Displaying 1 to 20 from 21 results

hashids

  •    PHP

Require this package, with Composer, in the root directory of your project. Note: Hashids requires either the BC Math or GMP extension in order to work.

fail2ban - Daemon to ban hosts that cause multiple authentication errors

  •    Python

Fail2Ban scans log files like /var/log/auth.log and bans IP addresses having too many failed login attempts. It does this by updating system firewall rules to reject new connections from those IP addresses, for a configurable amount of time. Fail2Ban comes out-of-the-box ready to read many standard log files, such as those for sshd and Apache, and is easy to configure to read any log file you choose, for any error you choose. Though Fail2Ban is able to reduce the rate of incorrect authentications attempts, it cannot eliminate the risk that weak authentication presents. Configure services to use only two factor or public/private authentication mechanisms if you really want to protect services.

optimus - 🤖 Id obfuscation based on Knuth's multiplicative hashing method for PHP.

  •    PHP

With this library, you can transform your internal id's to obfuscated integers based on Knuth's integer hash. It is similar to Hashids, but will generate integers instead of random strings. It is also super fast.

sigma - Generic Signature Format for SIEM Systems

  •    Python

Sigma is a generic and open signature format that allows you to describe relevant log events in a straight forward manner. The rule format is very flexible, easy to write and applicable to any type of log file. The main purpose of this project is to provide a structured form in which researchers or analysts can describe their once developed detection methods and make them shareable with others. Sigma is for log files what Snort is for network traffic and YARA is for files.




Wazuh - Host and endpoint security

  •    C

Wazuh helps you to gain deeper security visibility into your infrastructure by monitoring hosts at an operating system and application level. This solution, based on lightweight multi-platform agents, provides the capabilities like Log management and analysis, File integrity monitoring, Intrusion and anomaly detection, Policy and compliance monitoring.

Suricata IDS - Network threat detection engine

  •    C

The Suricata engine is capable of real time intrusion detection (IDS), inline intrusion prevention (IPS), network security monitoring (NSM) and offline pcap processing. Suricata inspects the network traffic using a powerful and extensive rules and signature language, and has powerful Lua scripting support for detection of complex threats.

Sguil - The Analyst Console for Network Security Monitoring

  •    Tcl

Sguil (pronounced sgweel) is built by network security analysts for network security analysts. Sguil's main component is an intuitive GUI that provides access to realtime events, session data, and raw packet captures. Sguil facilitates the practice of Network Security Monitoring and event driven analysis.

shortid - Super short, fully unique, non-sequential and URL friendly Ids

  •    Go

The package is heavily inspired by the node.js shortid library (see more detail below). The package guarantees the generation of unique Ids with no collisions for 34 years (1/1/2016-1/1/2050) using the same worker Id within a single (although can be concurrent) application provided application restarts take longer than 1 millisecond. The package supports up to 32 workers all providing unique sequences from each other.


suricata-verify-old - Suricata Verification Tests - Testing Suricata Output

  •    Python

These are tests that run Suricata with a specific configuration and/or inputs and verify the outputs. Create a directory that is the name of the new test.

evebox - Web Based Event Viewer (GUI) for Suricata EVE Events in Elastic Search

  •    Go

EveBox is a web based Suricata "eve" event viewer for Elastic Search. And one of...

py-idstools - idstools: Snort and Suricata Rule and Event Utilities in Python (Including a Rule Update Tool)

  •    Python

py-idstools is a collection of Python libraries for working with IDS systems (typically Snort and Suricata). See the idstools unified2 documentation for more information on read and parsing unified2 files.

suricata-verify - Suricata Verification Tests - Testing Suricata Output

  •    Python

These are tests that run Suricata with a specific configuration and/or inputs and verify the outputs. Create a directory that is the name of the new test.

grIDS - My network monitoring solution and tools that go along with it.

  •    Python

My network monitoring solution and tools that go along with it. This setup is designed to be contained in an all-in-one sort of system, but services can be separated into individual hosts if you have a higher load that requires more resources. The goal for this project is to help people combine multiple open-source tools to have a useful network monitoring solution. Within this project, I'll also include custom scripts that help make this system even more useful.

wazuh-ruleset - Wazuh - Ruleset

  •    Python

Wazuh ruleset is used to detect attacks, intrusions, software misuse, configuration problems, application errors, malware, rootkits, system anomalies or security policy violations. The ruleset includes compliance mapping with PCI DSS v3.1 and CIS.

harsh - Hashids implementation in Rust

  •    Rust

Note that ids are only padded to fit at least a certain length. It doesn't mean that your ids will be exactly that length. Useful if you want to encode Mongo's ObjectIds. Note that there is no limit on how large of a hex number you can pass (it does not have to be Mongo's ObjectId).

telecheck - Simple CLI Tool For Generating Available Telegram Usernames

  •    Python

Just fill an issue and describe it. I'll check it ASAP! or send an email to sepand@qpage.ir. Remember to write a few tests for your code before sending pull requests.

whids

  •    Go

Very flexible Host IDS designed for Windows. We are making use of a previously developped rule engine Gene designed to match Windows events according to custom rules. The rules are simple to write and easy to understand so that everyone can identify why a rule has triggered. With the democratisation of Sysmon, this tools is perfect to quickly build hunting rules or simply monitoring rules to screen things of interest happening on your machine(s). With WHIDS you don't have to bother with an over complicated Sysmon configuration which often turns to the nightmare when you want to be very specific.The simplest thing is just to enable all the logging capabilites of Sysmon and let WHIDS do his job, grab a coffee and wait for the juicy stuff to happen. The tool has a low overhead for the system, according to our current benchmarks.

nflog-zmq-pcap-pipe - Tool to collect nflog and pipe it to a pcap stream/file over network (0mq) for real-time (or close to) analysis

  •    Python

Set of scripts to allow selective dumping of packets with netfilter NFLOG module and sending of these over zeromq channel to remote host (producing pcap stream there) for analysis. Use-case is sending traffic to Snort IDS on a remote machine with some pre-filtering (with iptables, since it's generally faster, simplier and more flexible than BPF or userspace filters) to exclude encrypted and irrelevant traffic (like raw VPN/IPSec packets and p2p).

TNSR_IDS - IDS using a port mirror, Snort and an alert -> RESTCONF utility

  •    Go

This project was developed as a solution to those deployments where 'wire speed' was not possible because the IDS/IPS consumed too much CPU on the firewall. IPS vs firewall need not be a zero-sum game. As a software-defined device, TNSR operations are defined by YANG models and it is configured either from a CLI or NETCONF/RESTCONF APIs.