You're busted! - and just with Bubble Gum And Baling Wire... ok and some Duct Tape is also used.
This repository houses a list of open-source tools, libraries, projects, etc that can be used to build awesome security stacks.
- Suricata IDS - Suricata is a network IDS, IPS and NSM engine.
- Moloch - Moloch is an open source, large scale, full packet capturing, indexing, and database system.
- Zeek - Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.
- py-idstools - idstools: Snort and Suricata Rule and Event Utilities in Python (Including a Rule Update Tool)
- Go NIDS - gonids is a library to parse IDS rules, with a focus primarily on Suricata rule compatibility.
- Gopacket - Provides packet processing capabilities for Go
- Snoopy - Log every executed command to syslog (a.k.a. Snoopy Logger).
- Sysmon - Make Windows logging great again
- SwiftOnSecurity configs - Sysmon configuration file template with default high-quality event tracing
- Sysmon modular - A repository of sysmon configuration modules
- Rsyslog - RSYSLOG is the rocket-fast system for log processing.
- Documentation
- liblognorm - A fast samples-based log normalization library.
- Syslog-ng - free and open-source implementation of the syslog protocol for Unix and Unix-like systems.
- Fever - fast, extensible, versatile event router for Suricata's EVE-JSON format
- Simple Event Correlator - SEC is an event correlation tool for advanced event processing.
- Visibility Across Space and Time (VAST) - is a scalable foundation for a security operations center (SOC): a rich data model for security data, high-throughput ingestion of telemetry, low-latency search, and flexible export in various formats.
- Neo4j - Neo4j is the world’s leading Graph Database.
- SQLite - SQLite is a relational database management system contained in a C library. In contrast to many other database management systems, SQLite is not a client–server database engine. Rather, it is embedded into the end program.
- MariaDB - MariaDB server is a community developed fork of MySQL server.
- CockroachDB - the open source, cloud-native SQL database.
- Cassandra - Apache Cassandra is a highly-scalable partitioned row store.
- Elasticsearch - Open Source, Distributed, RESTful Search Engine.
- InfluxDB - Scalable datastore for metrics, events, and real-time analytics.
- Prometheus - The Prometheus monitoring system and time series database.
- Scirius - Scirius is a web application for Suricata ruleset management.
- Evebox - Web Based Event Viewer (GUI) for Suricata EVE Events in Elastic Search
- Alerta - Alerta monitoring system
- Alerta web UI - Alerta Web UI 7.0
- Kibana - Your window into the Elastic Stack
- Grafana - The tool for beautiful monitoring and metric analytics & dashboards for Graphite, InfluxDB & Prometheus & More
- Rust - Rust’s rich type system and ownership model guarantee memory-safety and thread-safety — and enable you to eliminate many classes of bugs at compile-time.
- Golang - Go is an open source programming language that makes it easy to build simple, reliable, and efficient software.
- Julia - Julia is a high-level, high-performance dynamic language for technical computing.
- R - R is a free software environment for statistical computing and graphics.
- nvim-r - Vim plugin to work with R
- neovim - Vim-fork focused on extensibility and usability
- Conquer of Completion - Intellisense engine for vim8 & neovim, full language server protocol support as VSCode
- coc-rls - Rust language server support for coc.nvim
- coc-python - Python extension for coc.nvim
- plug - Minimalist Vim Plugin Manager
- vim-go - Go development plugin for Vim
- Conquer of Completion - Intellisense engine for vim8 & neovim, full language server protocol support as VSCode
- vscode - Visual Studio Code is a streamlined code editor with support for development operations like debugging, task running, and version control.
- juno - Juno is a powerful, free environment for the Julia language.
- Jupyter lab - An extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture.
- IJulia - IJulia is a Julia-language backend combined with the Jupyter interactive environment (also used by IPython).
- gophernotes - The Go kernel for Jupyter notebooks and nteract.
- Pandas - powerful Python data analysis toolkit
- matplotlob - plotting with Python
- LogCluster - experimental Perl-based tool for log file clustering and mining line patterns from log files
- scikit-learn - machine learning in Python
- TensorFlow - An Open Source Machine Learning Framework for Everyone
- TensorFlow-Examples - TensorFlow Tutorial and Examples for Beginners (support TF v1 & v2)
- Ngraph - a set of graph related algorithms.
- ngraph.pixel - fast graph renderer based on low level ShaderMaterial from three.js
- Cayley - an open-source graph to be a part of the developer's toolbox
- Heka - Heka is a tool for collecting and collating data from a number of different sources, performing "in-flight" processing of collected data, and delivering the results to any number of destinations for further analysis.
- Hindsight - Hindsight is lighter weight and faster data pipeline with delivery guarantees to replace Heka.
- nanomsg - The nanomsg library is a simple high-performance implementation of several "scalability protocols".
- mangos - Package mangos is an implementation in pure Go of the SP ("Scalable Protocols") protocols.
- Kapacitor - Framework for processing, monitoring, and alerting on time series data.
- Kafka - A distributed streaming platform.
- Apache Pulsar - Distributed pub-sub messaging system.
- Malware Information Sharing Platform and Threat Sharing (MISP) - Open Source Threat Intelligence and Sharing Platform
- Semi-Automated Cyber Threat Intelligence - ACT - The main objective of the ACT project is to develop a platform for cyber threat intelligence to uncover cyber attacks, cyber espionage and sabotage.
- MITRE ATT&CK - Globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.
- Threat hunters playbook - A Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.
- Telegraf - Telegraf is an plugin-driven agent for collecting & reporting metrics.