|keepass}}}}
  +
* {{App|KeePassX|Qt-based password manager. Compatible with KeePass v.1.x and KeePass v.2.x.|https://www.keepassx.org/|version 1: {{AUR|keepassx}}, version 2: {{AUR|keepassx2}}}}
  +
* {{App|KeePassXC|Community fork of KeePassX with more active development. Compatible with KeePass v.1.x (import only) and KeePass v.2.x.|https://keepassxc.org/|{{Pkg|keepassxc}}}}
  +
* {{App|[[KDE Wallet|KDE Wallet Manager]]|Tool to manage the passwords on your system. By using the KDE wallet subsystem it not only allows you to keep your own secrets but also to access and manage the passwords of every application that integrates with the wallet.|https://kde.org/applications/en/system/org.kde.kwalletmanager5|{{Pkg|kwalletmanager}}}}
  +
* {{App|OTPClient|Highly secure and easy to use GTK software for two-factor authentication that supports both Time-based One-time Passwords (TOTP) and HMAC-Based One-Time Passwords (HOTP).|https://github.com/paolostivanin/OTPClient|{{AUR|otpclient}}}}
  +
* {{App|Passbook|Modern password manager for GNOME.|https://wiki.gnome.org/Apps/Passbook|{{AUR|passbook}}}}
  +
* {{App|Password Gorilla|A cross-platform password manager.|https://github.com/zdia/gorilla/wiki|{{AUR|password-gorilla}}}}
  +
* {{App|Password Safe|Simple and secure password manager.|https://pwsafe.org/|{{AUR|passwordsafe}}}}
  +
* {{App|QPass|Easy to use password manager with built-in password generator.|http://qpass.sourceforge.net/|{{AUR|qpass}}}}
  +
* {{App|QtPass|GUI for pass, the standard unix password manager.|https://qtpass.org/|{{Pkg|qtpass}}}}
  +
* {{App|Revelation|Password manager for the GNOME desktop.|https://revelation.olasagasti.info/|{{AUR|revelation}}}}
  +
* {{App|[[Wikipedia:Seahorse (software)|Seahorse]]|GNOME application for managing encryption keys and passwords in the GNOME Keyring.|https://wiki.gnome.org/Apps/Seahorse|{{Pkg|seahorse}}}}
  +
* {{App|Universal Password Manager|Allows you to store usernames, passwords, URLs and generic notes in an encrypted database protected by one master password.|http://upm.sourceforge.net/|{{AUR|universal-password-manager}}}}
  +
  +
=== Cryptography ===
  +
  +
==== Hash checkers ====
  +
  +
* {{app|cfv|Tiny utility to both test and create checksum files, support {{ic|.sfv}}, {{ic|.csv}}, {{ic|.crc}}, {{ic|.md5}}, {{ic|md5sum}}, {{ic|sha1sum}}, {{ic|.torrent}}, {{ic|par}}, and {{ic|.par2}} files.| http://cfv.sourceforge.net/|{{AUR|cfv}}}}
  +
* {{App|GtkHash|A GTK utility for computing message digests or checksums|https://github.com/tristanheaven/gtkhash|{{AUR|gtkhash}}}}
  +
* {{App|hashdeep|A cross-platform tools to compute hashes, or message digests, for any number of files|http://md5deep.sourceforge.net/|{{Pkg|hashdeep}}}}
  +
* {{App|Quick Hash GUI|A GUI to enable the rapid selection and subsequent hashing of files (individually or recursively throughout a folder structure) text and (on Linux) disks.|https://www.quickhash-gui.org/|{{AUR|quickhash-gui-bin}}}}
  +
* {{App|RHash|Utility for verifying hash sums (SFV, CRC, etc). Supports lots of algorithms.|https://github.com/rhash/RHash/|{{Pkg|rhash}}}}
  +
* {{App|MassHash|A set of file hashing tools (both CLI and GTK GUI) written in Python. Supported algorithms include MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512.|https://jdleicher.github.io/MassHash/|{{AUR|masshash}}}}
  +
* {{App|Parchive|Utility which creates and uses PAR2 files to detect damage in data files and repair them if necessary.|https://github.com/Parchive/par2cmdline|{{Pkg|par2cmdline}}}}
  +
  +
<!--
 
==== ハッシュチェッカー ====
 
==== ハッシュチェッカー ====
   
99行目: 270行目:
 
* {{App|MassHash|Python で書かれたファイルハッシュ作成ツールのセット (CLI と GTK+ の GUI)。MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512 などのアルゴリズムをサポート。|http://jdleicher.github.io/MassHash/|{{AUR|masshash}}}}
 
* {{App|MassHash|Python で書かれたファイルハッシュ作成ツールのセット (CLI と GTK+ の GUI)。MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512 などのアルゴリズムをサポート。|http://jdleicher.github.io/MassHash/|{{AUR|masshash}}}}
 
* {{App|[[Parchive]]|PAR2 ファイルを作成してデータファイルの破損を確認し、必要であれば修復することができるユーティリティ。|https://github.com/Parchive/par2cmdline|{{Pkg|par2cmdline}}}}
 
* {{App|[[Parchive]]|PAR2 ファイルを作成してデータファイルの破損を確認し、必要であれば修復することができるユーティリティ。|https://github.com/Parchive/par2cmdline|{{Pkg|par2cmdline}}}}
  +
-->
  +
  +
==== Encryption, signing, steganography ====
  +
  +
* {{app|age|A simple, modern and secure encryption tool (and library) with small explicit keys, no config options, and UNIX-style composability.|https://age-encryption.org/v1|Go: {{Pkg|age}} {{AUR|age-git}} Rust: {{AUR|rust-rage}} {{AUR|rust-rage-git}}}}
  +
* {{app|ccrypt|A command-line utility for encrypting and decrypting files and streams based on [[Wikipedia:Advanced_Encryption_Standard|Rijndael]].|http://ccrypt.sourceforge.net/|{{AUR|ccrypt}}}}
  +
* {{App|[[Wikipedia:Enigmail|Enigmail]]|A security extension to Mozilla Thunderbird and Seamonkey. It enables you to write and receive email messages signed and/or encrypted with the OpenPGP standard.|https://enigmail.net|{{Pkg|thunderbird-extension-enigmail}}}}
  +
* {{App|GNOME Keysign|GTK/GNOME application to use GnuPG for signing other people's keys. Quickly, easily, and securely.|https://wiki.gnome.org/Apps/Keysign|{{AUR|gnome-keysign}}}}
  +
* {{App|[[GnuPG]]|The GNU project's complete and free implementation of the OpenPGP standard as defined by RFC4880. Free and Open Source replacement of PGP, mostly used for digital signing of packages.|https://gnupg.org/|{{Pkg|gnupg}}}}
  +
* {{App|GPG-Crypter|Graphical front-end to GnuPG(GPG) using the GTK3 toolkit and GPGME library.|https://sourceforge.net/projects/gpg-crypter/|{{Pkg|gpg-crypter}}}}
  +
* {{App|[[Keybase]]|Key directory mapping social media identities, with cross platform encrypted chat, cloud storage, and git repositories.|https://keybase.io/|{{Pkg|keybase}}}}
  +
* {{App|[[Wikipedia:KGPG|KGpg]]|Simple interface for GnuPG, for KDE.|https://www.kde.org/applications/utilities/kgpg/|{{Pkg|kgpg}}}}
  +
* {{App|Kleopatra|Certificate Manager and Unified Crypto GUI for KDE. It supports managing X.509 and OpenPGP certificates in the GpgSM keybox and retrieving certificates from LDAP servers.|https://www.kde.org/applications/utilities/kleopatra/|{{Pkg|kleopatra}}}}
  +
* {{app|minisign|Simple program that only implements key signing|https://github.com/jedisct1/minisign|{{pkg|minisign}} }}
  +
* {{App|[[Wikipedia:Seahorse (software)|Seahorse]]|GNOME application for managing encryption keys and passwords in the GNOME Keyring.|https://wiki.gnome.org/Apps/Seahorse|{{Pkg|seahorse}}}}
  +
* {{App|scrypt|Command-line encryption utility featuring the memory-hardened {{ic|scrypt}} key derivation function.|https://www.tarsnap.com/scrypt.html|{{pkg|scrypt}}}}
  +
* {{App|steghide|A steganography utility that is able to hide data in various kinds of image and audio files.|http://steghide.sourceforge.net|{{AUR|steghide}}}}
   
  +
<!--
 
==== 暗号化, 署名, ステガノグラフィー ====
 
==== 暗号化, 署名, ステガノグラフィー ====
   
130行目: 319行目:
 
* {{App|Seahorse|GnomeKeyring で暗号化キーとパスワードを管理する GNOME アプリケーション。|https://wiki.gnome.org/Apps/Seahorse|{{Pkg|seahorse}}}}
 
* {{App|Seahorse|GnomeKeyring で暗号化キーとパスワードを管理する GNOME アプリケーション。|https://wiki.gnome.org/Apps/Seahorse|{{Pkg|seahorse}}}}
 
* {{App|Universal Password Manager|一つのマスターパスワードに保護された暗号化データベースにユーザー名やパスワード、URL、メモなどを保存することができます。|http://upm.sourceforge.net/|{{AUR|upm}}{{Broken package link|パッケージが存在しません}}}}
 
* {{App|Universal Password Manager|一つのマスターパスワードに保護された暗号化データベースにユーザー名やパスワード、URL、メモなどを保存することができます。|http://upm.sourceforge.net/|{{AUR|upm}}{{Broken package link|パッケージが存在しません}}}}
  +
-->
  +
  +
==== Data-at-rest encryption ====
  +
  +
See [[Data-at-rest encryption]].
  +
  +
=== Privilege elevation ===
  +
  +
* {{App|[https://man.openbsd.org/doas.1 doas]|A portable version of OpenBSD's doas command, known for being substantially smaller in size compared to sudo.|https://github.com/Duncaen/OpenDoas|{{pkg|opendoas}}}}
  +
* {{App|[[su]]|Command used to assume the identity of another user on the system.|https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/about/|{{Pkg|util-linux}}}}
  +
* {{App|[[sudo]]|Command to delegate the ability to run commands as root or another user while providing an audit trail.|https://www.sudo.ws/sudo/|{{pkg|sudo}}}}

2021年4月15日 (木) 20:58時点における版

Security

For detailed guides, see the main ArchWiki page, Security.


Network security

See also Wikipedia:Comparison of packet analyzers.

  • airgeddon — Multi-use bash script to audit wireless networks
https://github.com/v1s1t0r1sh3r3/airgeddon || airgeddon-gitAUR
  • Arpwatch — Tool that monitors ethernet activity and keeps a database of Ethernet/IP address pairings.
https://ee.lbl.gov/ || arpwatch
  • bettercap — Swiss army knife for network attacks and monitoring.
https://www.bettercap.org/ || bettercap
  • darkstat — Captures network traffic, calculates statistics about usage, and serves reports over HTTP.
https://unix4lyfe.org/darkstat/ || darkstat
  • dsniff — Collection of tools for network auditing and penetration testing.
https://www.monkey.org/~dugsong/dsniff/ || dsniff
  • EtherApe — Graphical network monitor for Unix modeled after etherman. Featuring link layer, IP and TCP modes, it displays network activity graphically. Hosts and links change in size with traffic. Color coded protocols display.
https://etherape.sourceforge.io/ || etherape
  • Ettercap — Multipurpose Network sniffer/analyser/interceptor/logger.
https://ettercap.github.io/ettercap/ || CLI: ettercap, GUI: ettercap-gtk
  • GNOME Network Tools — GNOME interface for various networking tools.
https://gitlab.gnome.org/GNOME/gnome-nettool || gnome-nettool
  • Honeyd — Tool that allows the user to set up and run multiple virtual hosts on a computer network.
http://www.honeyd.org/ || honeydAUR
  • hping — Command-line oriented TCP/IP packet assembler/analyzer.
http://hping.org/ || hping
  • IPTraf — Console-based network monitoring utility.
https://sourceforge.net/projects/iptraf-ng/ || iptraf-ng
  • jnettop — top-like console network traffic visualizer.
https://sourceforge.net/projects/jnettop/ || jnettop
  • justniffer — Network protocol analyzer that captures network traffic and produces logs in a customized way, can emulate Apache web server log files, track response times and extract all "intercepted" files from the HTTP traffic.
http://justniffer.sourceforge.net/ || justnifferAUR
  • Kismet — 802.11 layer2 wireless network detector, sniffer, and intrusion detection system.
https://www.kismetwireless.net/ || kismet
  • LinSSID — Graphical wireless scanner.
https://sourceforge.net/projects/linssid/ || linssid
  • Nemesis — Command-line network packet crafting and injection utility.
http://nemesis.sourceforge.net/ || nemesisAUR
  • Net Activity Viewer — Graphical network connections viewer, similar in functionality with Netstat.
http://netactview.sourceforge.net/ || netactviewAUR
  • netsniff-ng — High performance Linux network sniffer for packet inspection.
http://netsniff-ng.org/ || netsniff-ng
  • ngrep — grep-like utility that allows you to search for network packets on an interface.
https://github.com/jpr5/ngrep || ngrep
  • Nmap — Security scanner used to discover hosts and services on a computer network, thus creating a "map" of the network.
https://nmap.org/ || CLI: nmap, GUI: zenmapAUR
  • Ntop — Network probe that shows network usage in a way similar to what top does for processes.
https://www.ntop.org/ || ntopAUR
  • pyNeighborhood — GTK-based SMB/CIFS browsing utility.
https://launchpad.net/pyneighborhood || pyneighborhoodAUR
  • Smb4K — Advanced network neighborhood browser and Samba share mounting utility for KDE.
https://smb4k.sourceforge.io/ || smb4k
  • Snort — Network intrusion prevention and detection system.
https://www.snort.org/ || snortAUR
  • Spectools — A set of utilities for spectrum analyzer hardware including Wi-Spy devices.
https://www.kismetwireless.net/static/spectools/ || spectoolsAUR
  • Sshguard — Daemon that protects SSH and other services against brute-force attacts, similar to Fail2ban.
https://www.sshguard.net/ || sshguard
  • Suricata — High performance Network IDS, IPS and Network Security Monitoring engine.
https://suricata-ids.org/ || suricataAUR
  • Tcpdump — Common console-based packet analyzer that allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network.
http://www.tcpdump.org/ || tcpdump
  • tcptrace — TCP dump file analysis tool.
http://tcptrace.org/[リンク切れ 2020-12-27] || tcptrace
  • vnStat — Console-based network traffic monitor that keeps a log of network traffic for the selected interfaces.
https://humdi.net/vnstat/ || vnstat
  • What IP — Small GTK application to get info on your IP.
https://gabmus.gitlab.io/whatip/ || whatip-gitAUR
  • wifiphisher — Fast automated phishing attacks against WPA networks.
https://github.com/wifiphisher/wifiphisher || wifiphisher-gitAUR
  • Wireshark — Network protocol analyzer that lets you capture and interactively browse the traffic running on a computer network.
https://www.wireshark.org/ || CLI: wireshark-cli, GUI: wireshark-qt
  • Xplico — Network forensics analysis tool (NFAT), which is a software that reconstructs the contents of acquisitions performed with a packet sniffer.
https://www.xplico.org/ || xplicoAUR
  • Zeek — Powerful network analysis framework that is much different from the typical IDS you may know.
https://zeek.org/ || zeekAUR


Firewall management

See iptables#Front-ends.

Threat and vulnerability detection

  • AFICK — Security tool that allows to monitor the changes on your file systems, and so can detect intrusions.
http://afick.sourceforge.net/ || afickAUR
  • Lynis — Security and system auditing tool to harden Unix/Linux systems.
https://cisofy.com/lynis/ || lynis
  • Metasploit Framework — An advanced open-source platform for developing, testing, and using exploit code.
https://www.metasploit.com/ || metasploit
  • Nessus — Comprehensive vulnerability scanning program.
https://www.tenable.com/products/nessus || nessusAUR
  • OpenVAS — Framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. FOSS Nessus fork.
http://www.openvas.org/ || openvas-scannerAUR
  • OSSEC — Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
https://ossec.github.io/ || ossec-agentAUR ossec-localAUR ossec-serverAUR
  • Samhain — Host-based intrusion detection system (HIDS) provides file integrity checking and log file monitoring/analysis, as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes.
https://www.la-samhna.de/samhain/index.html || samhainAUR
  • Tiger — Security tool that can be use both as a security audit and intrusion detection system.
http://www.nongnu.org/tiger/ || tigerAUR
  • Tripwire — Intrusion detection system.
https://github.com/Tripwire/tripwire-open-source || tripwire-gitAUR


File security

  • AIDE — File and directory integrity checker.
https://aide.github.io || aideAUR
  • Logwatch — Customizable log analysis system.
https://sourceforge.net/projects/logwatch/ || logwatch


Anti malware

  • ClamAV — Open source antivirus engine for detecting trojans, viruses, malware & other malicious threats.
http://www.clamav.net/ || clamav
  • ClamTk — Graphical front-end for ClamAV using Perl and Gtk libraries. It is designed to be an easy-to-use, lightweight, on-demand antivirus scanner for Linux systems.
https://dave-theunsub.github.io/clamtk/ || clamtk, Nautilus plugin: clamtk-gnomeAUR, MATE plugin: clamtk-mateAUR, Thunar plugin: thunar-sendto-clamtkAUR
  • Linux Malware Detect — Malware scanner designed around the threats faced in shared hosted environments.
https://www.rfxn.com/projects/linux-malware-detect/ || maldetAUR
  • Rootkit Hunter — Checks machines for the presence of rootkits and other unwanted tools.
http://rkhunter.sourceforge.net/ || rkhunter
  • Hostsblock — A script that downloads, sorts, and compiles multiple ad- and malware-blocking hosts files.
https://gaenserich.github.io/hostsblock/ || hostsblockAUR


Screen lockers

この記事あるいはセクションは Session lock#By environment と合併することが議論されています。

See also Session lock.

警告: Only sflock, physlock, Cinnamon Screensaver, MATE Screensaver and GNOME Screensaver are able to block tty access. See Xorg#Block TTY access on how to manually block tty access.
  • betterlockscreeni3lock-color wrapper. Betterlockscreen allows you to cache images with different filters and lockscreen with blazing speed.
https://github.com/pavanjadhaw/betterlockscreen || betterlockscreenAUR
  • Cinnamon Screensaver — Screen locker for the Cinnamon desktop.
https://github.com/linuxmint/cinnamon-screensaver || cinnamon-screensaver
  • Deepin Screensaver — A lightweight Qt5 based screensaver.
https://github.com/linuxdeepin/deepin-screensaver || deepin-screensaver
  • GNOME Screensaver — Legacy screen locker for the GNOME desktop. Unmaintained since 2012.
https://wiki.gnome.org/Attic/GnomeScreensaver || gnome-screensaver
  • i3lock — A simple screen locker. Provides user feedback and uses PAM authentication. The background can be set to an image or solid color.
https://i3wm.org/i3lock/ || i3lock
  • i3lock-blur — Fork of i3lock which can use your desktop with the blur effect applied as a background.
https://github.com/karulont/i3lock-blur || i3lock-blurAUR
  • i3lock-color — Fork of i3lock with color and positioning configuration support and can use your desktop with the blur effect applied as a background.
https://github.com/Raymo111/i3lock-color || i3lock-colorAUR, i3lock-color-gitAUR
  • Light-locker — A simple locker (forked from gnome-screensaver) that aims to have simple, sane, secure defaults and be well integrated with the desktop while not carrying any desktop-specific dependencies. It relies on LightDM for locking and unlocking your session via ConsoleKit/UPower or logind/systemd.
https://github.com/the-cavalry/light-locker || light-locker
  • MATE Screensaver — Screensaver and locker for MATE Desktop Environment.
https://github.com/mate-desktop/mate-screensaver || mate-screensaver
  • physlock — Screen and console locker.
https://github.com/muennich/physlock || physlock
  • sflock — Simple screen locker utility for X, based on slock. Provides a very basic user feedback.
https://github.com/benruijl/sflock || sflock-gitAUR
  • slock — Very simple and lightweight X screen locker. Offers only a black background when locked, there are no animations or text fields.
https://tools.suckless.org/slock/ || slock
  • sxlock — Fork of sflock with a few enhancements. Provides basic user feedback, uses PAM authentication, supports DPMS and RandR. Supports sxlock.service to lock the screen on suspend/hibernation. See the README for more information.
https://github.com/lahwaacz/sxlock || sxlock-gitAUR
  • tsscreenlock — Screen locker used in theShell. Shows music controls, and if used with theShell, also shows desktop notifications.
https://github.com/vicr123/tsscreenlock || tsscreenlockAUR
http://kbd-project.org/ || kbd
  • xfce4-screensaver — A screen saver and locker that aims to have simple, sane, secure defaults and be well integrated with the xfce desktop.
https://git.xfce.org/apps/xfce4-screensaver/about/ || xfce4-screensaver
  • xlockmore — Simple X11 screen lock with PAM support.
http://sillycycle.com/xlockmore.html || xlockmore
  • XScreenSaver — Screen saver and locker for the X Window System.
https://www.jwz.org/xscreensaver/ || xscreensaver
  • XSecureLock — X11 screen lock utility designed with the primary goal of security.
https://github.com/google/xsecurelock || xsecurelock
  • xtrlock — Very lightweight X display locker. Keeps windows visible and displays lock icon instead of mouse cursor. Typing password followed by enter unlocks the screen.
https://packages.debian.org/sid/xtrlock || xtrlock


Password auditing

https://www.openwall.com/john || john
  • Hashcat — Multithreaded advanced password recovery utility.
https://hashcat.net/hashcat || hashcat

Password managers

See also KeePass.

Console

  • gopass — Advanced console based password manager, supporting GnuPG and other backends.
https://github.com/justwatchcom/gopass || gopass
  • KeePassC — Curses-based password manager compatible to KeePass v.1.x.
https://outerhaven.de/keepassc/ || keepasscAUR
  • LastPass — Hosted password manager.
https://www.lastpass.com/ || lastpass-cli
  • pass — Simple console-based password manager featuring flat text file organization and GnuPG encryption.
https://www.passwordstore.org/ || pass
  • pwsafe — Unix command-line program that manages encrypted password databases.
http://nsd.dyndns.org/pwsafe/ || pwsafeAUR
  • spm — Simple Password Manager written entirely in POSIX shell using PGP. Fast, lightweight and easily scriptable.
https://notabug.org/kl3/spm/ || spmAUR
  • tpm — tiny password manager, inspired by pass, written entirely in POSIX shell.
https://github.com/nmeum/tpm || tpmAUR
  • Ylva — Command-line password manager, written in C, uses OpenSSL.
https://www.ylvapasswordmanager.com/ || ylvaAUR

Graphical

  • Authenticator — Two-factor authentication application built for GNOME.
https://gitlab.gnome.org/World/Authenticator || authenticatorAUR
  • Bitwarden — Open source password manager with desktop, mobile, browser, and CLI versions. Cloud or self-hosted.
https://bitwarden.com/ || bitwarden-binAUR, bitwarden-cliAUR
  • Encryptr — Zero-knowledge, cloud-based password manager.
https://spideroak.com/encryptr/ || encryptrAUR
  • Enpass — A multiplatform password manager
https://www.enpass.io/ || enpass-binAUR
https://als.regnet.cz/fpm2/ || fpm2AUR
  • GNOME Password Safe — Password manager for GNOME which makes use of the KeePass v.4 format.
https://gitlab.gnome.org/World/PasswordSafe || gnome-passwordsafe
  • Ked Password Manager — A password manager that helps to manage large numbers of passwords.
http://kedpm.sourceforge.net || kedpmAUR
  • KeePass Password Safe — Mono-based password manager, which helps you to manage your passwords in a secure way.
https://keepass.info/ || keepass
  • KeePassX — Qt-based password manager. Compatible with KeePass v.1.x and KeePass v.2.x.
https://www.keepassx.org/ || version 1: keepassxAUR, version 2: keepassx2AUR
  • KeePassXC — Community fork of KeePassX with more active development. Compatible with KeePass v.1.x (import only) and KeePass v.2.x.
https://keepassxc.org/ || keepassxc
  • KDE Wallet Manager — Tool to manage the passwords on your system. By using the KDE wallet subsystem it not only allows you to keep your own secrets but also to access and manage the passwords of every application that integrates with the wallet.
https://kde.org/applications/en/system/org.kde.kwalletmanager5 || kwalletmanager
  • OTPClient — Highly secure and easy to use GTK software for two-factor authentication that supports both Time-based One-time Passwords (TOTP) and HMAC-Based One-Time Passwords (HOTP).
https://github.com/paolostivanin/OTPClient || otpclientAUR
  • Passbook — Modern password manager for GNOME.
https://wiki.gnome.org/Apps/Passbook || passbookAUR
  • Password Gorilla — A cross-platform password manager.
https://github.com/zdia/gorilla/wiki || password-gorillaAUR
  • Password Safe — Simple and secure password manager.
https://pwsafe.org/ || passwordsafeAUR
  • QPass — Easy to use password manager with built-in password generator.
http://qpass.sourceforge.net/ || qpassAUR
  • QtPass — GUI for pass, the standard unix password manager.
https://qtpass.org/ || qtpass
  • Revelation — Password manager for the GNOME desktop.
https://revelation.olasagasti.info/ || revelationAUR
  • Seahorse — GNOME application for managing encryption keys and passwords in the GNOME Keyring.
https://wiki.gnome.org/Apps/Seahorse || seahorse
  • Universal Password Manager — Allows you to store usernames, passwords, URLs and generic notes in an encrypted database protected by one master password.
http://upm.sourceforge.net/ || universal-password-managerAUR

Cryptography

Hash checkers

  • cfv — Tiny utility to both test and create checksum files, support .sfv, .csv, .crc, .md5, md5sum, sha1sum, .torrent, par, and .par2 files.
http://cfv.sourceforge.net/ || cfvAUR
  • GtkHash — A GTK utility for computing message digests or checksums
https://github.com/tristanheaven/gtkhash || gtkhashAUR
  • hashdeep — A cross-platform tools to compute hashes, or message digests, for any number of files
http://md5deep.sourceforge.net/ || hashdeep
  • Quick Hash GUI — A GUI to enable the rapid selection and subsequent hashing of files (individually or recursively throughout a folder structure) text and (on Linux) disks.
https://www.quickhash-gui.org/ || quickhash-gui-binAUR
  • RHash — Utility for verifying hash sums (SFV, CRC, etc). Supports lots of algorithms.
https://github.com/rhash/RHash/ || rhash
  • MassHash — A set of file hashing tools (both CLI and GTK GUI) written in Python. Supported algorithms include MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512.
https://jdleicher.github.io/MassHash/ || masshashAUR
  • Parchive — Utility which creates and uses PAR2 files to detect damage in data files and repair them if necessary.
https://github.com/Parchive/par2cmdline || par2cmdline


Encryption, signing, steganography

  • age — A simple, modern and secure encryption tool (and library) with small explicit keys, no config options, and UNIX-style composability.
https://age-encryption.org/v1 || Go: age age-gitAUR Rust: rust-rageAUR rust-rage-gitAUR
  • ccrypt — A command-line utility for encrypting and decrypting files and streams based on Rijndael.
http://ccrypt.sourceforge.net/ || ccryptAUR
  • Enigmail — A security extension to Mozilla Thunderbird and Seamonkey. It enables you to write and receive email messages signed and/or encrypted with the OpenPGP standard.
https://enigmail.net || thunderbird-extension-enigmail
  • GNOME Keysign — GTK/GNOME application to use GnuPG for signing other people's keys. Quickly, easily, and securely.
https://wiki.gnome.org/Apps/Keysign || gnome-keysignAUR
  • GnuPG — The GNU project's complete and free implementation of the OpenPGP standard as defined by RFC4880. Free and Open Source replacement of PGP, mostly used for digital signing of packages.
https://gnupg.org/ || gnupg
  • GPG-Crypter — Graphical front-end to GnuPG(GPG) using the GTK3 toolkit and GPGME library.
https://sourceforge.net/projects/gpg-crypter/ || gpg-crypter
  • Keybase — Key directory mapping social media identities, with cross platform encrypted chat, cloud storage, and git repositories.
https://keybase.io/ || keybase
  • KGpg — Simple interface for GnuPG, for KDE.
https://www.kde.org/applications/utilities/kgpg/ || kgpg
  • Kleopatra — Certificate Manager and Unified Crypto GUI for KDE. It supports managing X.509 and OpenPGP certificates in the GpgSM keybox and retrieving certificates from LDAP servers.
https://www.kde.org/applications/utilities/kleopatra/ || kleopatra
  • minisign — Simple program that only implements key signing
https://github.com/jedisct1/minisign || minisign
  • Seahorse — GNOME application for managing encryption keys and passwords in the GNOME Keyring.
https://wiki.gnome.org/Apps/Seahorse || seahorse
  • scrypt — Command-line encryption utility featuring the memory-hardened scrypt key derivation function.
https://www.tarsnap.com/scrypt.html || scrypt
  • steghide — A steganography utility that is able to hide data in various kinds of image and audio files.
http://steghide.sourceforge.net || steghideAUR


Data-at-rest encryption

See Data-at-rest encryption.

Privilege elevation

  • doas — A portable version of OpenBSD's doas command, known for being substantially smaller in size compared to sudo.
https://github.com/Duncaen/OpenDoas || opendoas
  • su — Command used to assume the identity of another user on the system.
https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/about/ || util-linux
  • sudo — Command to delegate the ability to run commands as root or another user while providing an audit trail.
https://www.sudo.ws/sudo/ || sudo