ZeekZeek is a powerful network analysis framework that is much different from the typical IDS you may know.
Stars: ✭ 4,180 (+10095.12%)
Zeek-Network-Security-MonitorA Zeek Network Security Monitor tutorial that will cover the basics of creating a Zeek instance on your network in addition to all of the necessary hardware and setup and finally provide some examples of how you can use the power of Zeek to have absolute control over your network.
Stars: ✭ 38 (-7.32%)
IvreNetwork recon framework, published by @cea-sec & @ANSSI-FR. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, collect and analyse network intelligence from your sensors, and much more!
Stars: ✭ 2,331 (+5585.37%)
ivreNetwork recon framework. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, collect and analyse network intelligence from your sensors, and much more!
Stars: ✭ 2,712 (+6514.63%)
ArkimeArkime (formerly Moloch) is an open source, large scale, full packet capturing, indexing, and database system.
Stars: ✭ 4,994 (+12080.49%)
NetworkAlarmA tool to monitor local network traffic for possible security vulnerabilities. Warns user against possible nmap scans, Nikto scans, credentials sent in-the-clear, and shellshock attacks. Currently supports live monitoring and network capture (pcap) scanning.
Stars: ✭ 17 (-58.54%)
flow-indexerFlow-Indexer indexes flows found in chunked log files from bro,nfdump,syslog, or pcap files
Stars: ✭ 43 (+4.88%)
awesome-broUseful resources for Zeek(https://zeek.org/) (Bro(http://bro.org/))
Stars: ✭ 31 (-24.39%)
SuricataSuricata git repository maintained by the OISF
Stars: ✭ 2,274 (+5446.34%)
PasserPassive service locator, a python sniffer that identifies servers, clients, names and much more
Stars: ✭ 144 (+251.22%)
Security OnionSecurity Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management
Stars: ✭ 2,956 (+7109.76%)
NfstreamNFStream: a Flexible Network Data Analysis Framework.
Stars: ✭ 622 (+1417.07%)
MegaDevBro IDS + ELK Stack to detect and block data exfiltration
Stars: ✭ 46 (+12.2%)
MalcomMalcom - Malware Communications Analyzer
Stars: ✭ 988 (+2309.76%)
brimcapConvert pcap files into richly-typed ZNG summary logs (Zeek, Suricata, and more)
Stars: ✭ 22 (-46.34%)
graylog-zeek-content-packBRO/Zeek IDS content pack contains pipeline rules, a stream, a dashboard displaying interesting activity, and a syslog tcp input to capture and index BRO/Zeek logs coming from a remote sensor.
Stars: ✭ 18 (-56.1%)
PoseidonPoseidon is a python-based application that leverages software defined networks (SDN) to acquire and then feed network traffic to a number of machine learning techniques. The machine learning algorithms classify and predict the type of device.
Stars: ✭ 310 (+656.1%)
PackagesThe default package source of the Zeek Package Manager
Stars: ✭ 94 (+129.27%)
Go IexA Go library for accessing the IEX Developer API.
Stars: ✭ 87 (+112.2%)
GenetGraphical network analyzer powered by web technologies
Stars: ✭ 195 (+375.61%)
NetbootPackages and utilities for network booting
Stars: ✭ 1,157 (+2721.95%)
HcxtoolsPortable (that doesn't include proprietary/commercial operating systems) solution for conversion of cap/pcap/pcapng (gz compressed) WiFi dump files to hashcat formats (recommended by hashcat) and to John the Ripper formats. hcx: h = hash, c = convert and calculate candidates, x = different hashtypes
Stars: ✭ 1,121 (+2634.15%)
PackratLive system forensic collector
Stars: ✭ 16 (-60.98%)
RtpdumpExtract audio file from RTP streams in pcap format
Stars: ✭ 54 (+31.71%)
DaggyDaggy - Data Aggregation Utility. Open source, free, cross-platform, server-less, useful utility for remote or local data aggregation and streaming
Stars: ✭ 91 (+121.95%)
CuisharkA protocol analyzer like a wireshark on CUI. cuishark is using libwireshark to analyze packets. https://cuishark.slankdev.net
Stars: ✭ 208 (+407.32%)
NetworkmlMachine learning plugins for network traffic
Stars: ✭ 73 (+78.05%)
pyarascannerA simple many-rules to many-files YARA scanner for incident response or malware zoos.
Stars: ✭ 23 (-43.9%)
PotironPotiron - Normalize, Index and Visualize Network Capture
Stars: ✭ 66 (+60.98%)
WinsharkA wireshark plugin to instrument ETW
Stars: ✭ 191 (+365.85%)
Pcapxray❄️ PcapXray - A Network Forensics Tool - To visualize a Packet Capture offline as a Network Diagram including device identification, highlight important communication and file extraction
Stars: ✭ 1,096 (+2573.17%)
TheHiveHooksThis is a python tool aiming to make using TheHive webhooks easier.
Stars: ✭ 22 (-46.34%)
SkydiveAn open source real-time network topology and protocols analyzer
Stars: ✭ 2,086 (+4987.8%)
Net2pcapNet2PCAP is a simple network-to-pcap capture file for Linux. Its goal is to be as simple as possible to be used in hostile environments
Stars: ✭ 36 (-12.2%)
HcxdumptoolSmall tool to capture packets from wlan devices.
Stars: ✭ 945 (+2204.88%)
JoincapMerge multiple pcap files together, gracefully.
Stars: ✭ 159 (+287.8%)
Crafter🔬 An R package to work with PCAPs
Stars: ✭ 27 (-34.15%)
PcapfsA FUSE module to mount captured network data
Stars: ✭ 17 (-58.54%)
HomerHOMER - 100% Open-Source SIP / VoIP Packet Capture & Monitoring
Stars: ✭ 855 (+1985.37%)
Node pcaplibpcap bindings for node
Stars: ✭ 849 (+1970.73%)
NetToolmacOS 状态栏小工具实时显示网速. macOS menubar tool to monitor network speed.
Stars: ✭ 74 (+80.49%)
d4-coreD4 core software (server and sample sensor client)
Stars: ✭ 40 (-2.44%)
EventTranscript.db-ResearchA repo for centralizing ongoing research on the new Windows 10/11 DFIR artifact, EventTranscript.db.
Stars: ✭ 33 (-19.51%)
UdpreplayReplay UDP packets from a pcap file
Stars: ✭ 135 (+229.27%)
TapirxFree and open-source medical device discovery and identification
Stars: ✭ 19 (-53.66%)
KameneNetwork packet and pcap file crafting/sniffing/manipulation/visualization security tool. Originally forked from scapy in 2015 and providing python3 compatibility since then.
Stars: ✭ 827 (+1917.07%)
Libpcapthe LIBpcap interface to various kernel packet capture mechanism
Stars: ✭ 1,785 (+4253.66%)
ScapyScapy: the Python-based interactive packet manipulation program & library. Supports Python 2 & Python 3.
Stars: ✭ 6,932 (+16807.32%)
TcpreplayPcap editing and replay tools for *NIX and Windows - Users please download source from
Stars: ✭ 745 (+1717.07%)
CCXDiggerThe CyberCX Digger project is designed to help Australian organisations determine if they have been impacted by certain high profile cyber security incidents. Digger provides threat hunting functionality packaged in a simple-to-use tool, allowing users to detect certain attacker activities; all for free.
Stars: ✭ 45 (+9.76%)
Tcpdumpthe TCPdump network dissector
Stars: ✭ 1,731 (+4121.95%)
LibtinsHigh-level, multiplatform C++ network packet sniffing and crafting library.
Stars: ✭ 1,609 (+3824.39%)
SniffglueSecure multithreaded packet sniffer
Stars: ✭ 651 (+1487.8%)
ipdecapDecapsulate traffic encapsulated within GRE, IPIP, 6in4, ESP (ipsec) protocols, can also remove IEEE 802.1Q (virtual lan) header. Works with pcap files.
Stars: ✭ 32 (-21.95%)
PcapvizVisualize network topologies and collect graph statistics based on pcap files
Stars: ✭ 247 (+502.44%)
Captagent100% Open-Source Packet Capture Agent for HEP
Stars: ✭ 116 (+182.93%)