Projects tagged ‘detection’ and ‘intrusion’

Snort® is an open source network intrusion prevention and detection system using a flexible rule-driven language, which combines the benefits of signature, protocol and anomaly based inspection ... [More] methods. With millions of downloads to date, Snort is the most widely deployed intrusion detection and prevention technology worldwide and has become the de facto standard for the industry. [Less]

Prelude is an Hybrid IDS framework, that is, it is a product that enable all available security application, be it opensource or proprietary, to report to a centralized system. In order to achieve ... [More] this task, Prelude relies on the IDMEF (Intrusion Detection Message Exchange Format) IETF standard, that enables different kinds of sensors to generate events using an unified language. Prelude benefits from its ability to find traces of malicious activity from different sensors (Snort, honeyd, Nessus Vulnerability Scanner, Samhain, over 30 types of systems logs, and many others) in order to better verify an attack and in the end to perform automatic correlation between the various events. Prelude is commited to providing an Hybrid IDS that offers the ability to unify currently available tools. [Less]

OSSEC is an Open Source Host-based Intrusion Detection System. It performs log analysis, integrity checking, Windows registry monitoring, rootkit detection, real-time alerting and active response. ... [More] It runs on most operating systems, including Linux, OpenBSD, FreeBSD, MacOS, Solaris and Windows. [Less]

scanlogd is a TCP port scan detection tool, originally designed to illustrate various attacks an IDS developer has to deal with, for a Phrack Magazine article. Thus, unlike some of the other port ... [More] scan detection tools out there, scanlogd is designed to be totally safe to use. scanlogd supports several packet capture interfaces: the raw socket interface on Linux (which does not require any libraries), libnids, and libpcap. [Less]

WebSpidah is a tactical WASS (Web Application Security Scanner) written in PHP. It has an interactive shell as a user interface, much like the MSF, and a modularized, XML-based, vulnerability recon ... [More] system. WebSpidah is released under the GPL license. [Less]

Snort_stat.pl is a report tool for Snort, the Open Source Intrusion Detection System. Snort_stat.pl can be used to generate simple emails off of Snort Alert (text) output and eventually Unified (native binary) output.

PerlIDS (CGI::IDS) is a Perl website intrusion detection system based on PHPIDS http://php-ids.org/. It parses any hashref for possible attacks, so it does not depend on CGI.pm. The intrusion ... [More] detection is based on a set of converters that convert the request according to common techniques that are used to hide attacks. These converted strings are checked for attacks by running a filter set of currently 68 regular expressions. For easily keeping the filter set up-to-date, PerlIDS is compatible to the original XML filter set of PHPIDS, which is frequently updated. [Less]

IntroductionWebsiteCDS is a script that goes through your entire web folder and detects any changes to code made. You can use this code to detect changes and send you an email alert if the codebase ... [More] has changed. DetailsPlease see full details of the project here http://www.webdigi.co.uk/blog/2009/how-to-detect-if-your-webserver-is-hacked-and-get-alerted Download the code PHP version 1 from here http://websitecds.googlecode.com/files/websitecds%20version1.zip [Less]

Valhala Honeypot é um detector de intrusos baseado no conceito de honeypot. Possui os servidores: web, ftp, finger, telnet, smtp, pop3, echo, daytime, tftp e port forwarding. Envia os logs remotamente. Fácil de configurar. Em portugues.

PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application. The IDS neither strips, sanitizes nor filters ... [More] any malicious input, it simply recognizes when an attacker tries to break your site and reacts in exactly the way you want it to. Based on a set of approved and heavily tested filter rules any attack is given a numerical impact rating which makes it easy to decide what kind of action should follow the hacking attempt. This could range from simple logging to sending out an emergency mail to the development team, displaying a warning message for the attacker or even ending the user’s session. PHPIDS enables you to see who’s attacking your site and how and all without the tedious trawling of logfiles or searching hacker forums for your domain. Last but not least it’s licensed under the LGPL! This is a PHP4 port of the PHP5-only PHPIDS from http://www.php-ids.org/ [Less]