ChopShop
ChopShop is a MITRE developed framework to aid analysts in the creation and execution of pynids based decoders and detectors of APT tradecraft. Note that ChopShop is still in perpetual beta and is dependent on libnids/pynids for the majority of its underlying functionality. Documentation for ChopShop can be found on ReadTheDocs. Note: There is a known issue when running ChopShop on Ubuntu where the version of pynids obtained via apt causes an ImportError. Per https://bugs.launchpad.net/ubuntu/+source/python-nids/+bug/795991, this issue affects some variants of at least 11.10 and 12.04. A workaround is to compile pynids from source which can be obtained from https://github.com/MITRECND/pynids/.
FEATURES
SIMILAR TOOLS
A tool that reads IP packets from the network or a tcpdump save file and writes an ASCII summary of the packet data.
Cilium is a networking, observability, and security solution with an eBPF-based dataplane.
Open source software for leveraging insights from flow and packet analysis to identify potential security threats or attacks.
A high-level C++ library for creating and decoding network packets with a Scapy-like interface.
A powerful interactive packet manipulation program and library for network exploration and security testing.
An IP address intelligence API that provides geolocation data and threat detection capabilities for IPv4 and IPv6 addresses.
Unfurl is a URL analysis tool that extracts and visualizes data from URLs, breaking them down into components and presenting the information visually.
An information gathering tool for DNS, subdomains, ports, and directories enumeration.
A website scanner that provides a sandbox for the web, allowing users to scan URLs and websites for potential threats and vulnerabilities.
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.