Active Countermeasures

Active Countermeasures's repositories

rita-legacy

Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis.

Language:GoGPL-3.02500 112 390

BeaKer

Beacon Kibana Executable Report. Aggregates Sysmon Network Events With Elasticsearch and Kibana

Language:ShellGPL-3.0281 19 34

passer

Passive service locator, a python sniffer that identifies servers, clients, names and much more

Language:PythonGPL-3.0240 13 1

threat-tools

Tools for simulating threats

Language:PythonGPL-3.0168 9 1

rita

Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis.

Language:GoGPL-3.0118 3 13

espy

Endpoint detection for remote hosts for consumption by RITA and Elasticsearch

Language:GoGPL-3.066 8 43

docker-zeek

Run zeek with zeekctl in docker

Language:ShellMIT45 4 13

smudge

Passive OS detection based on SYN packets without Transmitting any Data

Language:PythonGPL-3.042 3 13

pcap-stats

Learn about a network from a pcap file or reading from an interface

Language:PythonGPL-3.025 30

zcutter

Extracts fields from zeek logs, compatible with zeek-cut

Language:PythonGPL-3.018 20

sniffer-template

Template for building a packet sniffer

Language:PythonGPL-3.015 40

zeek-open-connections

Language:ZeekGPL-3.012 3 3

rita-bl

Real Intelligence Threat Analytics -- Blacklist Database

Language:GoGPL-3.08 5 4

zeekcfg

A node.cfg generator for zeekctl

Language:GoMIT6 3 5

certificate-issues

Identifies certificate problems from Zeek ssl log files

Language:ShellGPL-3.05 40

shell-lib

Shell Scripts Used Across ActiveCM Projects

Language:ShellBSD-3-Clause5 3 9

zeek-log-transport

This script ships logs from Zeek to AC-Hunter

Language:Shell5 3 3

mgosec

A Small Helper Library For Securing MongoDB Connections with Golang

Language:GoMIT4 5 2

safelist-tools

Tools for working with the safelist (formerly whitelist)

Language:GoGPL-3.03 5 2

pcap-resources

Support files and tools for pcap analysis and packet capture

GPL-3.02 40

zeek-log-clean

Delete Zeek log files until disk usage is under a given threshold

Language:ShellMIT2 3 1

bad-asn-list

An open source list of ASNs known to belong to cloud, managed hosting, and colo facilities.

1 10

save_json_stream

JSON TCP stream importer for RITA and AC-Hunter

Language:PythonGPL-3.01 40

tcp-sig-json

Json file that holds TCP signatures for passive OS fingerprinting

Language:PythonGPL-3.004 1

ACH-Zeek

Zeek installer packaged with AC-Hunter

Language:Shell020

active-dns-lookup

Lookup hostnames via dns

Language:PythonGPL-3.0010

db-lib

Python database access library

Language:PythonWTFPL020

get-release

Github Action to get release information based on a tag

Language:JavaScriptMIT020

packages

The default package source of the Zeek Package Manager

020

zeek-agent-v2

Open source endpoint agent providing host information to Zeek. [v2]

Language:C++NOASSERTION010