NFStream is a multiplatform Python framework providing fast, flexible, and expressive data structures designed to make working with online or offline network data easy and intuitive. It aims to be Python's fundamental high-level building block for doing practical, real-world network flow data analysis. Additionally, it has the broader goal of becoming a unifying network data analytics framework for researchers providing data reproducibility across experiments. - Live Notebook - Project Website - Discussion Channel - Latest Release - Supported Versions - Project License - Continuous Integration - Code Quality - Table of Contents - Main Features - How to get it? - How to use it? - Encrypted application identification and metadata extraction - System visibility - Post-mortem statistical flow features extraction - Early statistical flow features extraction - Pandas export interface - CSV export interface - Extending NFStream - Machine Learning models training and deployment - Training the model - ML powered streamer on live traffic - Building from sources - Contributing - Ethics - Credits - Citation - Authors - Supporting organizations - Publications that use NFStream - License Main Features: - Performance: NFStream is designed to be fast: AF_PACKET
FEATURES
ALTERNATIVES
MIDAS (Mac Intrusion Detection Analysis System) - archived and no longer supported.
Fast, smart, effective port scanner with extensive extendability and adaptive learning.
LinkLiar is a status menu app for spoofing MAC addresses to enhance privacy on MacBook.
A honeypot that emulates a Belkin N300 Home Wireless router with default setup to observe traffic
A set of Go-based emulators for testing network security and analyzing network traffic.
Safing Portmaster is an open-source application firewall that monitors network connections, blocks trackers system-wide, and allows custom filtering rules at both global and per-application levels.
PINNED

Mandos Brief Newsletter
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.

PTJunior
An AI-powered penetration testing platform that autonomously discovers, exploits, and documents vulnerabilities while generating NIST-compliant reports.

CTIChef.com Detection Feeds
A tiered cyber threat intelligence service providing detection rules from public repositories with varying levels of analysis, processing, and guidance for security teams.

ImmuniWeb® Discovery
ImmuniWeb Discovery is an attack surface management platform that continuously monitors an organization's external digital assets for security vulnerabilities, misconfigurations, and threats across domains, applications, cloud resources, and the dark web.

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.