Projects tagged ‘detection’ and ‘security’

Snort® is an open source network intrusion prevention and detection system using a flexible rule-driven language, which combines the benefits of signature, protocol and anomaly based inspection ... [More] methods. With millions of downloads to date, Snort is the most widely deployed intrusion detection and prevention technology worldwide and has become the de facto standard for the industry. [Less]

Prelude is an Hybrid IDS framework, that is, it is a product that enable all available security application, be it opensource or proprietary, to report to a centralized system. In order to achieve ... [More] this task, Prelude relies on the IDMEF (Intrusion Detection Message Exchange Format) IETF standard, that enables different kinds of sensors to generate events using an unified language. Prelude benefits from its ability to find traces of malicious activity from different sensors (Snort, honeyd, Nessus Vulnerability Scanner, Samhain, over 30 types of systems logs, and many others) in order to better verify an attack and in the end to perform automatic correlation between the various events. Prelude is commited to providing an Hybrid IDS that offers the ability to unify currently available tools. [Less]

OSSEC is an Open Source Host-based Intrusion Detection System. It performs log analysis, integrity checking, Windows registry monitoring, rootkit detection, real-time alerting and active response. ... [More] It runs on most operating systems, including Linux, OpenBSD, FreeBSD, MacOS, Solaris and Windows. [Less]

scanlogd is a TCP port scan detection tool, originally designed to illustrate various attacks an IDS developer has to deal with, for a Phrack Magazine article. Thus, unlike some of the other port ... [More] scan detection tools out there, scanlogd is designed to be totally safe to use. scanlogd supports several packet capture interfaces: the raw socket interface on Linux (which does not require any libraries), libnids, and libpcap. [Less]

WebSpidah is a tactical WASS (Web Application Security Scanner) written in PHP. It has an interactive shell as a user interface, much like the MSF, and a modularized, XML-based, vulnerability recon ... [More] system. WebSpidah is released under the GPL license. [Less]

DS IDetectionThe goal of this project is to use the theory of evidence to make intrusion detection. It uses a tool named evidenz that simplifies the use of dempster-shafer theory. The project is ... [More] involved with Network and Systems Security class that is a class of Universidade Federal of Pernambuco (UFPE) here in Brazil. [Less]

Valhala Honeypot é um detector de intrusos baseado no conceito de honeypot. Possui os servidores: web, ftp, finger, telnet, smtp, pop3, echo, daytime, tftp e port forwarding. Envia os logs remotamente. Fácil de configurar. Em portugues.

PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application. The IDS neither strips, sanitizes nor filters ... [More] any malicious input, it simply recognizes when an attacker tries to break your site and reacts in exactly the way you want it to. Based on a set of approved and heavily tested filter rules any attack is given a numerical impact rating which makes it easy to decide what kind of action should follow the hacking attempt. This could range from simple logging to sending out an emergency mail to the development team, displaying a warning message for the attacker or even ending the user’s session. PHPIDS enables you to see who’s attacking your site and how and all without the tedious trawling of logfiles or searching hacker forums for your domain. Last but not least it’s licensed under the LGPL! This is a PHP4 port of the PHP5-only PHPIDS from http://www.php-ids.org/ [Less]

libemu is a small library written in c offering basic x86 emulation and shellcode detection using GetPC heuristics. Intended use is within network intrusion/prevention detections and honeypots.

Snort_stat.pl is a report tool for Snort, the Open Source Intrusion Detection System. Snort_stat.pl can be used to generate simple emails off of Snort Alert (text) output and eventually Unified (native binary) output.