Sagan is multi-threaded, real-time system- and event-log monitoring software, but with a twist. Sagan uses a "Snort" like rule set for detecting nefarious events happening on your network and/or computer systems. If Sagan detects a "bad thing" happening, it can do a number of things with that information. Sagan can also correlate the events with your Intrusion Detection/Intrusion Prevention (IDS/IPS) system and basically acts like an SIEM (Security Information and Log Management) system.
6c4fe7128a01c6f309bd181563c54cdf0abf2f623db78e0207f9c69176b15858netsniff-ng is is a free, performant Linux network sniffer for packet inspection. The gain of performance is reached by 'zero-copy' mechanisms, so that the kernel does not need to copy packets from kernelspace to userspace. For this purpose netsniff-ng is libpcap independent, but nevertheless supports the pcap file format for capturing, replaying and performing offline-analysis of pcap dumps. netsniff-ng can be used for protocol analysis, reverse engineering and network debugging.
64b06725a19d2103aeefa1b60d166657ed3008f8a94691a6ec883708348de227Aanval is the industry's most comprehensive snort and syslog intrusion detection, correlation and management console. Aanval is designed specifically to scale from small single sensor installations to global enterprise deployments. Aanval is browser based and designed to work on all current variants of UNIX, Linux and Mac OS X.
29cb7e0c535a6404936891ae9b0a751ee670c68ad1e549eedae7aa5f981c682bhttpry is a specialized packet sniffer designed for displaying and logging HTTP traffic. It is not intended to perform analysis itself, but instead to capture, parse, and log the traffic for later analysis. It can be run in real-time displaying the live traffic on the wire, or as a daemon process that logs to an output file. It is written to be as lightweight and flexible as possible, so that it can be easily adaptable to different applications. It does not display the raw HTTP data transferred, but instead focuses on parsing and displaying the request/response line along with associated header fields.
00debb88f90f79d65dcbcc590c2a1172411f70f9134a9367f29c113594d7b9faThis is a bash script to use in conjunction with Backtrack that simplifies the spawning of various sniffers.
f47f5904466161ca77c2e5dfe50b339c668137229b6b7c9220564c7df7b59982This sniffer has an ncurses user interface, network statics for many different protocols, a view into active TCP connections, UDP packets, ICMP packets, and more.
20edb03065ae08c88c2ecc1b5358f2f44567966ddbd835acba99e4890c9e55ddS.S.T (Save Typed Text) javascript proof of concept keylogging code.
3d93476f79d386daaf0081e819a0e2b9b68992bbd8af9ed271d5b909759e9021PZIDS (Peta Zetas IDS) is a tool to test if your IDS is detecting threats properly. Written in Python.
782a38ad56fd8b478a46cd9fec2b164e0e758d8def1fc0aeb7f24a95cc747b14Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Includes real time alerting, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages via smbclient.
04d375b627dd256d6257f2cbe5a770e4552e3f35d5e2100b97f75426b600d8cbEttercap is a network sniffer/interceptor/logger for ethernet LANs. It supports active and passive dissection of many protocols (even ciphered ones, like SSH and HTTPS). Data injection in an established connection and filtering on the fly is also possible, keeping the connection synchronized. Many sniffing modes were implemented to give you a powerful and complete sniffing suite. Plugins are supported. It has the ability to check whether you are in a switched LAN or not, and to use OS fingerprints (active or passive) to let you know the geometry of the LAN.
9b5abd2dad2b6df91658086ceed6962a6b985ac25de8fa38f0195d68639ba55b0x4553-Intercepter is a WinPcap-based sniffer that offers various capabilities including sniffing for password hashes related to ICQ/IRC/AIM/FTP/IMAP/POP3/SMTP/LDAP/BNC/SOCKS/HTTP/WWW/NNTP/CVS/TELNET/MRA/DC++/VNC/MYSQL and ORACLE. It also sniffs ICQ/AIM/JABBER/YAHOO/MSN/GADU-GADU/IRC and MRA protocols. It has a built-in arp poisoning module, can change MAC addresses of LAN adapters, and has various other interesting functionality.
25362e9cea7e4f4cda7174fcbdb2dece439046aef654cee2fd1018136c073f8bSagan is multi-threaded, real-time system- and event-log monitoring software, but with a twist. Sagan uses a "Snort" like rule set for detecting nefarious events happening on your network and/or computer systems. If Sagan detects a "bad thing" happening, it can do a number of things with that information. Sagan can also correlate the events with your Intrusion Detection/Intrusion Prevention (IDS/IPS) system and basically acts like an SIEM (Security Information and Log Management) system.
cda2d1e4c0e93403469d21af672957302eabebade346a1f67036ae7427f3e399httpry is a specialized packet sniffer designed for displaying and logging HTTP traffic. It is not intended to perform analysis itself, but instead to capture, parse, and log the traffic for later analysis. It can be run in real-time displaying the live traffic on the wire, or as a daemon process that logs to an output file. It is written to be as lightweight and flexible as possible, so that it can be easily adaptable to different applications. It does not display the raw HTTP data transferred, but instead focuses on parsing and displaying the request/response line along with associated header fields.
ecaf52a0c95324c42fe8cb8fa4e592d16dca934378c7f32de860e82dbf5be348pytbull is an intrusion detection/prevention system (IDS/IPS) testing framework for Snort and Suricata. It can be used to test the detection and blocking capabilities of an IDS/IPS, to compare IDS/IPS, to compare configuration modifications and to check/validate configurations. The framework is shipped with about 300 tests grouped into 8 testing modules.
808d5c8b46bb60eb106cd9b9d64a63bab99beb4e19fd7e71d0675be43b6de705pytbull is an intrusion detection/prevention system (IDS/IPS) testing framework for Snort and Suricata. It can be used to test the detection and blocking capabilities of an IDS/IPS, to compare IDS/IPS, to compare configuration modifications and to check/validate configurations. The framework is shipped with about 300 tests grouped into 8 testing modules.
659cd386ba8ed7dc51eb313de28efa7af5f82852165fb4bf64c70f42268894e8pytbull is an intrusion detection/prevention system (IDS/IPS) testing framework for Snort and Suricata. It can be used to test the detection and blocking capabilities of an IDS/IPS, to compare IDS/IPS, to compare configuration modifications and to check/validate configurations.The framework is shipped with about 300 tests grouped into 8 testing modules.
20923dab52e58d5fe397efcf7bc08c14e87a3541bdc2c6687fe4477b9b0b1fd9Snortalog is a powerful Perl script that summarizes Snort logs, making it easy to view any network attacks detected by Snort. It can generate charts in HTML, PDF, and text output. It works with all versions of Snort, and can analyze logs in three formats: syslog, fast, and full snort alerts. Moreover, it is able to summarize other logs like Fw-1 (NG and 4.1), Netfilter, and IPFilter in a similar way.
fac3e4e9a7358940293fb0676f4ff1496e7c05c74c2dfe05897988d1447c3676This is the Sagan ruleset released 03/17/2011 to coincide with the 0.1.8 release.
708dc4808d89d346c0e53785b4d92f180cfc650c3e5b735abfddcbea11948233Sagan is multi-threaded, real-time system- and event-log monitoring software, but with a twist. Sagan uses a "Snort" like rule set for detecting nefarious events happening on your network and/or computer systems. If Sagan detects a "bad thing" happening, it can do a number of things with that information. Sagan can also correlate the events with your Intrusion Detection/Intrusion Prevention (IDS/IPS) system and basically acts like an SIEM (Security Information and Log Management) system.
e5db2b48632f159cc60a9a8e844140ef425c17ccade7bc2eecbe444fd5897ae1Aanval is the industry's most comprehensive snort and syslog intrusion detection, correlation and management console. Aanval is designed specifically to scale from small single sensor installations to global enterprise deployments. Aanval is browser based and designed to work on all current variants of UNIX, Linux and Mac OS X.
143d497e26929855e635af421e6c5826b7d0cec6adb0074f0e04125773d42945netsniff-ng is is a free, performant Linux network sniffer for packet inspection. The gain of performance is reached by 'zero-copy' mechanisms, so that the kernel does not need to copy packets from kernelspace to userspace. For this purpose netsniff-ng is libpcap independent, but nevertheless supports the pcap file format for capturing, replaying and performing offline-analysis of pcap dumps. netsniff-ng can be used for protocol analysis, reverse engineering and network debugging.
a6f3a47af80ff99d21b5e58cb41cc5ad322fe8bbf2e977c65a8c7abb9a32f37aHexInject is a hexadecimal and raw packet injector and sniffer. It can be easily combined with other tools to provide a powerful command line framework for raw network access. It will automatically set the correct checksum (IP, TCP, UDP, ICMP).
050852f89ea501c7bad768a694f8fd2d5f0c3de68da82647a1cb7aeb68e96e27Aanval is the industry's most comprehensive snort and syslog intrusion detection, correlation and management console. Aanval is designed specifically to scale from small single sensor installations to global enterprise deployments. Aanval is browser based and designed to work on all current variants of UNIX, Linux and Mac OS X.
ba1c402f69c5c8d6f55d383e4eb278c234577600c311f0a0c2c0ec69a0d68c24Aanval is the industry's most comprehensive snort and syslog intrusion detection, correlation and management console. Aanval is designed specifically to scale from small single sensor installations to global enterprise deployments. Aanval is browser based and designed to work on all current variants of UNIX, Linux and Mac OS X.
cf8ec1138ff5907bcfd8a9ff0872dc2f331ad612083825554ff792eda9eda325netsniff-ng is a high performance linux network sniffer for packet inspection. Basically, it is similar to tcpdump, but it doesn't need syscalls for fetching packets. Instead, it uses an memory mapped area within kernelspace for accessing packets without the need of copying them to userspace ('zero-copy' mechanism). Therefore, netsniff-ng is libpcap independent. netsniff-ng can be used for protocol analysis and reverse engineering, network debugging, measurement of performance throughput or network statistics creation of incoming packets on central network nodes like routers or firewalls.
d31e8724e6e37c55352f57e32e959bb6bdd8a95aa3e3a9b63f1818e4b3a5fac9
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed