317 Open source projects that are alternatives of or similar to Zeek

Documentation for Zeek

A Zeek Network Security Monitor tutorial that will cover the basics of creating a Zeek instance on your network in addition to all of the necessary hardware and setup and finally provide some examples of how you can use the power of Zeek to have absolute control over your network.

Arkime (formerly Moloch) is an open source, large scale, full packet capturing, indexing, and database system.

Network recon framework. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, collect and analyse network intelligence from your sensors, and much more!

Network recon framework, published by @cea-sec & @ANSSI-FR. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, collect and analyse network intelligence from your sensors, and much more!

NFStream: a Flexible Network Data Analysis Framework.

A tool to monitor local network traffic for possible security vulnerabilities. Warns user against possible nmap scans, Nikto scans, credentials sent in-the-clear, and shellshock attacks. Currently supports live monitoring and network capture (pcap) scanning.

Poseidon is a python-based application that leverages software defined networks (SDN) to acquire and then feed network traffic to a number of machine learning techniques. The machine learning algorithms classify and predict the type of device.

Malcom - Malware Communications Analyzer

Passive service locator, a python sniffer that identifies servers, clients, names and much more

Security Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management

Convert pcap files into richly-typed ZNG summary logs (Zeek, Suricata, and more)

Bro IDS + ELK Stack to detect and block data exfiltration

Useful resources for Zeek(https://zeek.org/) (Bro(http://bro.org/))

The default package source of the Zeek Package Manager

Suricata git repository maintained by the OISF

Zeek IDS Dockerfile

Flow-Indexer indexes flows found in chunked log files from bro,nfdump,syslog, or pcap files

Network Tools

BRO/Zeek IDS content pack contains pipeline rules, a stream, a dashboard displaying interesting activity, and a syslog tcp input to capture and index BRO/Zeek logs coming from a remote sensor.

Yara Based Detection Engine for web browsers

A lightweight, one line setup, iOS / OSX network debugging library! 🦊

Zeek network security monitor plugin that enables parsing of the Tabular Data Stream (TDS) protocol

A repo that contains recursive directory listings (using PowerShell) of a vanilla (clean) install of every Windows OS version to compare and see what's been added with each update.

👻 A LAN dropbox chatbot controllable via Telegram

tcpterm is a packet visualizer in TUI.

Yara rules written by me, for free use.

Script to facilitate different functions and checks

Defanged Indicator of Compromise (IOC) Extractor.

OCaml code for generating and analysing pcap (packet capture) files

macOS Artifact Parsing Tool

A Python implementation of the Community ID flow hashing standard

A web-based network management tool.

swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics. It automates swap extraction and searches for Linux user credentials, web forms credentials, web forms emails, http basic authentication, Wifi SSID and keys, etc.

Gander is a simple in-app HTTP inspector for Android OkHttp clients. Gander intercepts and persists all HTTP requests and responses inside your application, and provides a UI for inspecting their content.

Recon Hunt Queries

Visualize network topologies and collect graph statistics based on pcap files

Mapping NSM rules to MITRE ATT&CK

Graphpath generates an ASCII network diagram from the route table of a Unix/Linux

A tool for forensic file system reconstruction.

A modern arpwatch replacement with JSON formatted outputs and easy options to exec commands when network changes are observed.

A Suricata Docker image.

A library for creating and sending .pcap files for Wireshark and other programms.

基于MFC和WinPcap库开发的网络抓包和协议分析软件

A tool that provides a basic SQL-frontend to PCAP-files

An always-on framework that performs end-to-end functional network testing for reachability, latency, and packet loss

Pandora FMS is a flexible and highly scalable monitoring system ready for big environments. It uses agents (Linux, Windows, AIX, HP-UX, Solaris and BSD systems) and can do both local and remote network monitoring (SNMP v3, TCP checks, WMI, etc).

This repository contains all the config files and scripts used for our Open Source Endpoint monitoring project.

🤒 A modern alternative network traffic sniffer.

NMIS, a flexible Open Source Network Management System

DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.

Read and process pcap files using this nifty tool

A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

Packet communication investigator

OpenSnitch is a GNU/Linux application firewall

BitMeter OS - a cross-platform bandwidth monitor

Bash script to Check for malicious Cryptomining

Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service - https://circl.lu/services/hashlookup/

Documentation of TheHive