hashids

•    Javascript

A small JavaScript library to generate YouTube-like ids from numbers. Use it when you don't want to expose your database ids to the user.

hashids

•    PHP

Require this package, with Composer, in the root directory of your project. Note: Hashids requires either the BC Math or GMP extension in order to work.

fail2ban - Daemon to ban hosts that cause multiple authentication errors

•    Python

Fail2Ban scans log files like /var/log/auth.log and bans IP addresses having too many failed login attempts. It does this by updating system firewall rules to reject new connections from those IP addresses, for a configurable amount of time. Fail2Ban comes out-of-the-box ready to read many standard log files, such as those for sshd and Apache, and is easy to configure to read any log file you choose, for any error you choose. Though Fail2Ban is able to reduce the rate of incorrect authentications attempts, it cannot eliminate the risk that weak authentication presents. Configure services to use only two factor or public/private authentication mechanisms if you really want to protect services.

optimus - 🤖 Id obfuscation based on Knuth's multiplicative hashing method for PHP.

•    PHP

With this library, you can transform your internal id's to obfuscated integers based on Knuth's integer hash. It is similar to Hashids, but will generate integers instead of random strings. It is also super fast.

security-onion - Linux distro for intrusion detection, enterprise security monitoring, and log management

For more information about Security Onion, please see our main website, blog, and wiki. This repo contains the ISO image, Wiki, and Roadmap for Security Onion.

sigma - Generic Signature Format for SIEM Systems

•    Python

Sigma is a generic and open signature format that allows you to describe relevant log events in a straightforward manner. The rule format is very flexible, easy to write and applicable to any type of log file. The main purpose of this project is to provide a structured form in which researchers or analysts can describe their once developed detection methods and make them shareable with others. Sigma is for log files what Snort is for network traffic and YARA is for files.

Security Onion - Linux distro for intrusion detection, network security and log management

•    Scripts

Security Onion is a Linux distro for intrusion detection, network security monitoring, and log management. It’s based on Ubuntu and contains Snort, Suricata, Bro, OSSEC, Sguil, Squert, ELSA, Xplico, NetworkMiner, and many other security tools. Security Onion seamlessly weaves together three core functions: full packet capture, network-based and host-based intrusion detection systems, powerful analysis tools.

sigma - Generic Signature Format for SIEM Systems

•    Python

Sigma is a generic and open signature format that allows you to describe relevant log events in a straight forward manner. The rule format is very flexible, easy to write and applicable to any type of log file. The main purpose of this project is to provide a structured form in which researchers or analysts can describe their once developed detection methods and make them shareable with others. Sigma is for log files what Snort is for network traffic and YARA is for files.

Bro - Network Security Monitor

•    C++

Bro is a powerful network analysis framework that is much different from the typical intrusion detection system you may know. Bro provides a comprehensive platform for more general network traffic analysis as well.

Wazuh - Host and endpoint security

•    C

Wazuh helps you to gain deeper security visibility into your infrastructure by monitoring hosts at an operating system and application level. This solution, based on lightweight multi-platform agents, provides the capabilities like Log management and analysis, File integrity monitoring, Intrusion and anomaly detection, Policy and compliance monitoring.

Suricata IDS - Network threat detection engine

•    C

The Suricata engine is capable of real time intrusion detection (IDS), inline intrusion prevention (IPS), network security monitoring (NSM) and offline pcap processing. Suricata inspects the network traffic using a powerful and extensive rules and signature language, and has powerful Lua scripting support for detection of complex threats.

Sguil - The Analyst Console for Network Security Monitoring

•    Tcl

Sguil (pronounced sgweel) is built by network security analysts for network security analysts. Sguil's main component is an intuitive GUI that provides access to realtime events, session data, and raw packet captures. Sguil facilitates the practice of Network Security Monitoring and event driven analysis.

OpenWIPS-ng - Wireless Intrusion Prevention System

•    C

OpenWIPS-ng is an open source and modular Wireless IPS (Intrusion Prevention System). It is composed of three parts: Sensor(s): "Dumb" devices that capture wireless traffic and sends it to the server for analysis. Also responds to attacks. Server: Aggregates the data from all sensors, analyzes it and responds to attacks. It also logs and alerts in case of an attack. Interface: GUI manages the server and displays information about the threats on your wireless network(s).

shortid - Super short, fully unique, non-sequential and URL friendly Ids

•    Go

The package is heavily inspired by the node.js shortid library (see more detail below). The package guarantees the generation of unique Ids with no collisions for 34 years (1/1/2016-1/1/2050) using the same worker Id within a single (although can be concurrent) application provided application restarts take longer than 1 millisecond. The package supports up to 32 workers all providing unique sequences from each other.

id-generator - Generates random ids with a prefix (a la Stripe)

•    Javascript

Generates random ids with a prefix (a la Stripe)

spdx-license-list - List of SPDX licenses

•    Javascript

The lists of licenses are just JSON files and can be used wherever.The licenses are indexed by their identifier and contains a name property with the full name of the license, url with the URL to the license, and osiApproved boolean for whether the license is OSI Approved.

prickly-pete - A script using Docker to quickly bring up some honeypots exposing 16 services

•    Shell

A script using Docker to quickly bring up some honeypots exposing 16 services. For research, reconnaissance and fun. While originally built to run on a laptop during the DEF CON hacker conference to see how many pings and pokes we could attract, it's a useful tool for research, and reconnaissance to test networks for infestations. I've completely rewritten this (July 2017) to use Docker and Docker-Compose to containerize all the honeypot services, greatly speeding up deployment time while reducing system requirements. prickly-pete uses Docker and Docker-Compose to bring up the following honeypots, automatically, with no configuration or extra steps necessary.

sagan - Sagan uses a 'Snort like' engine and rules to analyze logs (syslog/event log/snmptrap/netflow/etc)

•    C

Sagan uses a 'Snort like' engine and rules to analyze logs (syslog/event log/snmptrap/netflow/etc)

suricata-verify-old - Suricata Verification Tests - Testing Suricata Output

•    Python

These are tests that run Suricata with a specific configuration and/or inputs and verify the outputs. Create a directory that is the name of the new test.

docker-suricata - A Suricata Docker image.

•    Shell

which will map the logs directory (in your current directory) to the Suricata log directory in the container so you can view the Suricata logs from outside the container. This will expose /var/log/suricata from the Suricata container as /var/log/suricata in the Logstash container.