This page contains the tools I have written or that I have had a significant hand in writing. Visit my GitHub link in the header of this website for more tools!

Zeek Related Tools

• zeek2es – A Python application to filter and transfer Zeek logs to Elastic/OpenSearch+Humio. This app can also output pure JSON logs to stdout for further processing!
  • https://github.com/corelight/zeek2es
• zeek-spicy-facefish – A Zeek protocol analyzer for the Facefish rootkit, based on Spicy.
  • https://github.com/corelight/zeek-spicy-facefish
• zeek-spicy-ipsec – A Zeek IPSec protocol analyzer based on Spicy.
  • https://github.com/corelight/zeek-spicy-ipsec
• zeek-spicy-openvpn – A Zeek OpenVPN protocol analyzer, based on Spicy.
  • https://github.com/corelight/zeek-spicy-openvpn
• zeek-spicy-ospf – A Zeek OSPF packet analyzer based on Spicy.
  • https://github.com/corelight/zeek-spicy-ospf
• zeek-spicy-stun – A Zeek STUN protocol analyzer based on Spicy.
  • https://github.com/corelight/zeek-spicy-stun
• zeek-spicy-wireguard – A Zeek Wireguard protocol analyzer based on Spicy.
  • https://github.com/corelight/zeek-spicy-wireguard
• zeek-sanitize – A Python script to sanitize Zeek logs.
  • https://github.com/keithjjones/zeek-sanitize

Other Various Security Tools

• hostintel – A modular Python application to collect intelligence for malicious hosts.
  • https://github.com/keithjjones/hostintel
• fileintel – A modular Python application to pull intelligence about malicious files.
  • https://github.com/keithjjones/fileintel
• malgazer – A Python malware analysis library.
  • https://github.com/keithjjones/malgazer
• visualize_logs – A Python library and command line tools to provide interactive log visualization.
  • https://github.com/keithjjones/visualize_logs