This page contains the tools I have written or that I have had a significant hand in writing. Visit my GitHub link in the social media menu for more tools!
Zeek Related Tools
- zeek2es – A Python application to filter and transfer Zeek logs to Elastic/OpenSearch+Humio. This app can also output pure JSON logs to stdout for further processing!
- zeek-agenttesla-detector – A Zeek based Agent Tesla malware C2 detector.
- zeek-amadey-detector – A Zeek base Amadey malware detector.
- zeek-asyncrat-detector – A Zeek based AsyncRAT malware detector.
- zeek-gozi-detector – A Zeek based Gozi malware detector.
- zeek-netsupport-detector – A Zeek base NetSupport detector. NetSupport is often abused by attackers in malware.
- zeek-njrat-detector – A Zeek based njRAT malware detector.
- zeek-spicy-facefish – A Zeek protocol analyzer for the Facefish rootkit, based on Spicy.
- zeek-spicy-ipsec – A Zeek IPSec protocol analyzer based on Spicy.
- zeek-spicy-openvpn – A Zeek OpenVPN protocol analyzer, based on Spicy.
- zeek-spicy-ospf – A Zeek OSPF packet analyzer based on Spicy.
- zeek-spicy-stun – A Zeek STUN protocol analyzer based on Spicy.
- zeek-spicy-wireguard – A Zeek Wireguard protocol analyzer based on Spicy.
- zeek-strrat-detector – A Zeek based STRRAT malware detector.
- zeek-sanitize – A Python script to sanitize Zeek logs.
Other Various Security Tools
- hostintel – A modular Python application to collect intelligence for malicious hosts.
- fileintel – A modular Python application to pull intelligence about malicious files.
- malgazer – A Python malware analysis library.
- visualize_logs – A Python library and command line tools to provide interactive log visualization.