Category: Forensics

joincap

joincap: Merge multiple pcap files together

joincap Merge multiple pcap files together, gracefully. Why? I believe skipping corrupt packets is better than failing the entire merge job. When using tcpslice ormergecap sometimes pcapfix is needed to fix bad input pcap files. One option is to...

checkpot

checkpot: Checkpot Honeypot Checker

Checkpot is a honeypot checker: a tool meant to detect mistakes in the configuration of honeypots. It is aimed at security researchers who wish to check that their honeypots are properly set up, so...

CyLR

CyLR: Live Response Collection

CyLR What is CyLR? The CyLR tool collects forensic artefacts from hosts with NTFS file systems quickly, securely and minimizes impact to the host. The main features are: Quick collection (it’s really fast) Raw...

fastnetmon

fastnetmon: very fast DDoS analyzer

FastNetMon – A high-performance DoS/DDoS load analyzer built on top of multiple packet capture engines (NetFlow, IPFIX, sFLOW, SnabbSwitch, netmap, PF_RING, PCAP). What can we do? We can detect hosts in our networks sending...

Heralding honeypot

heralding v1.0.3 releases: Credentials catching honeypot

Heralding Sometimes you just want a simple honeypot that collects credentials, nothing more. Heralding is that honeypot! Currently, the following protocols are supported: ftp, telnet, ssh, http, https, pop3, pop3s, imap, imaps, and smtp....