GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → malware-kitten → bro_scripts

malware-kitten / bro_scripts

Licence: other
A collection of bro_scripts and signatures

Programming Languages

Zeek
47 projects

Bro IDS Scripts

Simply put, this is just a collection of bro scripts.

bro_beacons.bro

This is a script that will keep track (in the conn.log) of IP-IP connections. The time interval between connections will be measured against shannons entropy. If the entropy is low enough (a value that is configurable in the script) an log will be written of the beacon-like activity.

bro_typosquatting.bro

This script is a simple measure using a distance algorithm against a list of sites that are provided. An alert will fire when users hit sites that are slightly off. This could indicate that either a misspelling or typosquatted domain was found.

bro_typosquatting_email.bro

This script also uses a distance algorithm to measure domains found in the header that belong to senders against domains that belong to the recipients. A whitelist can be set, as well as a list of legitimate sites that you would like to monitor.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].