An Anonymous VPN-Adapter (P2P layer 3 VPN based on Tor or I2P) - OnionCat

OnionCat is a VPN-adapter which allows to connect two or more computers or networks through VPN-tunnels. It is designed to use the anonymization networks Tor or I2P as its transport, hence, it provides location-based anonymity while still creating tunnel end points with private unique IP addresses.

OnionCat uses IPv6 as native layer 3 network protocol. The clients connected by it appear as on a single logical IPv6 network as being connected by a virtual switch. OnionCat automatically calculates and assigns unique IPv6 addresses to the tunnel end points which are derived from the hidden service ID (onion ID) of the hidden service of the local Tor client, or the local I2P server destination, respectively. This technique provides authentication between the onion ID and the layer 3 address, hence, defeats IP spoofing within the OnionCat VPN.

If necessary, OnionCat can of course transport IPv4 as well. Although it has native IP support, the suggested way to do this is to configure an IPv4-in-IPv6 tunnel.

Download OnionCat

Read More

Most Secure Peer-to-Peer Encrypted Messenger that Sends No Metadata - Ricochet

There are several encrypted messaging apps for mobile and desktop platforms that shipped with "The Most Secure" tagline but ends up in de-anonymizing the real identity of its users in some or the other way.

In fact, very few encrypted messaging apps available today deal with the core problem of Metadata. 

The majority of apps offer end-to-end encryption that kept the content of your messages away from prying eyes, but your metadata will still be accessible to them, which is enough to know who you really are, and who you're talking to.

But, one messenger app stands out of the crowd by providing superb anonymity to its users, and it is dubbed as "Ricochet."

Ricochet is a peer-to-peer instant messaging system available for Windows, Mac, and Linux and you can trust it as the app has already cleared its first professional security audit carried out by cyber security company NCC Group.

What's so Promising about Ricochet?

Unlike other encrypted messaging clients, Ricochet makes use of TOR hidden services in an effort to maintain its users’ anonymity.

With the help of hidden services, a user's traffic never leaves The Onion Router (TOR) network, which makes it much harder for prying eyes or any attacker to see where the traffic is going or coming from.

Peer-to-Peer Connection: No Servers! No Operators!

Ricochet does not trust anyone in maintaining the privacy of its users; thus, the developers have implemented their app with no server or operator support that could be compromised exposing your personal details.

"The concept with Ricochet is: how can we do messaging without any server in the middle—without trusting anything to forward your messages to your contacts" John Brooks (Ricochet program's maintainer) stated.

"That turns out to be exactly one of the problems that hidden services can solve: to contact someone, without anybody in the middle knowing who you are or who you're contacting."

Here's How Ricochet Works

Ricochet supports cross-platform and is very easy to use even for non-technical users.

Your Username: A Unique .Onion Address

Every Ricochet client hosts a Tor hidden service, and once you sign up for Ricochet, that is actually your Ricochet ID: a unique .onion address.

Only the one with this .onion address can contact you and send messages, which means the contacts connect to you through Tor and not through any intermediate server, making it extremely harder for anyone to know your real identity from your address.

Ricochet Creates Huge Spike in Hidden Addresses

Security researcher Alan Woodward has noticed an unprecedented spike in the number of unique .onion hidden addresses on the Tor network in month of February.

The Statistics shared by the Tor project shows that the number of unique .onion sites has increased by more than 25,000 within 2-3 days.

Researcher believed that this sudden rise could be due to the popularity of Ricochet that creates unique .onion address for every registered user.

Your Messages: End-to-End Encrypted By Default

Besides this, Ricochet also encrypts the contents of your messages by default.

So, to start chatting with someone over Ricochet, you should first know his/her unique Ricochet ID that is being auto-generated at the time of the Ricochet Installation.

Moreover, once the connection is terminated by either the sender or the receiver, the remaining one would not be able to communicate or send messages to the other.

Ricochet Takes Your Security Seriously

The audit by NCC Group discovered a security flaw that could be exploited to deanonymize users, but the good news is that the issue has been resolved in the latest release, Ricochet 1.1.2.

The security vulnerability was independently discovered by a member of the Ricochet community.

Ricochet has been around since 2014 and is now far secured than any other existing encrypted messaging apps. But the app is still in the dogfooding stage, as Brooks referred to the "Be Careful" statement on the project's official website:

"Ricochet is an experiment. Security and anonymity are difficult topics, and you should carefully evaluate your risks and exposure with any software."

Download Ricochet

Read More

Anonymous Twitter - AnonTwi

AnonTwi is a free software python client designed to navigate anonymously on social networks. It supports Identi.ca and Twitter.com. It can leverages proxying, randomization of header values, send fake geolocation data, and more.





Anonymous Twitter

AnonTwi supports:

ºAES + HMAC-SHA1 encryption on Tweets and Direct Messages –> [More Info]
ºSecure Sockets Layer (SSL) to interact with API Anonymous Twitter: AnonTwi
ºProxy Socks (for example, to connect to the TOR network)
ºRandom HTTP header values
ºSend long messages splitted automatically
ºAutomatic decryption of tweet’s urls or raw inputs
ºBackup messages to your disk (max: 3200)
ºSend fake geolocation places
ºRemove data and close account (suicide)
ºView global Trending Topics
ºUTF-8 + Unicode support (chinese, arabic, symbols, etc)
ºMultiplatform: GNU/Linux, MacOS, Win32
ºDetailed colourful output results
ºGenerate tools and modules
ºGTK + WebGUI interfaces
ºAn IRC bot slave

Download AnonTwi

Read More

Best Hacking Tools 2016 - Windows, Mac OS X, And Linux

Metasploit

Rather than calling Metasploit a collection of exploit tools, I’ll call it an infrastructure that you can utilize to build your own custom tools. This free tool is one of the most popular cybersecurity tool around that allows you to locate vulnerabilities at different platforms. Metasploit is backed by more than 200,000 users and contributors that help you to get insights and uncover the weaknesses in your system.

This top hacking tool package of 2016 lets you simulate real-world attacks to tell you about the weak points and finds them. As a penetration tester, it pin points the vulnerabilities with Nexpose closed–loop integration using Top Remediation reports. Using the open source Metasploit framework, users can build their own tools and take the best out of this multi-purpose hacking tool.


Metasploit is available for all major platforms including Windows, Linux, and OS X.

Download MetaSploit 

Acunetix WVS

Acunetix is a web vulnerability scanner (WVS) that scans and finds out the flaws in a website that could prove fatal. This multi-threaded tool crawls a website and finds out malicious Cross-site Scripting, SQL injection, and other vulnerabilities. This fast and easy to use tool scans WordPress websites form more than 1200 vulnerabilities in WordPress.

Acunetix comes with a Login Sequence Recorder that allows one to access the password protected areas of websites. The new AcuSensor technology used in this tool allows you to reduce the false positive rate. Such features have made Acunetix WVS a preferred hacking tools that you need to check out in 2016.


Acunetix is available for Windows XP and higher.

 Obs, Search in google to get full version software (cracked)

Download Acunetix WVS

Nmap

Nmap – also known as Network Mapper – falls in the category of a port scanner tool. This free and open source tool is the most popular port scanning tool around that allows efficient network discovery and security auditing. Used for a wide range of services, Nmap uses raw IP packets to determine the hosts available on a network, their services along with details, operating systems used by hosts, the type of firewall used, and other information.

Last year, Nmap won multiple security products of the year awards and was featured in multiple movies including The Matrix Reloaded, Die Hard 4, and others.  Available in the command line, Nmap executable also comes in an advanced GUI avatar.


Nmap is available for all major platforms including Windows, Linux, and OS X.

Download Nmap

Wireshark

Wireshark is a well-known packet crafting tool that discovers vulnerability within a network and probes firewall rule-sets. Used by thousands of security professionals to analyze networks and live pocket capturing and deep scanning of hundreds of protocols. Wireshark helps you to read live data from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others.

This free and open source tool was originally named Ethereal. Wireshark also comes in a command-line version called TShark.


This GTK+-based network protocol analyzer runs with ease on Linux, Windows, and OS X.

Download WireShark

oclHashcat

If password cracking is something you do on daily basis, you might be aware of the free password cracking tool Hashcat. While Hashcat is a CPU-based password cracking tool, oclHashcat is its advanced version that uses the power of your GPU.

oclHashcat calls itself world’s fastest password cracking tool with world’s first and only GPGPU based engine. For using the tool, NVIDIA users require ForceWare 346.59 or later and AMD users require Catalyst 15.7 or later.

This tool employs following attack modes for cracking:

ºStraight
ºCombination
ºBrute-force
ºHybrid dictionary + mask
ºHybrid mask + dictionary

Mentioning another major feature, oclHashcat is an open source tool under MIT license that allows an easy integration or packaging of the common Linux distros.


This useful hacking tool can be downloaded in different versions  for Linux, OSX, and Windows.

Download oclHashcat

Nessus Vulnerability Scanner

This top free hacking tool of 2016 works with the help of a client-server framework. Developed by Tenable Network Security, the tool is one of the most popular vulnerability scanners we have. Nessus serves different purposes to different types of users – Nessus Home, Nessus Professional, Nessus Manager and Nessus Cloud.

Using Nessus, one can scan multiple types of vulnerabilities that include remote access flaw detection, misconfiguration alert, denial of services against TCP/IP stack, preparation of PCI DSS audits, malware detection, sensitive data searches etc. To launch a dictionary attack, Nessus can also call a popular tool Hydra externally.

Apart from the above mentioned basic functionalities, Nessus could be used to scan multiple networks on IPv4, IPv6 and hybrid networks. You can set scheduled scan to run at your chosen time and re-scan all or a subsection of previously scanned hosts using selective host re-scanning.


Nessus is supported by a variety of platforms including Windows 7 and 8, Mac OS X, and popular Linux distros like Debian, Ubuntu, Kali Linux etc.

Download Nessus Vulnerability Scanner

Maltego

Maltego is an open source forensics platform that offers rigorous mining and information gathering to paint a picture of cyber threats around you. Maltego excels in showing the complexity and severity of points of failure in your infrastructure and the surrounding environment.

Maltego is a great hacker tool that analyzes the real world links between people, companies, websites, domains, DNS names, IP addresses, documents and whatnot. Based on Java, this tool runs in an easy-to-use graphical interface with lost customization options while scanning.


Maltego hacking tool  is available for Windows, Mac, and Linux.

Download Maltego

Social-Engineer Toolkit

Also featured on Mr. Robot, TrustedSec’s Social-Engineer Toolkit is an advanced framework for simulating multiple types of social engineering attacks like credential harvestings, phishing attacks, and more. On the show, Elliot is seen using the SMS spoofing tool from the Social-Engineer Toolkit.

This Python-driven tool is the standard tool for social-engineering penetration tests with more than two million downloads. It automates the attacks and generates disguising emails, malicious web pages and more.

To download SET on Linux, type the following command:

git clone https://github.com/trustedsec/social-engineer-toolkit/ set/


Apart from Linux, Social-Engineer Toolkit is partially supported on Mac OS X and Windows.



Other top hacking tools in multiple categories:

Web Vulnerability Scanners – Burp Suite, Firebug, AppScan, OWASP Zed, Paros Proxy

Vulnerability Exploitation Tools – Netsparker, sqlmap, Core Impact, WebGoat, BeEF

Forensic Tools – Helix3 Pro, EnCase, Autopsy

Port Scanners – Unicornscan, NetScanTools, Angry IP Scanner

Traffic Monitoring Tools – Nagios, Ntop, Splunk, Ngrep, Argus

Debuggers – IDA Pro, WinDbg, Immunity Debugger, GDB

Rootkit Detectors – DumpSec, Tripwire, HijackThis

Encryption Tools – KeePass, OpenSSL, OpenSSH/PuTTY/SSH, Tor

Password Crackers – John the Ripper, Aircrack, Hydra, ophcrack


By Offensive Sec

Read More

Encrypted UDP based FTP - UFTP

Encrypted UDP based FTP with multicast

UPDATE: Version 4 of UFTP is now available! The protocol has been heavily altered to support a number of new features:

ºThe ability to send multiple files in a single session
ºAn SSL/TLS derived encryption layer to protect your data
ºMulticast tunneling
ºNAT traversal
ºAggregation of client responses, providing scalability
ºSupport for variable packet sizes, including jumbo frames
ºMore fine grained control of network timing/retransmission parameters

The code has also been completely restructured to be more readable and easier to update/support.

UFTP is an encrypted multicast file transfer program, designed to securely, reliably, and efficiently transfer files to multiple receivers simultaneously. This is useful for distributing large files to a large number of receivers, and is especially useful for data distribution over a satellite link (with two way communication), where the inherent delay makes any TCP based communication highly inefficient. The multicast encryption scheme is based on TLS with extensions to allow multiple receivers to share a common key. UFTP also has the capability to communicate over disjoint networks separated by one or more firewalls (NAT traversal) and without full end-to-end multicast capability (multicast tunneling) through the use of a UFTP proxy server. These proxies also provide scalability by aggregating responses from a group of receivers. UFTP has been used in the production process of The Wall Street Journal to send WSJ pages over satellite to their remote printing plants, and other users have used it to send to over 1000 receivers.


Encrypted UDP based FTP: UFTP Protocol Summary

A UFTP session consists of 3 main phases: The Announce/Register phase, the File Transfer phase, and the Completion/Confirmation phase. The File Transfer phase additionally consists of the File Info phase and the Data Transfer phase for each file sent.

The Announce/Register phase sets up the multicast file transfer session and negotiates all encryption parameters. The server sends out an announcement over a public multicast address which the clients are expected to be listening on. All subsequent messages from the server go over a private multicast address specified in the announcement. Allowed clients send a registration to respond to the announcement. The server will then send either a confirmation message if encryption is disabled, or the encryption keys for the session if encryption is enabled. If the client receives the encryption keys, it sends an acknowledgment back to the server.

Encrypted UDP based FTP UFTP DocumentationThe File Transfer phase starts with the File Info phase for the first file to send. The server sends a message describing the file in question. Besides the name and size of the file, this message describes how the file will be broken down. A file is divided into a number of blocks, and these blocks are grouped into sections. A block is a piece of the file that is sent in a single packet, and a section is a grouping of blocks. The total number of blocks and sections is included in this message.

Continuing the File Transfer phase is the Data Transfer phase for the first file. Data packets, each of which is a block, are sent by the server at a rate specified by the user. Because UDP does not guarantee that packets will arrive in order, each block is numbered so the client can properly reassemble the file. When the server has finished sending all data packets, it sends a message to the clients indicating this.

When a client detects the end of a section or receives an end of file message from the server, and the client has detected one or more missing blocks, the client will send back a message containing a list of NAKs (negative acknowledgments). When the server receives NAKs from one or more clients, it goes back and retransmits any blocks that were NAKed, then continues on sending any untransmitted blocks. When a client has received the entire file, it sends a completion message in response to the server’s end of file message. This continues until all clients have either send a completion message or have timed out after the server sent its end of file message.

The File Info phase and the Data Transfer phase are then repeated for each file to be sent during the session.


The Completion/Confirmation phase shuts down the session between the server and clients. It starts with a message from the server indication the end of the session. The clients then respond with a completion message, and the server responds to each completion with a confirmation message.

Download UFTP

Read More

SCRYPTmail

Goals have been set, and features have been delivered.

We are working very hard on SCRYPTmail. We know private email is not only possible but can also be beautiful and usable. We've delivered excellent features that have made SCRYPTmail a go-to service for end-to-end encrypted email.

By OffensiveSec

To Access SCRYPTmail

Read More

Vuvuzela - Private Messaging System That Hides Metadata

Vuvuzela is a messaging system that protects the privacy of message contents and message metadata. Users communicating through Vuvuzela do not reveal who they are talking to, even in the presence of powerful nation-state adversaries. Our SOSP 2015 paper explains the system, its threat model, performance, limitations, and more. Our SOSP 2015 slides give a more graphical overview of the system. 

Vuvuzela is the first system that provides strong metadata privacy while scaling to millions of users. Previous systems that hide metadata using Tor (such as Pond ) are prone to traffic analysis attacks. Systems that encrypt metadata using techniques like DC-nets and PIR don't scale beyond thousands of users.

Vuvuzela uses efficient cryptography ( NaCl ) to hide as much metadata as possible and adds noise to metadata that can't be encrypted efficiently. This approach provides less privacy than encrypting all of the metadata, but it enables Vuvuzela to support millions of users. Nonetheless, Vuvuzela adds enough noise to thwart adversaries like the NSA and guarantees differential privacy for users' metadata.

Screenshots

A conversation in the Vuvuzela client

In practice, the message latency would be around 20s to 40s, depending on security parameters and the number of users connected to the system.

Noise generated by the Vuvuzela servers

Vuvuzela is unable to encrypt two kinds of metadata: the number of idle users (connected users without a conversation partner) and the number of active users (users engaged in a conversation). Without noise, a sophisticated adversary could use this metadata to learn who is talking to who. However, the Vuvuzela servers generate noise that perturbs this metadata so that it is difficult to exploit.

Usage
Follow these steps to run the Vuvuzela system locally using the provided sample configs.

1. Install Vuvuzela (assuming GOPATH=~/go , requires Go 1.4 or later):
   

   $ go get github.com/davidlazar/vuvuzela/...
   

   The remaining steps assume PATH contains ~/go/bin and that the current working directory is ~/go/src/github.com/davidlazar/vuvuzela .
   
2. Start the last Vuvuzela server:
   

   $ vuvuzela-server -conf confs/local-last.conf
   

3. Start the middle server (in a new shell):
   

   $ vuvuzela-server -conf confs/local-middle.conf
   

4. Start the first server (in a new shell):
   

   $ vuvuzela-server -conf confs/local-first.conf
   

5. Start the entry server (in a new shell):
   

   $ vuvuzela-entry-server -wait 1s
   

6. Run the Vuvuzela client:
   

   $ vuvuzela-client -conf confs/alice.conf
   

The client supports these commands:

• /dial <user> to dial another user
• /talk <user> to start a conversation
• /talk <yourself> to end a conversation

Deployment considerations
This Vuvuzela implementation is not ready for wide-use deployment. In particular, we haven't yet implemented these crucial components:

• Public Key Infrastructure : Vuvuzela assumes the existence of a PKI in which users can privately learn each others public keys. This implementation uses pki.conf as a placeholder until we integrate a real PKI.
  
• CDN to distribute dialing dead drops :Vuvuzela's dialing protocol (used to initiate conversations) uses a lot of server bandwidth. To make dialing practical, Vuvuzela should use a CDN or BitTorrent to distribute the dialing dead drops.
  

There is a lot more interesting work to do. See the issue tracker for more information.

Download Vuvuzela

Read More

CenoCipher - Easy-To-Use, End-To-End Encrypted Communications Tool

CenoCipher is a free, open-source, easy-to-use tool for exchanging secure encrypted communications over the internet. It uses strong cryptography to convert messages and files into encrypted cipher-data, which can then be sent to the recipient via regular email or any other channel available, such as instant messaging or shared cloud storage.

Features at a glance

• Simple for anyone to use. Just type a message, click Encrypt, and go
• Handles messages and file attachments together easily
• End-to-end encryption, performed entirely on the user's machine
• No dependence on any specific intermediary channel. Works with any communication method available
• Uses three strong cryptographic algorithms in combination to triple-protect data
• Optional steganography feature for embedding encrypted data within a Jpeg image
• No installation needed - fully portable application can be run from anywhere
• Unencrypted data is never written to disk - unless requested by the user
• Multiple input/output modes for convenient operation

Technical details

• Open source, written in C++
• AES/Rijndael, Twofish and Serpent ciphers (256-bit keysize variants), cascaded together in CTR mode for triple-encryption of messages and files
• HMAC-SHA-256 for construction of message authentication code
• PBKDF2-HMAC-SHA256 for derivation of separate AES, Twofish and Serpent keys from user-chosen passphrase
• Cryptographically safe pseudo-random number generator ISAAC for production of Initialization Vectors (AES/Twofish/Serpent) and Salts (PBKDF2)

Version History (Change Log)

Version 4.0 (December 05, 2015)

• Drastically overhauled and streamlined interface
• Added multiple input/output modes for cipher-data
• Added user control over unencrypted disk writes
• Added auto-decrypt and open-with support
• Added more entropy to Salt/IV generation

Version 3.0 (June 29, 2015)

• Added Serpent algorithm for cascaded triple-encryption
• Added steganography option for concealing data within Jpeg
• Added conversation mode for convenience
• Improved header obfuscation for higher security
• Increased entropy in generation of separate salt/IVs used by ciphers
• Many other enhancements under the hood

Version 2.1 (December 6, 2014)

• Change cascaded encryption cipher modes from CBC to CTR for extra security
• Improve PBKDF2 rounds determination and conveyance format
• Fix minor bug related to Windows DPI font scaling
• Fix minor bug affecting received filenames when saved by user

Version 2.0 (November 26, 2014)

• Initial open-source release
• Many enhancements to encryption algorithms and hash functions

Version 1.0 (June 10, 2014)

• Original program release (closed source / beta)

Download CenoCipher

Read More

Tor Messenger - Chat over Tor, Easily

Tor Messenger is a cross-platform chat program that aims to be secure by default and sends all of its traffic over Tor. It supports a wide variety of transport networks, including Jabber (XMPP), IRC, Google Talk, Facebook Chat, Twitter, Yahoo, and others; enables Off-the-Record (OTR) Messaging automatically; and has an easy-to-use graphical user interface localized into multiple languages.

What it isn't...

Tor Messenger builds on the networks you are familiar with, so that you can continue communicating in a way your contacts are willing and able to do. This has traditionally been in a client-server model, meaning that your metadata (specifically the relationships between contacts) can be logged by the server. However, your route to the server will be hidden because you are communicating over Tor.

We are also excited about systems like Pond and Ricochet, which try to solve this problem, and would encourage you to look at their designs and use them too.

Why Instantbird?

We considered a number of messaging clients: Pidgin, Adam Langley's xmpp-client, and Instantbird. Instantbird was the pragmatic choice -- its transport protocols are written in a memory-safe language (JavaScript); it has a graphical user interface and already supports many natural languages; and it's a XUL application, which means we can leverage both the code (Tor Launcher) and in-house expertise that the Tor Project has developed working on Tor Browser with Firefox. It also has an active and vibrant software developer community that has been very responsive and understanding of our needs. The main feature it lacked was OTR support, which we have implemented and hope to upstream to the main Instantbird repository for the benefit of all Instantbird (and Thunderbird) users.

Instructions

• On Linux, extract the bundle(s) and then run: ./start-tor-messenger.desktop
• On OS X, copy the Tor Messenger application from the disk image to your local disk before running it.
On all platforms, Tor Messenger sets the profile folder for Firefox/Instantbird to the installation directory.
• Note that as a policy, unencrypted one-to-one conversations are not allowed and your messages will not be transmitted if the person you are talking with does not have an OTR-enabled client. You can disable this option in the preferences to allow unencrypted communication but doing so is not recommended.

Download Tor Messenger:
Linux (32-bit)
Linux (64-bit)
Windows
OS X (Mac)

Read More

Tails 1.7 - The Amnesic Incognito Live System

Tails is a live operating system, that you can start on almost any computer from a DVD, USB stick, or SD card. It aims at preserving your privacy and anonymity, and helps you to:

• use the Internet anonymously and circumvent censorship;
  all connections to the Internet are forced to go through the Tor network;
• leave no trace on the computer you are using unless you ask it explicitly;
• use state-of-the-art cryptographic tools to encrypt your files, emails and instant messaging.  

Tails, The Amnesic Incognito Live System, version 1.7, is out.
This release fixes numerous security issues. All users must upgrade as soon as possible.

New features

• You can now start Tails in offline mode to disable all networking for additional security. Doing so can be useful when working on sensitive documents.
  
• We added Icedove, a rebranded version of the Mozilla Thunderbird email client.
  Icedove is currently a technology preview. It is safe to use in the context of Tails but it will be better integrated in future versions until we remove Claws Mail. Users of Claws Mail should refer to our instructions to migrate their data from Claws Mail to Icedove.
  

Upgrades and changes

• Improve the wording of the first screen of Tails Installer.
  
• Restart Tor automatically if connecting to the Tor network takes too long. (#9516)
  
• Update several firmware packages which might improve hardware compatibility.
  
• Update the Tails signing key which is now valid until 2017.
  
• Update Tor Browser to 5.0.4.
  
• Update Tor to 0.2.7.4.
  

Fixed problems

• Prevent wget from leaking the IP address when using the FTP protocol. (#10364)
  
• Prevent symlink attack on ~/.xsession-errors via tails-debugging-info which could be used by the amnesia user to bypass read permissions on any file. (#10333)
  
• Force synchronization of data on the USB stick at the end of automatic upgrades. This might fix some reliability bugs in automatic upgrades.
  
• Make the "I2P is ready" notification more reliable.
  

Download Tails 1.7

Read More

Whonix v11 - Anonymous Operating System

Whonix is an operating system focused on anonymity, privacy and security. It’s based on the Tor anonymity network, Debian GNU/Linux and security by isolation. DNS leaks are impossible, and not even malware with root privileges can find out the user’s real IP.

Whonix consists of two parts: One solely runs Tor and acts as a gateway, which we call Whonix-Gateway. The other, which we call Whonix-Workstation, is on a completely isolated network. Only connections through Tor are possible.

Whonix for Qubes

https://www.whonix.org/wiki/Qubes

Whonix for KVM

https://www.whonix.org/wiki/KVM

Whonix for VirtualBox

https://www.whonix.org/wiki/VirtualBox

If you want to upgrade existing Whonix version using Whonix’s APT repository

Special instructions required:

https://www.whonix.org/wiki/Upgrading_Whonix_10_to_Whonix_11

Changelog between Whonix 10.0.0.5.5 and Whonix 11.0.0.2.3:

– fixed custom workstation build

– build script: refactoring, use errtrace rather than many traps – https://phabricator.whonix.org/T48

– build script: refactoring, use exit trap to reduce code duplication – https://phabricator.whonix.org/T269

– whonixcheck: warn if whonix-gateway / whonix-workstation package is not installed – https://phabricator.whonix.org/T264

– whonixcheck: warn if there is low entropy – https://phabricator.whonix.org/T202

– build, anon-apt-sources-list, anon-shared-build-apt-sources-tpo, whonix-repository: changed release codename from wheezy to jessie – https://phabricator.whonix.org/T270

– grub-enable-apparmor: Refactoring. Simplified for Debian jessie. Thanks to the new `/etc/default/grub.d` configuration folder, the `grub-enable-apparmor` has been greatly simplified. No longer need to config-package-dev divert `/etc/default/grub`.

– genmkfile: if debuild not available, recommend installation of the devscripts package

– build script: added fakeroot to whonix_build_script_build_dependency (required for verifiable builds)

– genmkfile: if debuild not available, recommend installation of the devscripts package

– genmkfile: fix, do not set automatically make_use_gain_root_command to true if fakeroot is not installed

– genmkfile: run dpkg-checkbuilddeps before lintian to show better hint if build dependencies are missing

– build script: build-steps.d/1200_create-debian-packages: commented out get_extra_packages, no longer need to download packages from testing

– build script: refactoring, created separate help step, help-steps/git_sanity_test

– whonixcheck: verbose output for check_tor_socks_port_reachability

– all packages: packaging, bumped Standards-Version from 3.9.4 to 3.9.6 for jessie support

– lintian warning copyright fix

– tb-updater: show “highest version number is not necessarily the best one” message also on first run if no Tor Browser is installed yet – https://phabricator.whonix.org/T283

– build script: No longer install acpi-support-base by default on jessie, because systemd now implements that functionality. – https://phabricator.whonix.org/T284

– whonixcheck: added link to Whonix Build Version documentation https://www.whonix.org/wiki/Whonixcheck#Whonix_Build_Version – https://phabricator.whonix.org/T276

– build script: Fix commit 287bdcf6ddee007ba579e3ee9a1997edc8188581 ‘”makefile: added –pedantic to default DEBUILD_LINTIAN_OPTS because we are going to fix the last remaining “missing upstream changelog” warning’ – added –pedantic help-steps/variables.

– all packages: added debian/source/lintian-overrides with debian-watch-may-check-gpg-signature to fix lintian warning – https://phabricator.whonix.org/T277

– whonix-setup-wizard, anon-gw-anonyminizer-config, whonixcheck, whonix-ws-start-menu-additions, whonix-host-firewall: added ‘Keywords=’ to ‘.desktop’ files to fix lintian warning ‘desktop-entry-lacks-keywords-entry’ – https://phabricator.whonix.org/T281

– anon-shared-helper scripts: replaced dependency ‘python-support (>= 0.90)’ with dh-python to fix lintian warning

– control-port-filter-python: packaging, use debhelper with python2 to fix lintian warning

– modify apt-get parameters during build to prevent need to remove apt-listchanges – https://phabricator.whonix.org/T282

– build-script: refactoring, moved variables DEBIAN_FRONTEND DEBIAN_PRIORITY DEBCONF_NOWARNINGS APT_LISTCHANGES_FRONTEND from help-steps/variables to buildconfig.d/30_apt_opts

– genmkfile: hint “Is the build dependency genmkfile installed?” if genmkfile is not installed

– genmkfile: hint ‘dpkg-parsechangelog not found. Do you have the “build-essential” package installed?’ if dpkg-parsechangelog is not available

– sdwdate: removed dependency on ruby1.9.1-dev to fix lintian warning ‘E: sdwdate: depends-on-obsolete-package depends: ruby1.9.1-dev’

– whonixcheck: show diagnostic message on whonixcheck Whonix News gpg verification failure by default

– build script: Fix building Whonix on Whonix, fix if `lsb_release –short –i` returns ‘Whonix’. Temp hack ‘export whonix_build_on_operating_system=”debian”‘ no longer required. Thanks to @nrgaway for the bug report and the analysis. – https://phabricator.whonix.org/T278

– tb-updater: tbbversion_installed parser fix

– anon-meta-packages: removed dependency on libupower-glib1 which is no longer available in Debian jessie (which has been replaced by upower, that already gets installed)

– anon-base-files, whonix-developer-meta-files: implemented WHONIX_BUILD_QUBES=true environment variable support – https://phabricator.whonix.org/T298

– anon-meta-packages: whonix-gateway and whonix-workstation package no longer depend on anon-shared-build-fix-grub because it has been made a weak dependency for better physical isolation and Qubes support

– code simplification, removed support for environment variable ANON_BUILD_INSTALL_TO_ROOT=true because anon-shared-build-fix-grub now gets only installed on required platforms

– implemented build parameter ‘–unsafe-io true’, that speeds up builds, that uses ‘-o Dpkg::Options::=–force-unsafe-io’, eatmydata and ignores ‘sync’. – Thanks to @nrgaway for the suggestion!  – https://phabricator.whonix.org/T295

– implemented $apt_misc_opts – https://phabricator.whonix.org/T295

– whonixcheck: new –verbose debug feature, showing output of systemd-detect-virt

– vbox-disable-timesync: more robust implementation that is compatible with systemd – https://phabricator.whonix.org/T106

– timesync: compatibility with systemd – https://phabricator.whonix.org/T106

– whonixcheck, msgdispatcher: ported to systemd – https://phabricator.whonix.org/T106

– qubes-whonix: skip rads on Qubes – https://phabricator.whonix.org/T306

– systemd unit files: workaround/fix, removed spaces from ‘WantedBy = ‘, likely bug in ‘deb-systemd-helper’ that prevents enabling the service by default – https://phabricator.whonix.org/T316

– created a hellodaemon package, useful for Debian systemd packaging debugging – not part of Whonix – https://github.com/adrelanos/hellodaemon

– whonixcheck: debian/control: fix, added to ‘Build-Depends:’ ‘ruby-ronn (>= 0.7.3)’

– disable torsocks warning spam – https://phabricator.whonix.org/T317

– whonix-libvirt: fixed CI builds

– whonix-libvirt: added driver name=’qemu’ – Thanks to HulaHoop! – https://github.com/Whonix/whonix-libvirt/pull/20 https://github.com/Whonix/whonix-libvirt/pull/19 https://github.com/Whonix/whonix-libvirt/pull/18

– anon-meta-packages: added obfs4proxy to anon-gateway-packages-recommended – https://phabricator.whonix.org/T323

– anon-meta-packages: added apt-transport-tor to anon-shared-packages-recommended – https://phabricator.whonix.org/T92

– whonix-gw-network-conf, whonix-ws-network-conf: Removed ‘pre-up /usr/bin/whonix_firewall’, because /etc/network/if-pre-up.d to load the firewall, because of a Debian upstream bug interface comes up even if a script in /etc/network/if-pre-up.d/ fails http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700811 was fixed. – https://phabricator.whonix.org/T68

whonix-gw-firewall, whonix-ws-firewall, whonix-host-firewall: Made package more standalone. Requiring ‘pre-up /usr/bin/whonix_firewall’ in /etc/network/interfaces is no longer necessary. Added etc/network/if-pre-up.d/30_whonix_firewall to load the firewall, because of a Debian upstream bug ‘interface comes up even if a script in /etc/network/if-pre-up.d/ fails’ http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700811 was fixed. – https://phabricator.whonix.org/T68

– whonixsetup, whonix-setup-wizard: fix ‘Tor fails after reload related to torrc DisableNetwork setting issue’ by only restarting Tor, no longer trying to reload Tor – https://phabricator.whonix.org/T320

– rads: Improved implementation. When there is enough RAM… On ‘enter’: instantly start login manager. On ‘ctrl + c’: instantly abort and do not start login manager. On ‘timeout’: start login manager. Thanks to ‘dh_systemd_start –no-start’ we can now use ‘StandardInput=tty’ and ‘read’ instead of ‘systemd-ask-password’. Now we could even implement an interactive menu at boot (that allows to configure wait time and/or disabling rads). – https://phabricator.whonix.org/T57

– whonixcheck: abolished random wait by default – https://phabricator.whonix.org/T299

– anon-ws-disable-stacked-tor: fixed ‘insserv: script tor.anondist-orig: service tor already provided!’ warning during upgrades – https://phabricator.whonix.org/T303

– anon-ws-disable-stacked-tor: systemd compatibility – https://phabricator.whonix.org/T303

– anon-base-files: no longer ‘set -o pipefail’ in /usr/lib/pre.bsh. config-package-dev doesn’t like ‘set -o pipefail’ – http://mailman.mit.edu/pipermail/config-package-dev/2015-May/000041.html – https://phabricator.whonix.org/T329

– upstream bug report: spaces in Tor’s systemd unit file causes issues – https://trac.torproject.org/projects/tor/ticket/16162

– upstream bug report: Tor dies on reload when swichting to ‘DisableNetwork 0’ when using ‘DnsPort 127.0.0.1:53’ – https://trac.torproject.org/projects/tor/ticket/16161

build script: fix, support ‘–verifiable false’ (was ‘–verifiable minimal’ while build documentation said ‘false’)

– uwt: multi user fix – https://www.whonix.org/forum/index.php/topic,1267

– Qubes: WiFi Realtek RTL8191SEvB Issue and Solution – https://groups.google.com/forum/#!topic/qubes-users/kMGTSwP72aU

– whonix-setup-wizard API proposal: https://www.whonix.org/wiki/Dev/whonixsetup

Download Whonix v11

Read More