Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.
5515ba01277773a2f9c97599d4d28d0898d8b1d7afd5c8942cab087306c28703
This is the Mariposa Botnet C+C decryption plugin for wireshark.
02744e4d60616adfc90d84a092087327326970be4d7a91ce0993dd6a4d1564a3
Replicator is a NKE for Mac OS X that enables you to remotely sniff/snoop on outbound TCP/IP traffic.
b888a867b5951df6ebd7f99ce33fce042cb4fa3d574df32fc69c9c0c27c466b5
This script provides an all-in-one easy installation of Snort in a box in bridge mode with a complex configuration.
527e35e81c79071a3170ba4bc5d9b499b0471717e931e65c8d776e9950ba2744
httpry is a specialized packet sniffer designed for displaying and logging HTTP traffic. It is not intended to perform analysis itself, but instead to capture, parse, and log the traffic for later analysis. It can be run in real-time displaying the live traffic on the wire, or as a daemon process that logs to an output file. It is written to be as lightweight and flexible as possible, so that it can be easily adaptable to different applications. It does not display the raw HTTP data transferred, but instead focuses on parsing and displaying the request/response line along with associated header fields.
5b4a5f8170231cfbe341ad6720cadccf1c7a09b8d15c1868d3d9f803729b2560
Keykeriki is the first open source 27Mhz wireless keyboard sniffer. Inside this compressed archive a hardware tarball, a software tarball, and slides from ph-neutral are all included.
319af6cb8d1985fb674844d327cf8fe8d162d4fc2960772ec7deb595f942b633
ratproxy is a semi-automated, largely passive Web application security audit tool optimized for accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex Web 2.0 environments.
2142d5643305713d9be7fcc82a244048076190851e697b645c49b549a7ae0725
ratproxy is a semi-automated, largely passive Web application security audit tool optimized for accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex Web 2.0 environments.
51824925542ec9c1f2120b1b5cc8c0bfcf73bceeb9fb57026dc1ad012aa1f8c5
ratproxy is a semi-automated, largely passive Web application security audit tool optimized for accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex Web 2.0 environments.
2db436645d5c4fd4aa3e24d589a455b9080aa44753040e6cd39990256867c094
Aanval is the industry's most comprehensive snort and syslog intrusion detection, correlation and management console. Aanval is designed specifically to scale from small single sensor installations to global enterprise deployments. Aanval is browser based and designed to work on all current variants of UNIX, Linux and Mac OS X.
7529ddd8b8b8f4e4b5479dc8b9eb5760f8587674e55143525914854bc468b580
ratproxy is a semi-automated, largely passive Web application security audit tool optimized for accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex Web 2.0 environments.
64074f2927e1d1f4a9dbc4878cdcbb6c98940d01e2588f6f9bdc85fac7498fda
httpry is a specialized packet sniffer designed for displaying and logging HTTP traffic. It is not intended to perform analysis itself, but instead to capture, parse, and log the traffic for later analysis. It can be run in real-time displaying the live traffic on the wire, or as a daemon process that logs to an output file. It is written to be as lightweight and flexible as possible, so that it can be easily adaptable to different applications. It does not display the raw HTTP data transferred, but instead focuses on parsing and displaying the request/response line along with associated header fields.
68a75cc1bf60cd7a1e065cba4b5d538b7ec8a7dd32b4eaa3c6cd27d8d038391d
ratproxy is a semi-automated, largely passive Web application security audit tool optimized for accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex Web 2.0 environments.
e9907b0e2fc105dec78c5bc9fc35d7d54625ed3896eb3d1ee7ece536646a03bb
ratproxy is a semi-automated, largely passive Web application security audit tool optimized for accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex Web 2.0 environments.
07abd5e607305563bfb83338f034a1191ce24b39d95a1e7104a23f65ac331c5b
dietsniff is a tiny tool for analyzing traffic on a network. It is not intended to replace well-known tools like tcpdump or ethereal. It is intended for the case when a small and especially static sniffer is required. Accordingly, it is also by far not that powerful, and is also bound to Linux as a platform.
3e7c2c47da2d48008a1433d1f22cc5872cb178b7fdbad557b0f5e47ec2732eb3
JASniff is a small handy graphical Windows TCP/UDP/ICMP packet sniffer. This tool will be embedded in the MSF-XB exploits development platform soon.Full source and a binary is included.
6b72a88cfe89a5313587d5fba7cc23c2b8067328f13b9efe6198926a12e185e5
Nebula is a data analysis tool that automatically generates intrusion signatures from attack traces. It runs as a daemon that processes data submitted from honeypots. New signatures are published as Snort rules and can be used to defend a network from future intrusion attempts.
6d90fe1c5c1d81045134485e8ee4e888e9fce5d4323a2b6b321bf8a9765fc856
The sniffy project can trace/log the data of any pseudo terminal in the system. Due to the way the terminal works, such a terminal trace provides complete information of what happened on the terminal screen, and sniffy is able to display/replay this information. It consists of a kernel module able to connect/hook on the pseudo terminal, a program to display the contents of any pseudo terminal on the fly, a daemon process tracing the pseudo terminal content into the file, and a replay program to replay any stored pseudo terminal session.
690392cbd14e5cf80472524f7dd7b417a2655b94209dbf746d054c0351cb5892
Tcpdump allows you to dump the traffic on a network. It can be used to print out the headers and/or contents of packets on a network interface that matches a given expression. You can use this tool to track down network problems, to detect many attacks, or to monitor the network activities.
5fe99efe0274b5764c9974417c96a38b5f94e21096d8a94cc1fa172a42035284
Aanval is a web based Snort intrusion detection console. Currently supporting Snort and syslog, Aanval provides dynamic monitoring, comprehensive reporting and powerful alerting capabilities. Several primary features are account hierarchy, data-archiving, real-time data displays, auto signature updating, sensor management tools, easy upgrading, advanced searching, artificial intelligence, timezone control, charts/graphs, query saving and more. Aanval supports all Linux, Unix, and OS X flavors.
2802f51fdfff9e0a1effa30b2e3f0c61675da850edc961a7a81bf5c8c4ddfc16
ratproxy is a semi-automated, largely passive Web application security audit tool optimized for accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex Web 2.0 environments.
f58a40d021988874c1bac177413c7b07b985721ff1282cd6734623c08fed634b
0x4553-Intercepter is a WinPcap-based sniffer that offers various capabilities including sniffing for password hashes related to ICQ/IRC/AIM/FTP/IMAP/POP3/SMTP/LDAP/BNC/SOCKS/HTTP/WWW/NNTP/CVS/TELNET/MRA/DC++/VNC/MYSQL and ORACLE. It also sniffs ICQ/AIM/JABBER/YAHOO/MSN/GADU-GADU/IRC and MRA protocols. It has a built-in arp poisoning module, can change MAC addresses of LAN adapters, and has various other interesting functionality.
5ad84f258fe5c1a003154863ca8dd48fbd7bb2f51969f497c4930e70efd66a4f
Nebula is a data analysis tool that automatically generates intrusion signatures from attack traces. It runs as a daemon that processes data submitted from honeypots. New signatures are published as Snort rules and can be used to defend a network from future intrusion attempts.
a72605776c17e6c7038972b6fcfa0d17f63a693b21e21701518d5f1e328aa4ed
rtpBreak detects, reconstructs and analyzes any RTP [rfc1889] session through heuristics over the UDP network traffic. It works well with SIP, H.323, SCCP and any other signaling protocol. In particular, it does not require the presence of RTCP packets (voipong needs them) that are not always transmitted from the recent VoIP clients.
9ec7276e3775c13306bcf90ba573cfb77b8162a18f90d5805a3c5a288f4466f8
Tcpdump allows you to dump the traffic on a network. It can be used to print out the headers and/or contents of packets on a network interface that matches a given expression. You can use this tool to track down network problems, to detect many attacks, or to monitor the network activities. Requires Libpcap.
2309c8eb1dc87436a410f4a8d041b0453ade5753c35ce7a2c5bc9a0263a8d299