764 Open source projects that are alternatives of or similar to Zeek-Network-Security-Monitor

Network recon framework. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, collect and analyse network intelligence from your sensors, and much more!

Network recon framework, published by @cea-sec & @ANSSI-FR. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, collect and analyse network intelligence from your sensors, and much more!

NFStream: a Flexible Network Data Analysis Framework.

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.

Documentation for Zeek

Network Tools

A FREE comprehensive reverse engineering tutorial covering x86, x64, 32-bit ARM & 64-bit ARM architectures.

A website and framework for testing NIDS detection

A Python implementation of the Community ID flow hashing standard

An open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework (CSF)

A FREE comprehensive reverse engineering tutorial covering x86, x64, 32-bit ARM & 64-bit ARM architectures.

An open standard for hashing network flows into identifiers, a.k.a "Community IDs".

A platform built for easy-to-use automated network traffic analysis

Poseidon is a python-based application that leverages software defined networks (SDN) to acquire and then feed network traffic to a number of machine learning techniques. The machine learning algorithms classify and predict the type of device.

Scapy: the Python-based interactive packet manipulation program & library. Supports Python 2 & Python 3.

An inventory of tools and resources about CyberSecurity that aims to help people to find everything related to CyberSecurity.

Monitor the internet attack surface of various public cloud environments. Currently supports AWS, GCP, Azure, DigitalOcean and Oracle Cloud.

All In One Pentesting Tool For Recon & Auditing , Phone Number Lookup , Header , SSH Scan , SSL/TLS Scan & Much More.

A modern arpwatch replacement with JSON formatted outputs and easy options to exec commands when network changes are observed.

Jxnet is a Java library for capturing and sending custom network packet buffers with no copies. Jxnet wraps a native packet capture library (libpcap/winpcap/npcap) via JNI (Java Native Interface).

Network Analysis Tool

个人教学 Wiki

Convert pcap files into richly-typed ZNG summary logs (Zeek, Suricata, and more)

[DEPRECATED] Graylog NetFlow plugin

A simple yet powerful Java 11 TCP MITM proxy for Dofus 1.29.1

Who and what to follow in the world of cyber security

TryHackMe CTFs writeups, notes, drafts, scrabbles, files and solutions.

Merge multiple pcap files together, gracefully.

Cloud, CDN, and marketing services leveraged by cybercriminals and APT groups

Passive service locator, a python sniffer that identifies servers, clients, names and much more

CyberQueens lesson materials - learning resources and exercises for aspiring reverse engineers, exploit developers, and hackers 👩‍💻👨‍💻

D4 core software (server and sample sensor client)

Let's be scanned. A low-interaction honeypot focused on network scanners and bots. It integrates very well with IVRE to build a self-hosted alternative to GreyNoise.

The default package source of the Zeek Package Manager

pcapdj - dispatch pcap files

Open-source datasets for anyone interested in working with network anomaly based machine learning, data science and research

A Powerful Penetration Tool For Automating Penetration Tasks Such As Local Privilege Escalation, Enumeration, Exfiltration and More... Use Or Build Automation Modules To Speed Up Your Cyber Security Life

Bro IDS + ELK Stack to detect and block data exfiltration

The principal objectives and outputs of this project are the creation and dissemination of an extension to the VERIS schema incorporating ATT&CK mappings and associated usage documentation.

OpenSnitch is a GNU/Linux application firewall

A python module for working with ATT&CK

A tool to monitor local network traffic for possible security vulnerabilities. Warns user against possible nmap scans, Nikto scans, credentials sent in-the-clear, and shellshock attacks. Currently supports live monitoring and network capture (pcap) scanning.

Information Security Library

ATT&CK Evaluations website (DEPRECATED)

MITRE Shield website

🔑 Hash type identifier (CLI & lib)

Python Program to obfuscate URLs to make Phishing attacks more difficult to detect. Uses Active open redirect list and other URL obfuscation techniques.

Argus Advanced Remote & Local Keylogger For macOS and Windows

Cyber Incident Response Team Playbook Battle Cards

Project dedicated to fight Layer 7 DDoS with proof of work, featuring an additional WAF. Completed with full set of features and containerized for rapid and lightweight deployment.

A Passive DNS backend and collector

STIX data representing MITRE ATT&CK

ssldump - (de-facto repository gathering patches around the cyberspace)

Stop half-done API specifications! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by validating your API specifications.

BRO/Zeek IDS content pack contains pipeline rules, a stream, a dashboard displaying interesting activity, and a syslog tcp input to capture and index BRO/Zeek logs coming from a remote sensor.

BGP ranking is a free software to calculate the security ranking of Internet Service Provider (ASN)

Network traffic data pipeline for real-time predictions and building datasets for deep neural networks

YAFRA is a semi-automated framework for analyzing and representing reports about IT Security incidents.

Flow-Indexer indexes flows found in chunked log files from bro,nfdump,syslog, or pcap files

Cisco Press CCNA Cyber Ops Books and Video Courses supplemental information and additional study materials.