136 tools and resources
Darktrace is a cyber security solution that uses AI to detect and prevent cyber attacks in real-time.
A collaborative platform that gathers and analyzes security data to help professionals identify and mitigate cyber threats.
A simple web crawler written in Go
A DNS rebinding attack framework for security researchers and penetration testers.
NFStream is a multiplatform Python framework for network flow data analysis with a focus on speed and flexibility.
Scan the internet for publicly exposed network components
WireGuard is a fast, simple, and secure VPN that uses cutting-edge cryptography, designed for ease of use and performance.
A script for extracting network metadata and fingerprints such as JA3 and HASSH from packet capture files or live network traffic.
A collection of PCAPs for ICS/SCADA utilities and protocols with the option for users to contribute.
A tool for analyzing TCP packet traces with color support.
pfSense is a leading open source firewall and network security solution, providing advanced protection and connectivity options.
Open source software for leveraging insights from flow and packet analysis to identify potential security threats or attacks.
A utility for splitting packet traces along TCP connection boundaries.
Tcpreplay is a suite of Open Source utilities for editing and replaying captured network traffic.
Tang is a server for binding data to network presence, providing an easy and secure alternative to key escrow.
A foundational guide for using deception against computer network adversaries using honeypots to detect adversaries before they accomplish their goals.
A list of most queried domains based on passive DNS usage across the Umbrella global network.
A utility to generate malicious network traffic for security evaluation.
A set of Bro/Zeek scripts that detect ATT&CK-based adversarial activity and raise notices
A service for better visibility on networking issues in Kubernetes clusters by detecting traffic denied by iptables.
A suite of tools for Wi-Fi network security assessment and penetration testing.
A new approach to computer network defense that leverages knowledge about advanced persistent threats, using a kill chain model to describe phases of intrusions and map adversary kill chain indicators to defender courses of action.
CapTipper is a python tool to analyze, explore, and revive HTTP malicious traffic.
Honeytrap is a low-interaction honeypot and network security tool with various modes of operation and plugin support for catching attacks against TCP and UDP services.
Tcpreplay is a network traffic editing and replay tool used for testing network devices and applications.
A framework for generating log events without the need for infrastructure, allowing for simple, repeatable, and randomized log event creation.
A tool for classifying packets into flows based on 4-tuple without additional processing.
App-Ray offers comprehensive security analysis and compliance solutions for mobile applications.
testssl.sh is a free command line tool for checking server's TLS/SSL configurations with clear and machine-readable output.
Makes output from the tcpdump program easier to read and parse.
Low interaction MySQL honeypot with various configuration options.
A set of Go-based emulators for testing network security and analyzing network traffic.
A network protocol panic button operating decentralized through UDP broadcasts and HTTP, intended for sensitive networks to prevent cold boot attacks.
Discover and understand the Docker Layer 2 ICC Bug and its implications on inter-container communication.
A technique to encode data within DNS queries for covert communication channels.
A comprehensive list of search filters for the SHODAN search engine.
A Fake Protocol Server tool with support for multiple network services and protocols.
LaBrea is a 'sticky' honeypot and IDS tool that traps malicious actors by creating virtual servers on unused IP addresses.
A super-simple, modern framework for organizing and automating cybersecurity tasks.
Best practices for corporate network segmentation to protect against basic targeted attacks
Open-source abuse management toolkit for automating and improving the abuse handling process.
A technique to associate applications with TLS parameters for identifying malware and vulnerable applications.
Tool for setting up Glutton, a cybersecurity tool for monitoring SSH traffic.
Impost is a powerful network security auditing tool with honey pot and packet sniffer capabilities.
A tracker that detects and logs SYN packets with a specific signature generated by the Mirai malware, providing real-time information on Mirai-based campaigns.
A wrapper around jNetPcap for packet capturing with Clojure, available for Linux and Windows.
An open-source network security monitoring tool.
A robust endpoint security solution that offers data security, network security, and advanced threat prevention, all managed from a single console to protect your devices and data.
An SDN honeypot tool for detecting and analyzing malicious activities in Software-Defined Networking environments.
An OpenFlow honeypot that detects unused IP addresses and simulates network traffic to attract and analyze potential threats
A next-generation network scanner for identifying security configuration weaknesses in devices like routers, firewalls, and switches.
Symantec Enterprise Cloud provides comprehensive cybersecurity for large enterprises, with a focus on data-centric hybrid security and innovation in threat and data protection.
A honeypot system designed to detect and analyze potential security threats
BPF+ is a generalized packet filter framework that achieves both high-level expressiveness and good performance for network monitoring and intrusion detection applications.
Snort 3 is the next generation Snort IPS with enhanced features and improved cross-platform support.
TCPFLOW is a tool for capturing data transmitted over TCP connections.
A KDE Plasma 4 widget that displays real-time traffic information for active network connections on Linux computers.
Cisco Umbrella is a cloud security platform that offers protection against threats on the internet by blocking malicious activity.
SharpPrinter enables efficient discovery of network printers for security and management purposes.
Nmap is an essential network scanning tool used for network security auditing and status monitoring.
High-speed packet capture library with user-level network socket.
A tool that reads IP packets from the network or a tcpdump save file and writes an ASCII summary of the packet data.
Zeek Remote desktop fingerprinting script for fingerprinting Remote Desktop clients.
Dataplane.org is a nonprofit organization providing free data, tools, and analysis to increase awareness of Internet trends, anomalies, threats, and misconfigurations.
A multi-threaded intrusion detection system using Yara for network and stream IDS
A multiplatform C++ library for capturing, parsing, and crafting network packets with support for various network protocols.
Heimdal Enterprise provides a unified cybersecurity platform with advanced network and endpoint security solutions, including threat hunting and privileged access management.
Nebula is a scalable overlay networking tool emphasizing performance, simplicity, and security.
A specialized packet sniffer for displaying and logging HTTP traffic, designed to capture, parse, and log traffic for later analysis.
Snort is an open source intrusion prevention system that uses rules to detect and prevent malicious network activity.
Network Dump data Displayer and Editor framework for tcpdump trace files manipulation.
Open source framework for network traffic analysis with advanced features.
A subset of the Modern Honey Network project set up to run in docker, including hpfeeds broker, cowrie honeypot, and dionaea honeypot.
A TCP-based traceroute implementation that bypasses firewall filters to trace the path to a destination.
Identify unintended network access to AWS resources and ensure network security by analyzing network reachability conditions.
Yaraprocessor allows for scanning data streams in unique ways and dynamic scanning of payloads from network packet captures.
A Linux command-line tool that allows you to kill in-progress TCP connections based on a filter expression, useful for libnids-based applications that require a full TCP 3-way handshake for TCB creation.
A multi-threading tool for sniffing HTTP header records with support for offline and live sniffing, TCP flow statistics, and JSON output.
Docker-based honeypot setup with detailed installation and configuration instructions.
A simple Docker-based honeypot to detect port scanning
A Docker analysis tool for identifying potential security vulnerabilities and weaknesses in Docker environments
Automated signature creation using honeypots for network intrusion detection systems.
A powerful command-line packet analyzer and a portable C/C++ library for network traffic capture with comprehensive documentation.
Netcap efficiently converts network packets into structured audit records for machine learning algorithms, using Protocol Buffers for encoding.
Passive Network Audit Framework (PNAF) v0.1.2 provides passive network auditing capabilities and is now a project of COSMIC-Chapter of The Honeynet Project.
SecurityWeek provides comprehensive cybersecurity news and analysis across various security domains.
An open source network penetration testing framework with automatic recon and scanning capabilities.
Freely available network IOCs for monitoring and incident response
Open source security-oriented language for describing protocols and applying security policies on captured traffic.
A hybrid honeypot framework that combines low and high interaction honeypots for network security
replayproxy allows you to 're-live' a HTTP session captured in a .pcap file, parsing HTTP streams, caching them, and starting a HTTP proxy to reply to requests with matching responses.
A command line tool for running SQL queries on PCAP files with various output options and a simplistic web-server.
A comprehensive guide to network security monitoring, teaching readers how to detect and respond to intrusions using open source software and vendor-neutral tools.
Visualize and analyze network relationships with AfterGlow
6Guard is an IPv6 attack detector sponsored by Google Summer of Code 2012 and supported by The Honeynet Project organization.
A Graphical Realism Framework for Industrial Control Simulation organized as 5 VirtualBox VMs for realistic ICS network simulation.
A database of Tor exit nodes with their corresponding IP addresses and timestamps.
Romana automates cloud native network creation and secures applications with a distributed firewall.
AWS Network Firewall provides fine-grained control over network traffic and enables easy deployment of firewall security.
Tcpdump is a command-line packet analyzer for capturing and analyzing network traffic.
A powerful interactive packet manipulation program and library for network exploration and security testing.
A network recon framework including tools for passive and active recon
AhnLab PLUS is a unified security platform providing comprehensive cybersecurity solutions for businesses.
A nonprofit security organization that collects and shares threat data to make the Internet more secure.
Passively maps and visually displays ICS/SCADA network topology for network security
Cybersecurity industry portal offering articles, tools, and resources.
A suite for man in the middle attacks, featuring sniffing of live connections, content filtering, and protocol dissection.
Open source DDoS protection system with centralized policy for network operators.
A simple honeypot that opens a listening socket and waits for connection attempts, with configurable reply and event handling
Network metadata capture and analysis tool
NECOMA focuses on data collection, threat analysis, and developing new cyberdefense mechanisms to protect infrastructure and endpoints.
A guide outlining security considerations for using OpenLDAP Software, including selective listening and IP firewall capabilities.
Stenographer is a high-performance full-packet-capture utility for intrusion detection and incident response purposes.
High-performance packet capture library with zero copy functionality.
Building Honeypots for Industrial Networks using Honeyd and simulating SCADA, DCS, and PLC architectures.
A featured networking utility for reading and writing data across network connections with advanced capabilities.
A high-level C++ library for creating and decoding network packets with a Scapy-like interface.
A program to log login attempts on Telnet (port 23) and track the Mirai botnet
An API for constructing and injecting network packets with additional functionality.
Suricata offers real-time intrusion detection, intrusion prevention, and network monitoring.
A medium interaction printer honeypot that simulates a standard networked printer
A printer honeypot PoC that simulates a printer on a network to detect and analyze potential attackers.
Independent software vendor specializing in network security tools and network forensics.
AWS Shield provides managed DDoS protection for your applications, automatically detecting and mitigating sophisticated network-level DDoS events.
DOS attack by sending fake BPDUs to disrupt switches' STP engines.
A lookup service for AS-numbers and prefixes by country
A container of PCAP captures mapped to the relevant attack tactic
Netis Cloud Probe is an open source project for capturing and analyzing network packets across different machines.
Monitors network traffic for suspicious activity and alerts when potential threats are detected.
A Go-based honeypot server for detecting and logging attacker activity
A toolkit for forensic analysis of network appliances with YARA decoding options and frame extraction capabilities.
Passive sniffer tool for analyzing traffic patterns.
OpenSnitch is a GNU/Linux application firewall with interactive outbound connections filtering and system-wide domain blocking capabilities.
Normalize, index, enrich, and visualize network capture data using Potiron.
A private network system utilizing WireGuard for enhanced networking capabilities.
Validate baseline cybersecurity skills with CompTIA Security+ certification.
