Network Monitoring

OT/IoT/IT asset discovery & threat detection platform for cyber-physical systems

UTM security gateway for IT networks with threat management and connectivity

SOCRadar DNS Monitoring provides real-time monitoring of DNS infrastructure with automated discovery, record change alerts, and detection of DNS-based security threats.

Red Hand Analyzer is an online tool that provides automated behavioral analysis of PCAP files to detect malicious network activities and security vulnerabilities without decrypting traffic content.

An open-source application firewall that monitors and controls network traffic with custom filtering rules and real-time visibility into application connections.

IT infrastructure management & network security monitoring platform

Network monitoring and detection solution for threat analysis

A Zeek-based protocol analyzer that parses GQUIC traffic to extract connection metadata and create fingerprints for detecting anomalous network behavior.

Apache Spot is an open source big data platform that analyzes network flows and packet data to identify security threats and provide visibility into enterprise computing environments.

ZAT is a Python package that processes and analyzes Zeek network security data using machine learning libraries like Pandas, scikit-learn, Kafka, and Spark.

Makes output from the tcpdump program easier to read and parse.

Troje is a honeypot that creates dynamic LXC container environments to attract and monitor attackers while recording their activities and system changes.

A cross-platform network detection tool that identifies active Responder tools by sending LLMNR queries for fabricated hostnames.

An open-source network security monitoring tool.

HoneyDrive is the premier honeypot Linux distro with over 10 pre-installed honeypot software packages and numerous analysis tools.

DET (extensible) Data Exfiltration Toolkit is a proof of concept tool for performing Data Exfiltration using multiple channels simultaneously.

BPF+ is a generalized packet filter framework that achieves both high-level expressiveness and good performance for network monitoring and intrusion detection applications.

A tool that reads IP packets from the network or a tcpdump save file and writes an ASCII summary of the packet data.

A specialized packet sniffer for displaying and logging HTTP traffic, designed to capture, parse, and log traffic for later analysis.

BW-Pot is an interactive web application honeypot that deploys vulnerable applications to attract and monitor HTTP/HTTPS attacks, with automated logging to Google BigQuery for analysis.

A command-line tool that allows SQL queries to be executed directly on PCAP files for network traffic analysis with support for multiple output formats.

Hale is a modular botnet command and control monitoring tool that tracks C&C server communications across multiple protocols with web-based analysis interface and collaborative research capabilities.

A search engine for the Internet of Things (IoT) that discovers and monitors devices connected to the internet.

DroidBox is a dynamic analysis framework for Android applications that monitors runtime behavior, network activity, file operations, and security events while generating behavioral visualizations.