317 Open source projects that are alternatives of or similar to zeek-docs

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.

A Zeek Network Security Monitor tutorial that will cover the basics of creating a Zeek instance on your network in addition to all of the necessary hardware and setup and finally provide some examples of how you can use the power of Zeek to have absolute control over your network.

Network recon framework, published by @cea-sec & @ANSSI-FR. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, collect and analyse network intelligence from your sensors, and much more!

Network recon framework. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, collect and analyse network intelligence from your sensors, and much more!

Arkime (formerly Moloch) is an open source, large scale, full packet capturing, indexing, and database system.

A tool to monitor local network traffic for possible security vulnerabilities. Warns user against possible nmap scans, Nikto scans, credentials sent in-the-clear, and shellshock attacks. Currently supports live monitoring and network capture (pcap) scanning.

Network Tools

Flow-Indexer indexes flows found in chunked log files from bro,nfdump,syslog, or pcap files

Useful resources for Zeek(https://zeek.org/) (Bro(http://bro.org/))

Suricata git repository maintained by the OISF

Passive service locator, a python sniffer that identifies servers, clients, names and much more

Zeek IDS Dockerfile

Security Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management

NFStream: a Flexible Network Data Analysis Framework.

Bro IDS + ELK Stack to detect and block data exfiltration

Malcom - Malware Communications Analyzer

Convert pcap files into richly-typed ZNG summary logs (Zeek, Suricata, and more)

BRO/Zeek IDS content pack contains pipeline rules, a stream, a dashboard displaying interesting activity, and a syslog tcp input to capture and index BRO/Zeek logs coming from a remote sensor.

Poseidon is a python-based application that leverages software defined networks (SDN) to acquire and then feed network traffic to a number of machine learning techniques. The machine learning algorithms classify and predict the type of device.

The default package source of the Zeek Package Manager

A Go library for accessing the IEX Developer API.

Graphical network analyzer powered by web technologies

Packages and utilities for network booting

Portable (that doesn't include proprietary/commercial operating systems) solution for conversion of cap/pcap/pcapng (gz compressed) WiFi dump files to hashcat formats (recommended by hashcat) and to John the Ripper formats. hcx: h = hash, c = convert and calculate candidates, x = different hashtypes

Live system forensic collector

Quantum Insert

Extract audio file from RTP streams in pcap format

Daggy - Data Aggregation Utility. Open source, free, cross-platform, server-less, useful utility for remote or local data aggregation and streaming

A protocol analyzer like a wireshark on CUI. cuishark is using libwireshark to analyze packets. https://cuishark.slankdev.net

Machine learning plugins for network traffic

A simple many-rules to many-files YARA scanner for incident response or malware zoos.

Potiron - Normalize, Index and Visualize Network Capture

A wireshark plugin to instrument ETW

❄️ PcapXray - A Network Forensics Tool - To visualize a Packet Capture offline as a Network Diagram including device identification, highlight important communication and file extraction

This is a python tool aiming to make using TheHive webhooks easier.

An open source real-time network topology and protocols analyzer

Net2PCAP is a simple network-to-pcap capture file for Linux. Its goal is to be as simple as possible to be used in hostile environments

Small tool to capture packets from wlan devices.

Merge multiple pcap files together, gracefully.

🔬 An R package to work with PCAPs

A FUSE module to mount captured network data

HOMER - 100% Open-Source SIP / VoIP Packet Capture & Monitoring

libpcap bindings for node

macOS 状态栏小工具实时显示网速. macOS menubar tool to monitor network speed.

D4 core software (server and sample sensor client)

A repo for centralizing ongoing research on the new Windows 10/11 DFIR artifact, EventTranscript.db.

Replay UDP packets from a pcap file

Free and open-source medical device discovery and identification

Network packet and pcap file crafting/sniffing/manipulation/visualization security tool. Originally forked from scapy in 2015 and providing python3 compatibility since then.

the LIBpcap interface to various kernel packet capture mechanism

Scapy: the Python-based interactive packet manipulation program & library. Supports Python 2 & Python 3.

Pcap editing and replay tools for *NIX and Windows - Users please download source from

The CyberCX Digger project is designed to help Australian organisations determine if they have been impacted by certain high profile cyber security incidents. Digger provides threat hunting functionality packaged in a simple-to-use tool, allowing users to detect certain attacker activities; all for free.

the TCPdump network dissector

Python编写的可视化的离线数据包分析器

High-level, multiplatform C++ network packet sniffing and crafting library.

Secure multithreaded packet sniffer

Decapsulate traffic encapsulated within GRE, IPIP, 6in4, ESP (ipsec) protocols, can also remove IEEE 802.1Q (virtual lan) header. Works with pcap files.

Visualize network topologies and collect graph statistics based on pcap files

100% Open-Source Packet Capture Agent for HEP