An active domain name query tool to help keep track of domain name movements...

Performs IP reassembly and strips off extraneous encapsulation (VLANs, MPLS, GRE, L2TP) in pcap files

Scimpy Speaker Design Tool

Sguil client for NSM

Cuckoo Sandbox is an automated dynamic malware analysis system

A network sniffer that logs all DNS server replies for use in a passive DNS setup

A Swiss army knife for your daily Linux network plumbing.

A preprocessor for Decrypting SSL traffic in Snort

Partial stuxnet source decompiled with hexrays, if anyone has better decompile tools feel free to contribute better versions.

The Advanced Policy-Manager for IPS/IDS Sensors

Network Security Monitoring Framework

Network File Tracker (NFT)

We made a POC in perl, but consentrating on the C version. Here for historical reasons and to easy test out new ideas.

I made the POC in perl, but consentrating on the C version. Here for historical reasons.

My personal collection of some sguil tools that can be shared with the public...

Cerdo - TUI to handle Snort/Suricata/VRT/ET rules and sensors

This is a fork of the last pads version (1.2) from Matt Shelton with the sguil patches and other patches to make it work on modern operating systems.

GUI administration for Snort/Suricata IDS/IPS engines

sidrule is a simple bash-script to manage Snort/Emerging Threats/Suricata rules based on its sid

Debian build repo for FPCGUI

Defender Of The Ethernet

Entropy DDoS Detection

Full Packet Capture GUI

Connection Tracker is a passive network connection tracker for profiling, history, auditing and network discovery.

World Wide Web

Passive Real-time Asset Detection System