We have collection of more than 1 Million open source products ranging from Enterprise product to small libraries in all platforms. We aggregate information from all open source repositories. Search and find the best for your needs. Check out projects section.
Bro - Network Security Monitor
- 111
Bro is a powerful network analysis framework that is much different from the typical intrusion detection system you may know. Bro provides a comprehensive platform for more general network traffic analysis as well.
Bro is a passive, open-source network traffic analyzer. It is primarily a security monitor that inspects all traffic on a link in depth for signs of suspicious activity. More generally, however, Bro supports a wide range of traffic analysis tasks even outside of the security domain, including performance measurements and helping with trouble-shooting.
Bro comes with built-in functionality for a range of analysis and detection tasks, including extracting files from HTTP sessions, detecting malware by interfacing to external registries, reporting vulnerable versions of software seen on the network, identifying popular web applications, detecting SSH brute-forcing, validating SSL certificate chains, and much more.
https://github.com/bro/bro
| Tags | intrusion-detection intrusion-prevention ids network-analyzer monitoring packet-capture |
| Implementation | C++ |
| License | BSD |
| Platform | Linux MacOS |
Related Projects
Snort - Network Intrusion Prevention and Detection System
Snort is an open source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire. Snort can perform protocol analysis and content searching/matching. It can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
intrusion-detection intrusion-prevention network attack port-scanner packet-captureSuricata IDS - Network threat detection engine
The Suricata engine is capable of real time intrusion detection (IDS), inline intrusion prevention (IPS), network security monitoring (NSM) and offline pcap processing. Suricata inspects the network traffic using a powerful and extensive rules and signature language, and has powerful Lua scripting support for detection of complex threats.
intrusion-detection network-security-monitoring security ids ips nsm network-monitoringOpenWIPS-ng - Wireless Intrusion Prevention System
OpenWIPS-ng is an open source and modular Wireless IPS (Intrusion Prevention System). It is composed of three parts: Sensor(s): "Dumb" devices that capture wireless traffic and sends it to the server for analysis. Also responds to attacks. Server: Aggregates the data from all sensors, analyzes it and responds to attacks. It also logs and alerts in case of an attack. Interface: GUI manages the server and displays information about the threats on your wireless network(s).
intrusion-detection network-security-monitoring security ids ips nsm network-monitoringbro-scripts - Various analysis scripts for the Bro Intrusion Detection System
Various analysis scripts for the Bro Intrusion Detection System
pig - A Linux packet crafting tool.
Pig (which can be understood as Packet intruder generator) is a Linux packet crafting tool. You can use Pig to test your IDS/IPS among other stuff.Pig brings a bunch of well-known attack signatures ready to be used and you can expand this collection with more specific things according to your requirements.
packet-crafting networking hacking-tool intrusion-prevention forensics network-analysis network-security-monitoring denial-of-service hacking network-protocols network-test arp-spoofingSguil - The Analyst Console for Network Security Monitoring
Sguil (pronounced sgweel) is built by network security analysts for network security analysts. Sguil's main component is an intuitive GUI that provides access to realtime events, session data, and raw packet captures. Sguil facilitates the practice of Network Security Monitoring and event driven analysis.
intrusion-detection network-security-monitoring security ids ips nsm network-monitoringSecurityFusion IPS/IDS
SecurityFusion is an open source network intrusion detection and prevention system based in Hogwash, capable of performing real-time traffic analysis and packet logging on IP networks.
ClearOS - Linux based Operating System
ClearOS is a powerful network and gateway server designed for small organizations and distributed environments. The open source revolution in the software industry has made it possible to provide ClearOS at no cost. Among other features, antivirus, antispam, VPN and content filtering are built right into the software -- no need for expensive third party add-ons. With ClearOS, you can avoid costly vendor lock-in and proprietary formats; instead, you can embrace open standards and protocols.
os operating-system linux-operating-system server-os linux-firewallbro-dblogger
Utility for logging data from the Bro Intrusion Detection System directly to PostgreSQL <- Deprecated! This project is only here for historical curiosity now.
pytbull
pytbull is an Intrusion Detection/Prevention System (IDS/IPS) Testing Framework for Snort, Suricata and any IDS/IPS that generates an alert file. It can be used to test the detection and blocking capabilities of an IDS/IPS and to validate config.
Intrusion Detection and Prevention System
Intrusion Detection and Prevention System based on abnormal entity method of detection.
Modular Intrusion Countermeasure Env.
M-ICE is a modular hostbased intrusion detection framework. It is used as middleware to close the gap between IDS research and IDS development. M-ICE consists of various parts that can be connected together by using network-or interprocess-communication
KIDS - Kernel Intrusion Detection System
The Kernel Intrusion Detection System-KIDS, is a Network IDS, where the main part, packets grab/string match, is running at kernelspace, with a hook of Netfilter Framework. The project is not ready for use, then incomplete pieces of code may be found.
Intrusion Detection Exchange Arch.
A Java-based client-server architecture for processing network intrusion detection data. The server receives XML alerts from Snort sensors buffers them for review by clients. The console provides a real-time view of IDS activity.
stenographer - Stenographer is a packet capture solution which aims to quickly spool all packets to disk, then provide simple, fast access to subsets of those packets
Stenographer is a full-packet-capture utility for buffering packets to disk for intrusion detection and incident response purposes. It provides a high-performance implementation of NIC-to-disk packet writing, handles deleting those files as disk fills up, and provides methods for reading back specific sets of packets quickly and easily.It’s fast because it doesn’t do this. Even with the very minimal, single-pass processing of packets we do, processing ~1Gbps for indexing alone can take >75% of a single core.
OSSEC - Host-based Intrusion Detection System
OSSEC is an Open Source Host-based Intrusion Detection System. It performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
security intrusion-detection-systemOPNsense - Your Next Open Source FireWALL
OPNsense is an open source, easy-to-use and easy-to-build FreeBSD based firewall and routing platform. The feature set of OPNsense includes high-end features such as forward caching proxy, traffic shaping, intrusion detection and easy OpenVPN client setup. It also supports Netflow Exporter, Network Flow Monitoring, DNS Server & DNS Forwarder, Stateful inspection firewall and lot more.
firewall router netflow-monitor intrusion-detectionTCPDump - Network Packet Analyzer
TCPDump, a powerful command-line packet analyzer; and libpcap, a portable C/C++ library for network traffic capture. It prints out a description of the contents of packets on a network interface that match the boolean expression. The Packet Capture library provides a high level interface to packet capture systems. All packets on the network, even those destined for other hosts, are accessible through this mechanism.
packet-capture network packet capture sniffer