Sagan is multi-threaded, real-time system- and event-log monitoring software, but with a twist. Sagan uses a "Snort" like rule set for detecting nefarious events happening on your network and/or computer systems. If Sagan detects a "bad thing" happening, it can do a number of things with that information. Sagan can also correlate the events with your Intrusion Detection/Intrusion Prevention (IDS/IPS) system and basically acts like an SIEM (Security Information and Log Management) system.
6c4fe7128a01c6f309bd181563c54cdf0abf2f623db78e0207f9c69176b15858
netsniff-ng is is a free, performant Linux network sniffer for packet inspection. The gain of performance is reached by 'zero-copy' mechanisms, so that the kernel does not need to copy packets from kernelspace to userspace. For this purpose netsniff-ng is libpcap independent, but nevertheless supports the pcap file format for capturing, replaying and performing offline-analysis of pcap dumps. netsniff-ng can be used for protocol analysis, reverse engineering and network debugging.
64b06725a19d2103aeefa1b60d166657ed3008f8a94691a6ec883708348de227
Aanval is the industry's most comprehensive snort and syslog intrusion detection, correlation and management console. Aanval is designed specifically to scale from small single sensor installations to global enterprise deployments. Aanval is browser based and designed to work on all current variants of UNIX, Linux and Mac OS X.
29cb7e0c535a6404936891ae9b0a751ee670c68ad1e549eedae7aa5f981c682b
httpry is a specialized packet sniffer designed for displaying and logging HTTP traffic. It is not intended to perform analysis itself, but instead to capture, parse, and log the traffic for later analysis. It can be run in real-time displaying the live traffic on the wire, or as a daemon process that logs to an output file. It is written to be as lightweight and flexible as possible, so that it can be easily adaptable to different applications. It does not display the raw HTTP data transferred, but instead focuses on parsing and displaying the request/response line along with associated header fields.
00debb88f90f79d65dcbcc590c2a1172411f70f9134a9367f29c113594d7b9fa
This is a bash script to use in conjunction with Backtrack that simplifies the spawning of various sniffers.
f47f5904466161ca77c2e5dfe50b339c668137229b6b7c9220564c7df7b59982
This sniffer has an ncurses user interface, network statics for many different protocols, a view into active TCP connections, UDP packets, ICMP packets, and more.
20edb03065ae08c88c2ecc1b5358f2f44567966ddbd835acba99e4890c9e55dd
S.S.T (Save Typed Text) javascript proof of concept keylogging code.
3d93476f79d386daaf0081e819a0e2b9b68992bbd8af9ed271d5b909759e9021
PZIDS (Peta Zetas IDS) is a tool to test if your IDS is detecting threats properly. Written in Python.
782a38ad56fd8b478a46cd9fec2b164e0e758d8def1fc0aeb7f24a95cc747b14
Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Includes real time alerting, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages via smbclient.
04d375b627dd256d6257f2cbe5a770e4552e3f35d5e2100b97f75426b600d8cb
Ettercap is a network sniffer/interceptor/logger for ethernet LANs. It supports active and passive dissection of many protocols (even ciphered ones, like SSH and HTTPS). Data injection in an established connection and filtering on the fly is also possible, keeping the connection synchronized. Many sniffing modes were implemented to give you a powerful and complete sniffing suite. Plugins are supported. It has the ability to check whether you are in a switched LAN or not, and to use OS fingerprints (active or passive) to let you know the geometry of the LAN.
9b5abd2dad2b6df91658086ceed6962a6b985ac25de8fa38f0195d68639ba55b
0x4553-Intercepter is a WinPcap-based sniffer that offers various capabilities including sniffing for password hashes related to ICQ/IRC/AIM/FTP/IMAP/POP3/SMTP/LDAP/BNC/SOCKS/HTTP/WWW/NNTP/CVS/TELNET/MRA/DC++/VNC/MYSQL and ORACLE. It also sniffs ICQ/AIM/JABBER/YAHOO/MSN/GADU-GADU/IRC and MRA protocols. It has a built-in arp poisoning module, can change MAC addresses of LAN adapters, and has various other interesting functionality.
25362e9cea7e4f4cda7174fcbdb2dece439046aef654cee2fd1018136c073f8b
Sagan is multi-threaded, real-time system- and event-log monitoring software, but with a twist. Sagan uses a "Snort" like rule set for detecting nefarious events happening on your network and/or computer systems. If Sagan detects a "bad thing" happening, it can do a number of things with that information. Sagan can also correlate the events with your Intrusion Detection/Intrusion Prevention (IDS/IPS) system and basically acts like an SIEM (Security Information and Log Management) system.
cda2d1e4c0e93403469d21af672957302eabebade346a1f67036ae7427f3e399
httpry is a specialized packet sniffer designed for displaying and logging HTTP traffic. It is not intended to perform analysis itself, but instead to capture, parse, and log the traffic for later analysis. It can be run in real-time displaying the live traffic on the wire, or as a daemon process that logs to an output file. It is written to be as lightweight and flexible as possible, so that it can be easily adaptable to different applications. It does not display the raw HTTP data transferred, but instead focuses on parsing and displaying the request/response line along with associated header fields.
ecaf52a0c95324c42fe8cb8fa4e592d16dca934378c7f32de860e82dbf5be348
pytbull is an intrusion detection/prevention system (IDS/IPS) testing framework for Snort and Suricata. It can be used to test the detection and blocking capabilities of an IDS/IPS, to compare IDS/IPS, to compare configuration modifications and to check/validate configurations. The framework is shipped with about 300 tests grouped into 8 testing modules.
808d5c8b46bb60eb106cd9b9d64a63bab99beb4e19fd7e71d0675be43b6de705
pytbull is an intrusion detection/prevention system (IDS/IPS) testing framework for Snort and Suricata. It can be used to test the detection and blocking capabilities of an IDS/IPS, to compare IDS/IPS, to compare configuration modifications and to check/validate configurations. The framework is shipped with about 300 tests grouped into 8 testing modules.
659cd386ba8ed7dc51eb313de28efa7af5f82852165fb4bf64c70f42268894e8
pytbull is an intrusion detection/prevention system (IDS/IPS) testing framework for Snort and Suricata. It can be used to test the detection and blocking capabilities of an IDS/IPS, to compare IDS/IPS, to compare configuration modifications and to check/validate configurations.The framework is shipped with about 300 tests grouped into 8 testing modules.
20923dab52e58d5fe397efcf7bc08c14e87a3541bdc2c6687fe4477b9b0b1fd9
Snortalog is a powerful Perl script that summarizes Snort logs, making it easy to view any network attacks detected by Snort. It can generate charts in HTML, PDF, and text output. It works with all versions of Snort, and can analyze logs in three formats: syslog, fast, and full snort alerts. Moreover, it is able to summarize other logs like Fw-1 (NG and 4.1), Netfilter, and IPFilter in a similar way.
fac3e4e9a7358940293fb0676f4ff1496e7c05c74c2dfe05897988d1447c3676
This is the Sagan ruleset released 03/17/2011 to coincide with the 0.1.8 release.
708dc4808d89d346c0e53785b4d92f180cfc650c3e5b735abfddcbea11948233
Sagan is multi-threaded, real-time system- and event-log monitoring software, but with a twist. Sagan uses a "Snort" like rule set for detecting nefarious events happening on your network and/or computer systems. If Sagan detects a "bad thing" happening, it can do a number of things with that information. Sagan can also correlate the events with your Intrusion Detection/Intrusion Prevention (IDS/IPS) system and basically acts like an SIEM (Security Information and Log Management) system.
e5db2b48632f159cc60a9a8e844140ef425c17ccade7bc2eecbe444fd5897ae1
Aanval is the industry's most comprehensive snort and syslog intrusion detection, correlation and management console. Aanval is designed specifically to scale from small single sensor installations to global enterprise deployments. Aanval is browser based and designed to work on all current variants of UNIX, Linux and Mac OS X.
143d497e26929855e635af421e6c5826b7d0cec6adb0074f0e04125773d42945
netsniff-ng is is a free, performant Linux network sniffer for packet inspection. The gain of performance is reached by 'zero-copy' mechanisms, so that the kernel does not need to copy packets from kernelspace to userspace. For this purpose netsniff-ng is libpcap independent, but nevertheless supports the pcap file format for capturing, replaying and performing offline-analysis of pcap dumps. netsniff-ng can be used for protocol analysis, reverse engineering and network debugging.
a6f3a47af80ff99d21b5e58cb41cc5ad322fe8bbf2e977c65a8c7abb9a32f37a
HexInject is a hexadecimal and raw packet injector and sniffer. It can be easily combined with other tools to provide a powerful command line framework for raw network access. It will automatically set the correct checksum (IP, TCP, UDP, ICMP).
050852f89ea501c7bad768a694f8fd2d5f0c3de68da82647a1cb7aeb68e96e27
Aanval is the industry's most comprehensive snort and syslog intrusion detection, correlation and management console. Aanval is designed specifically to scale from small single sensor installations to global enterprise deployments. Aanval is browser based and designed to work on all current variants of UNIX, Linux and Mac OS X.
ba1c402f69c5c8d6f55d383e4eb278c234577600c311f0a0c2c0ec69a0d68c24
Aanval is the industry's most comprehensive snort and syslog intrusion detection, correlation and management console. Aanval is designed specifically to scale from small single sensor installations to global enterprise deployments. Aanval is browser based and designed to work on all current variants of UNIX, Linux and Mac OS X.
cf8ec1138ff5907bcfd8a9ff0872dc2f331ad612083825554ff792eda9eda325
netsniff-ng is a high performance linux network sniffer for packet inspection. Basically, it is similar to tcpdump, but it doesn't need syscalls for fetching packets. Instead, it uses an memory mapped area within kernelspace for accessing packets without the need of copying them to userspace ('zero-copy' mechanism). Therefore, netsniff-ng is libpcap independent. netsniff-ng can be used for protocol analysis and reverse engineering, network debugging, measurement of performance throughput or network statistics creation of incoming packets on central network nodes like routers or firewalls.
d31e8724e6e37c55352f57e32e959bb6bdd8a95aa3e3a9b63f1818e4b3a5fac9