Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details

All Projects → hardenedlinux → hardenedlinux-zeek-scripts

hardenedlinux / hardenedlinux-zeek-scripts

Licence: MIT license

github.com/hardenedlinux/zeek-nix

Programming Languages

47 projects

1067 projects

23972 projects - #3 most used programming language

139335 projects - #7 most used programming language

Labels

network-monitoring zeek-ids nix-build

Projects that are alternatives of or similar to hardenedlinux-zeek-scripts

Zeek IDS Dockerfile

Stars: ✭ 82 (+134.29%)

Mutual labels: network-monitoring, zeek-ids

macOS 状态栏小工具实时显示网速. macOS menubar tool to monitor network speed.

Stars: ✭ 74 (+111.43%)

Mutual labels: network-monitoring

React Native Network Logger

An HTTP network request monitor for React Native with in-app interface for iOS and Android with no native code

Stars: ✭ 161 (+360%)

Mutual labels: network-monitoring

Bandwidth tracker for OpenWRT that uses wrtbwmon

Stars: ✭ 201 (+474.29%)

Mutual labels: network-monitoring

Suricata git repository maintained by the OISF

Stars: ✭ 2,274 (+6397.14%)

Mutual labels: network-monitoring

Sbtuitesttunnel

Enable network mocks and more in UI Tests

Stars: ✭ 215 (+514.29%)

Mutual labels: network-monitoring

Usable Privacy Box

Stars: ✭ 153 (+337.14%)

Mutual labels: network-monitoring

🧪 Run common networking tests against any site.

Stars: ✭ 919 (+2525.71%)

Mutual labels: network-monitoring

D4 core software (server and sample sensor client)

Stars: ✭ 40 (+14.29%)

Mutual labels: network-monitoring

Plug-and-play bash script for sniffing 802.11 probes requests 👃

Stars: ✭ 200 (+471.43%)

Mutual labels: network-monitoring

Network recon framework, published by @cea-sec & @ANSSI-FR. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, collect and analyse network intelligence from your sensors, and much more!

Stars: ✭ 2,331 (+6560%)

Mutual labels: network-monitoring

Capturing, analysing and responding to cyber attacks

Stars: ✭ 162 (+362.86%)

Mutual labels: network-monitoring

Reactivenetwork

Android library listening network connection state and Internet connectivity with RxJava Observables

Stars: ✭ 2,484 (+6997.14%)

Mutual labels: network-monitoring

基于NSURLProtocol一句话实现iOS应用底层所有网络请求拦截(含网页ajax请求拦截【不支持WKWebView】)、一句话实现防抓包(使Thor，Charles，Burp等代理抓包方式全部失效，且即使开启了代理，也不影响App内部的正常请求)。包含http-dns解决方法，有效防止DNS劫持。用于分析http，https请求等

Stars: ✭ 160 (+357.14%)

Mutual labels: network-monitoring

Application: Collect ALL UniFi Controller, Site, Device & Client Data - Export to InfluxDB or Prometheus

Stars: ✭ 1,613 (+4508.57%)

Mutual labels: network-monitoring

A simple ping library using ICMP echo requests.

Stars: ✭ 158 (+351.43%)

Mutual labels: network-monitoring

Marmot workflow execution engine

Stars: ✭ 174 (+397.14%)

Mutual labels: network-monitoring

Oknetworkmonitor

A network monitor for OkHttp.

Stars: ✭ 204 (+482.86%)

Mutual labels: network-monitoring

iOS pod about a curious fish named Guppy

Stars: ✭ 42 (+20%)

Mutual labels: network-monitoring

Documentation for Zeek

Stars: ✭ 41 (+17.14%)

Mutual labels: network-monitoring

View All Similar Projects ➔

1 Buding Zeek with Nix package manager

1.1 Install Nix

curl -L https://nixos.org/nix/install | daemon
# reload shell env
exec bash

1.2 Building Zeek’s binary by Nix

git clone https://github.com/hardenedlinux/zeek2nix
nix-build
# without clone
nix run github:hardenedlinux/zeek-nix#zeekTLS

deploy zeek with zeekctl
enable Nix’s flakes feature( for commands such as nix build and nix develop, nix run etc. )

echo "experimental-features = nix-command flakes" | sudo tee -a /etc/nix/nix.conf

sh pre-run-zeekctl.sh
sudo ./result/bin/zeek deploy
# check status
./result/bin/zeek status

2 Deploy Zeek kafka topics with NixOS => Disnix

or Do a kafka topics test.

sudo zeek -i <enth> <hardnedlinux-zeek-script>/scirpts/local.zeek

Kafka’s Zeek config files for Logstash zeek-logstash

3 CHANGES

taking test with zeek -i ens

sudo zeek -i enp1s0 -C ~/project/hardenedlinux-zeek-script/scripts/local.zeek

Quickly start with zkg

    sudo pip install bro-pkg
    ##zeek installation is owned by "root" user that was stored in /root/.bro-pkg
    sudo zkg autoconfig
    sudo zkg config script_dir
    sudo zkg config plugin_dir
    sudo zkg install https://github.com/hardenedlinux/hardenedlinux-zeek-script

echo '@load packages' | sudo tee --append /usr/local/zeek/share/zeek/site/local.zeek

#or @load packages/hardenedlinux-zeek-script
sudo zeekctl deploy

TEST Environment

zeek -v
zeek version 3.0.0-rc1

zeekctl status
Name         Type    Host             Status    Pid    Started
manager      manager 10.220.170.123   running   9214   12 Aug 02:49:28
proxy-1      proxy   10.220.170.123   running   9264   12 Aug 02:49:29
worker-1     worker  10.220.170.121   running   1784   12 Aug 02:49:31

3.1 VirusTotal-Check

[X] [public] scripts/files/known_hash.zeek
- [X] [VT_API] scripts/files/vt_check.zeek

[X] [POSTGRESQL] scripts/files/virustotal.zeek

psql -h localhost -p 5432 -U myuser -d testdb  -c 'SELECT * FROM known_hash;' 

 id |        ts        |    host     |                   hash                   |   known_file_types    
----+------------------+-------------+------------------------------------------+-----------------------
  1 | 1570941985.53655 | 10.1.10.162 | 2dde1a34ac02478052b691bd18c89c7a13edc5f4 | application/x-dosexec
  2 | 1570941985.53655 | 10.1.10.162 | 60ff5bfec4df9f809817423b23536601         | application/x-dosexec
  3 | 1570941988.84281 | 10.1.10.162 | d25af249e01191f08f359b302db42414e0a4587e | application/x-dosexec
  4 | 1570941988.84281 | 10.1.10.162 | 9cf60bd41e6f235e12e3c761f5d2ef11         | application/x-dosexec
(4 rows)

 psql -h localhost -p 5432 -U myuser -d testdb  -c 'SELECT permalink FROM virtustotal;' 

                                                       permalink                                                       
----------------------------------------------------------------------------------------------------------------
 https://www.virustotal.com/file/fc7eafb97431c3f45a0ced2c38e869f768234897874317ffb0755eb920316294/analysis/1565393170/
 https://www.virustotal.com/file/8021b619c48d9017a2c3b0beddb1b48d067be75551a44a9d8b79c1daff78ede0/analysis/1560568105/
(2 rows)

[X] [TEST_LOG] scripts/files/log

Please see Install POSTGRESQL-analyzers:

Debian-GNU-Linux-Profiles/analyzer.sh at master · hardenedlinux/Debian-GNU-Linux-Profiles

3.2 Known/hosts/domains

[X] scripts/protocols/dns/known-domains.zeek :Cluster::worker <2019-08-10 Sat 02:36>
- Test_log: scripts/protocols/dns/log/known_domain.log

[X] scripts/protocols/dns/manager-domains.zeek :Cluster::manager
- scripts/protocols/dns/log/manager_known_domain.log

add TEST ignore_dns list

[X] scripts/protocols/conn/known-hosts-with-dns.zeek
- zeek-known-hosts-with-dns/scripts at master · dopheide-esnet/zeek-known-hosts-with-dns

@unload protocols/conn/known-hosts

setting/local_net_field.zeek [Host_tracking = LOCAL_HOSTS/ALL_HOSTS]

3.3 VXLAN

[ ] [TODO] VLAN_INFO
- Add area and adapted to known-hosts[LOCAL_HOSTS]

3.4 Notice

3.4.1 Setting

IGNORE - Ignores the notice and won’t even log it.

SSL::Invalid_Server_Cert

3.5 Count & TOPK

[X] [15mins] TOP dns

[ ] [] TOP Unknow HTTP request

[ ] [] TOP metrics :top_size count 20 :talker_bin_size = 10000;
- [ ] [10sec] TOP urls

[ ] [10sec] [] TOP talks

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Stars: ✭ 35

Visit Git Page 🔗Visit User Page 🔗Visit Issues Page (0) 🔗