Network Security

Network Dump data Displayer and Editor framework for tcpdump trace files manipulation.

ssh-audit is a Python-based tool for auditing SSH server and client configurations to identify security weaknesses and ensure compliance with best practices.

A userland implementation of the Network Block Device protocol that enables remote block device access over network connections for distributed storage and virtualization use cases.

A network-triggered emergency tool that overwrites LUKS encryption headers with random data to prevent forced decryption in high-risk situations.

Open source framework for network traffic analysis with advanced features.

A Docker-based honeypot network implementation featuring cowrie and dionaea honeypots with centralized event collection, geolocation enrichment, and real-time attack visualization.

A TCP-based traceroute implementation that bypasses firewall filters to trace the path to a destination.

Network Access Analyzer is an AWS VPC feature that identifies unintended network access to cloud resources by analyzing internet gateways, route tables, ACLs, and security groups.

Yaraprocessor allows for scanning data streams in unique ways and dynamic scanning of payloads from network packet captures.

A Linux command-line tool that allows you to kill in-progress TCP connections based on a filter expression, useful for libnids-based applications that require a full TCP 3-way handshake for TCB creation.

A multi-threading tool for sniffing HTTP header records with support for offline and live sniffing, TCP flow statistics, and JSON output.

Docker-based honeypot setup with detailed installation and configuration instructions.

A simple Docker-based honeypot to detect port scanning

CloudMapper is an AWS security analysis tool that audits configurations, identifies misconfigurations, analyzes IAM policies, finds unused resources, and provides network visualization capabilities.

A honeypot system that simulates RDP services on port 3389, automatically assigns virtual machines to incoming connections, and captures comprehensive forensic data including packet captures and disk images.

Automated signature creation using honeypots for network intrusion detection systems.

Netcap efficiently converts network packets into structured audit records for machine learning algorithms, using Protocol Buffers for encoding.

A tutorial demonstrating how to implement Kubernetes Engine security features to control application privileges through host access controls and network access policies.

Passive Network Audit Framework (PNAF) v0.1.2 provides passive network auditing capabilities and is now a project of COSMIC-Chapter of The Honeynet Project.

An open source network penetration testing framework with automatic recon and scanning capabilities.

Freely available network IOCs for monitoring and incident response

Open source security-oriented language for describing protocols and applying security policies on captured traffic.

A hybrid honeypot framework that combines low and high interaction honeypots for network security

replayproxy allows you to 're-live' a HTTP session captured in a .pcap file, parsing HTTP streams, caching them, and starting a HTTP proxy to reply to requests with matching responses.