1. IvreNetwork recon framework, published by @cea-sec & @ANSSI-FR. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, collect and analyse network intelligence from your sensors, and much more!
2. ZeekZeek is a powerful network analysis framework that is much different from the typical IDS you may know.
3. zeek-plugin-tdsZeek network security monitor plugin that enables parsing of the Tabular Data Stream (TDS) protocol
4. Zeek-Network-Security-MonitorA Zeek Network Security Monitor tutorial that will cover the basics of creating a Zeek instance on your network in addition to all of the necessary hardware and setup and finally provide some examples of how you can use the power of Zeek to have absolute control over your network.
10. MalcolmMalcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files) and Zeek logs.
15. brospectsExperimental Bro scripts with good prospects for the official bro-scripts repository.
23. anomalous-dnsA set of zeek scripts providing a module for tracking and correlating abnormal DNS behavior.
26. monopticonMonitor ethernet traffic in real time with a 3D backend.
31. BotFlexBotFlex is an open source tool or bot detection and analysis
33. ivreNetwork recon framework. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, collect and analyse network intelligence from your sensors, and much more!
40. MegaDevBro IDS + ELK Stack to detect and block data exfiltration
45. bro.vimbro.vim - A simple plugin for working with the bro scripting languages.
46. CnC-detectionDetecting PowerShell Empire, Metasploit Meterpreter and Cobalt Strike agents by payload size sequence analysis and host correlation