Open Source Projects at Qualys

Open source software is important to Qualys. Like most organizations, we use open source software in our day-to-day operations and in our products. On a grander scale, we realize that many security problems are too big for one person or company to solve. It is only through industry and community collaboration that we will be able to solve some of the most difficult security challenges. Keeping with this mindset, Qualys has released a number of its projects under open source licenses. Additionally, through Qualys-sponsored initiatives and through self-motivated Qualys employees, we have made contributions to a number of third-party open source projects.

Our Open Source Projects
Projects We Contribute To

BlindElephant

Web Application fingerprinter that infers versions based on hashes of static files.
http://blindelephant.sourceforge.net/

Google Safebrowse API C# Client

C# library (DLL) that implements the Google Safebrowse API v2.
http://code.google.com/p/google-safebrowse-v2-client-csharp/

IronBee

Qualys sponsored web application firewall.
https://www.ironbee.com/

LibHTP

Security aware HTTP parser.
http://www.libhtp.org/

mod_sslhaf

Passive SSL fingerprinting module for Apache.
https://www.ssllabs.com/projects/client-fingerprinting/

QuIDScor

Tool for correlating IDS events with vulnerabilities detected by QualysGuard.
http://quidscor.sourceforge.net/

showhttptest

Slow HTTP DoS vulnerability test tool.
http://code.google.com/p/slowhttptest/

svdir

Ruby interface to the “service directory” style of robust daemon process supervision.
https://github.com/pilcrow/svdir/

asef

Android Security Evaluation Framework performs security analysis of Android apps.
https://code.google.com/p/asef/

Emulab

Network testbed software.
http://emulab.net/

fdsend

Flexible file and file descriptor passing for Python.
http://pilcrow.madison.wi.us/fdsend/

FnMatch

Simple filename and pathname matching for Perl.
http://search.cpan.org/~mjp/File-FnMatch-0.02/FnMatch.pm/

ModSecurity

WAF for Apache httpd server
http://www.modsecurity.org/

phpHtmlLib

Application development framework for developing OOP style web applications in PHP.
http://phphtmllib.newsblob.com/

POSIX::RT::Semaphore

Perl interface to POSIX 1b semaphores.
http://search.cpan.org/~mjp/POSIX-RT-Semaphore-0.05/Semaphore.pm

pynids

Python wrapper for libnids.
http://pilcrow.madison.wi.us/pynids/

Qlue

Minimal web application framework for Java, focused on ease of use and security.
http://sourceforge.net/projects/qlue/

rbdi-driver-rubyfb

RDBI driver for Firebird databases using the rubyfb bindings.
https://github.com/pilcrow/rdbi-driver-rubyfb/

Saint Jude / Saint Michael

Kernel-Level IDS mechanisms to protect the integrity of host systems.
http://sourceforge.net/projects/stjude/

snort_inline

Network based IDS/IPS.
http://snort-inline.sourceforge.net/oldhome.html

Socket::MsgHdr

sendmsg, recvmsg and ancillary data operations for Perl.
http://search.cpan.org/~mjp/Socket-MsgHdr-0.04/lib/Socket/MsgHdr.pm

Suricata

sendmsg, recvmsg and ancillary data operations for Perl.
http://www.openinfosecfoundation.org/

The Bastard

A disassembler for Linux that supports x86 ELF files assumed to be written in C.
http://sourceforge.net/projects/bastard/

vdpop3d

Secure, fast and reliable pop3 server.
http://sourceforge.net/projects/vdpop3d/

Research
Open Source Projects