ntop is a network traffic probe that shows the network usage, similar to what the popular top Unix command does.
Read more
Category: Security
SEC – tool for advanced event processing
Simple Event Correlator (SEC) is an open source and platform independent event correlation tool. SEC is a simple event correlation tool.
Read more
Scapy – packet manipulation program
Scapy is a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols.
Read more
Knocker – TCP security port scanner
Knocker is a simple, and easy to use TCP security port scanner written in C. It’s able to analyze hosts and the network services which are running on them.
Read more
tcpreplay – Pcap editing and replaying utilities
tcpreplay is a set of tools written which gives you the ability to use previously captured traffic in libpcap format to test a variety of network devices.
Read more
Darik’s Boot and Nuke – hard drive eraser and data clearing utility
Darik’s Boot and Nuke (“DBAN”) is a self-contained boot disk that securely wipes the hard disks of most computers.
Read more
Nikto – web server scanner
Nikto is a web server scanner which performs comprehensive tests against web servers for multiple items.
Read more
Stunnel – proxy designed to add TLS encryption functionality
Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer).
Read more
P3Scan – full-transparent proxy-server for email clients
P3Scan is a fully transparent proxy-server for POP3, SMTP, and limited POP3S Clients. It can be used to provide email scanning from the internet.
Read more
GRR Rapid Response: remote live forensics for incident response
GRR Rapid Response is an incident response framework focused on remote live forensics.
Read more
MIG: Mozilla InvestiGator – real-time digital forensics and investigation platform
MIG is a platform to perform investigative surgery on remote endpoints. It enables investigators to obtain information from large numbers of systems in parallel.
Read more
The Sleuth Kit – analyze disk images and recover files
The Sleuth Kit (TSK) is a library and collection of command line file and volume system forensic analysis tools.
Read more
The Autopsy Forensic Browser – digital forensics platform
The Autopsy Forensic Browser is a graphical interface to the command line digital investigation tools in The Sleuth Kit.
Read more
Volatility – advanced memory forensics framework
The Volatility Framework is a completely open collection of tools, implemented in Python, for the extraction of digital artifacts from volatile memory (RAM) samples.
Read more
rdd – forensic copy software
rdd is a forensic copy program developed at and used by the Netherlands Forensic Institute (NFI). rdd is a file and device copying utility.
Read more
guymager – forensic imager for media acquisition
The forensic imager contained in this package, guymager, was designed to support different image file formats, to be most user-friendly and to run fast.
Read more
Suricata – high performance Network IDS, IPS and Network Security Monitoring engine
Suricata is a threat detection engine, combining intrusion detection, intrusion prevention, network security monitoring and PCAP processing.
Read more
Snort – intrusion prevention system
Snort is an open source network intrusion prevention and detection system utilizing a rule-driven language.
Read more
Zeek – powerful network analysis framework
Zeek (formerly known as Bro) is a powerful free and open source framework for network traffic analysis and security monitoring.
Read more
Maltrail – malicious traffic detection system
Maltrail is a malicious traffic detection system, utilizing publicly available (black)lists.
Read more