AiEngine - Packet Inspection Engine

  •        0

AIEngine is a packet inspection engine with capabilities of learning without any human intervention. AIEngine helps network/security profesionals to identify traffic and develop signatures for use them on NIDS, Firewalls, Traffic classifiers and so on or use them on the engine automatically.

The main functionalities of AIEngine are:

  • Support for PCRE JIT for regex matching.
  • Support three types of NetworkStacks(lan,mobile and ipv6)
  • Support Sets and Bloom filters for IP searches.
  • Support Linux and FreeBSD operating systems.
  • Support for HTTP,DNS and SSL Domains matching.
  • Support for banned domains and hosts for HTTP, DNS and SSL
  • Frequency analisys for unknown traffic and auto-regex generation.
  • Easy integration with databases (MySQL, Redis, etc...)

https://bitbucket.org/camp0/aiengine

Tags
Implementation
License
Platform

   

comments powered by Disqus


Related Projects

TCPDump - Network Packet Analyzer


TCPDump, a powerful command-line packet analyzer; and libpcap, a portable C/C++ library for network traffic capture. It prints out a description of the contents of packets on a network interface that match the boolean expression. The Packet Capture library provides a high level interface to packet capture systems. All packets on the network, even those destined for other hosts, are accessible through this mechanism.

Snort - Network Intrusion Prevention and Detection System


Snort is an open source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire. Snort can perform protocol analysis and content searching/matching. It can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.

Orionsniffer - A TCP/IP packet sniffer detects images from network


Orion Sniffer (or simply, 'Orion') is capable of sniffing GIF, JPEG and PNG images from unencrypted network traffic and saving these images to disk on the fly. Its filter recognizes specific data (eg: A GIF image) received from a Source (eg: TCP/IP packet), and an Output Handler 'does something' with the data (eg: write it to a file).

ngrok - Introspected tunnels to localhost


ngrok is a reverse proxy that creates a secure tunnel between from a public endpoint to a locally running web service. ngrok captures and analyzes all traffic over the tunnel for later inspection and replay. You can give this URL to anyone to allow them to try out a web site you're developing without doing any deployment.

OpenVAS - Vulnerability Scanner and Manager


OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. It is designed to search for networked devices and computers, discover accessible ports and services, and to test for vulnerabilities on any such ports; plugins allow for further expansion.

OpenAM - Authentication, Authorization and SSO


OpenAM provides open source Authentication, Authorization, Entitlement and Federation software. OpenAM provides core identity services to simplify the implementation of transparent single sign-on (SSO) as a security component in a network infrastructure. OpenAM provides the foundation for integrating diverse web applications that might typically operate against a disparate set of identity repositories and are hosted on a variety of platforms such as web and application servers.

AnetTest


Integrated packet generator and sniffer for Ethernet, but also works with blocks of data over TCP connection. Enables you to use scripts for automated testing, monitoring, imitating of various network objects, creating custom network tools.

Firebug - Web Development Evolved.


Firebug integrates with Firefox to put a wealth of web development tools at your fingertips while you browse. You can edit, debug, and monitor CSS, HTML, and JavaScript live in any web page.

justniffer


justniffer is a TCP sniffer. It reassembles and reorders packets and displays the tcp flow in a customizable way. It can log network traffic in web server log format. It can also log network services performances (e.g. web server response times) and extract http content (images, html, scripts, etc)

The libpcap project


libpcap is a system-independent interface for user-level packet capture. libpcap provides a portable framework for low-level network monitoring. Applications include network statistics collection, security monitoring, network debugging, etc.