Eleven popular open-source security tools on GitHub

As the cornerstone of the open-source development field, "All vulnerabilities are superficial" has become a well-known principle or even creed. As a well-known Linus law, when discussing the security advantages of open-source models, open code can improve the efficiency of Project vulnerability detection, which is also widely accepted by IT professionals.

Malware analysis, penetration testing, and Computer Forensics-GitHub hosts a series of compelling security tools to meet the actual needs of computing environments of all sizes.

Eleven popular open-source security tools on GitHub

As the cornerstone of the open-source development field, "All vulnerabilities are superficial" has become a well-known principle or even creed. As a well-known Linus law, when discussing the security advantages of open-source models, open code can improve the efficiency of Project vulnerability detection, which is also widely accepted by IT professionals.

Now, with the emergence of highly popular code sharing sites such as GitHub, the entire open-source industry is increasingly helping other enterprises protect their own code and systems, it also provides a variety of security tools and frameworks to complete malware analysis, penetration testing, computer forensics, and other similar tasks.

The following 11 basic security projects are all based on GitHub. Any administrator who is interested in security code and systems needs to pay attention to them.

Metasploit framework

As a project promoted by the open-source community and security enterprise rapid7, The metasploit framework is a vulnerability development and delivery system dedicated to penetration testing. Similar to a vulnerability library, it can help administrators evaluate application security by locating vulnerabilities and take remedial measures before attackers discover these vulnerabilities. It can be used to test windows, Linux, Mac, Android, IOS, and other system platforms.

"Metasploit provides a way for security researchers to express security vulnerabilities in a relatively common format," says Todd Beardsley, Engineering and Technology Manager at rapid7. "We have created thousands of modules for all device types, including general computers, mobile phones, routers, switches, industrial control systems, and embedded devices. I almost couldn't figure out which software or firmware could not play the role of metasploit ."

Project Link: https://github.com/rapid7/metasploit-framework

Brakeman

Brakeman is a vulnerability scanning tool specially designed for Ruby on Rails Applications. It also performs Data Flow Analysis for a part of the process passed to another part of the program. You can use the software without installing the entire application stack, explains Justin Collins, creator and maintainer of brakeman.

Even though the speed performance is not exclusive, brakeman takes only a few minutes to scan large applications and has already surpassed the "black box" scanning tool. Although targeted fixes have been made recently, users still need to pay attention to false positives when using brakeman. Brakeman should be used as a website security scanning tool. Collins has no plans to expand it to other platforms yet, but he encourages other developers to make improvements to the project code.

Project Link: https://github.com/presidentbeef/brakeman

Cuckoo sandbox

Cuckoo sandbox is an automated dynamic malware analysis system designed to check suspicious files in isolated environments.

"The main purpose of this solution is to automatically execute and monitor abnormal activities of any given malware after it is started in a Windows virtual machine environment. After the process is completed, Cuckoo further analyzes the collected data and generates a comprehensive report to explain the specific damage capabilities of malware, "said cldio guarnieri, founder of the project.

Data generated by Cuckoo includes local functions and Windows API call tracking, copies of created and deleted files, and analyticdb memory dump data. You can customize the processing and reporting mechanism of the project to generate the report content in different formats, including JSON and HTML. Cuckoo sandbox became one of Google's projects in the summer of code in 2010.

Project Link: https://github.com/cuckoobox/cuckoo

 

Moloch

Moloch is a scalable IPv4 packet capturing, indexing, and database system. It can be used as a simple Web interface for browsing, searching, and exporting. It uses HTTPS and HTTP mechanisms to support passwords or front-end apahce, and does not need to replace the original IDS engine.

The software can store and retrieve all network traffic in the standard pcap format, and can be deployed on multiple systems. The traffic processing capability per second can also be expanded to several GB. Project components include capturing and executing a single-threaded C language application, and you can also run multiple capture processes on each device. A set of viewer is actually a node. JS applications, web interfaces, and pcap file transmission, while elasticsearch database technology is responsible for search tasks.

Project Link: https://github.com/aol/moloch

 

Defdef: Mozilla defense platform

This Mozilla defense platform, also known as defdef, is designed to automate security event handling processes, so as to provide defenders with capabilities similar to attackers: a real-time integrated platform, it can achieve monitoring, response, collaboration and improvement of related protection functions, said Jeff Bryner, the project creator.

Defdef extends the traditional Seim (Security Information and event management) functions to enable Collaborative Event Response, visualization, and easy integration into other enterprise-level systems, said Bryner. It uses elasticsearch, meteor, and MongoDB to collect a large number of different types of data and can be saved in any way as needed. "You can regard javasdef as a set of Siem Layers Based on elasticsearch, which can bring Security Event Response Task processes," Bryner said. The project began conceptual verification within Mozilla in 2013.

Project Link: https://github.com/jeffbryner/MozDef

 

Midas

As a product created by the collaboration between Etsy and Facebook's security teams, Midas is a set of Intrusion Detection and Analysis System Framework (MAC intrusion detection analysis systems, abbreviated as Midases) dedicated to Mac devices ). This module framework provides auxiliary tools and sample models to detect modifications in the OS X system resident mechanism. This project is based on the concepts described in the self-made defense security and attack-driven Defense reports.

"The common goal of our release of this framework is to promote enthusiasm for discussion in this field, it also provides enterprise users with a prototype of Solutions to detect common vulnerabilities in OS X terminals in the use and resident mode, "stated in a description by Etsy and Facebook's security teams. You can use the maxcompute user to inspect, verify, analyze, and define the host of the module as well as other targeted operations.

Project Link: https://github.com/etsy/MIDAS

 

Bro

The Bro Network Analysis Framework is essentially different from the intrusion detection mechanism that most people are familiar with, "said Robin Sommer, chief developer of the bro project and a senior researcher at the International Computer Science Association at UC Berkeley.

Although intrusion detection systems can effectively match existing attack modes, bro is a real programming language that makes it more powerful than those typical systems, said Sommer. It helps you implement task planning at a high semantic level.

Bro aims to search for attack activities and provide background information and usage modes. It can organize various devices in the network into visual images, penetrate into network traffic, and check network data packets. It also provides a more universal traffic analysis platform.

Project Link: https://github.com/bro/bro

 

OS X Auditor

OS X auditor is a free computer forensics tool that parses and hashes the pseudo traces in the copies of the running system or target system to be analyzed. Including kernel extension, system and third-party proxy and background programs, unsuitable systems, third-party startup items, and agents installed outside the downloaded files. Isolated files can be extracted from Safari History, Firefox cookies, chrome history records, social and email accounts, and Wi-Fi access points in the audited system.

Project Link: https://github.com/jipegit/OSXAuditor

 

The sleuth kit

The sleuth kit is a set of libraries and a variety of command line tools designed to investigate Disk Images, including the data of each volume and file system. The suite also provides a plug-in framework that allows you to add more modules to analyze file content and build an automated system.

As a tool combination for Microsoft and Unix systems, sleuth kit allows investigators to identify and restore evidence from the image in the event response process or in the system. Autopsy acts as a user interface solution based on sleuth kit and other tools, which is a digital forensics platform. "Autopsy focuses more on users," said Brian carrier, the creator of sleuth kit and autopsy. "The sleuth kit is more like a complete set of libraries that can be incorporated into your own tools, but users do not need to directly use the training ."

Project Link: https://github.com/sleuthkit/sleuthkit

 

Ossec

The Host-Based Intrusion Detection System (ossec) provides functions such as log analysis, file integrity check, monitoring, and alarms. It is also compatible with common operating systems, including Linux, Mac OS X, Solaris, Aix, and windows.

Ossec is designed to help enterprise users meet compliance requirements, including PCI and HIPAA, it can also trigger an alert when detecting unauthorized file system modifications or malicious activities embedded in software and Custom Application log files through configuration. A central management server is responsible for executing policy management tasks between different operating systems. The ossec project is supported by Trend Micro.

Project Link: https://github.com/ossec/ossec-hids

 

Passivedns

Passivedns can passively collect DNS records to assist in accident handling, network security monitoring, and digital forensics. The software can configure to read pcap (packet capture) files and output DNS data as log files or extract data traffic from specific interfaces.

This tool can act on IPv4 and IPv6 traffic, resolve traffic based on TCP and UDP, and cache DNS data copies in the memory to limit the amount of data recorded while avoiding any problems brought to forensic work. negative impact.

Project Link: https://github.com/gamelinux/passivedns

Http://www.infoworld.com/slideshow/163151/11-open-source-security-tools-catching-fire-github-249652.

From http://www.oschina.net/news/55227/11-open-source-security-tools-catching-fire-github

[Reprint: http://www.linuxeden.com/html/news/20140913/155525.html]

Eleven popular open-source security tools on GitHub