Malware analysis, penetration testing, and computer forensics--github hosts a range of compelling security tools to meet the real needs of computing environments of all sizes.
As the cornerstone of open source development, "all loopholes are superficial" has become a famous principle or even creed. As a well-known Linus Law, when discussing the security advantages of open source mode, the theory that open code can improve the efficiency of vulnerability detection is generally accepted by IT professionals.
Now, with the emergence of popular code-sharing sites such as GitHub, the entire open source industry is increasingly helping other companies protect their code and systems and provide them with a wide variety of security tools and frameworks designed to complete malware analysis, penetration testing, computer forensics, and other similar tasks.
The following 11 basic security projects are all based on GitHub. Any administrator who is interested in security codes and systems needs to be concerned about them.
1. Metasploit Frame
As a project driven by the open source community and security Enterprise Rapid7, the Metasploit framework is a set of vulnerability development and delivery systems dedicated to penetration testing. It acts like a set of vulnerability libraries that enable managers to assess the security of an application by locating weaknesses and to take remedial action before an attacker discovers those weaknesses. It can be used to test windows, Linux, Mac, Android, iOS, and many other system platforms.
"Metasploit provides security researchers with a way to express security vulnerabilities in a relatively common format," said Tod Beardsley, Rapid7 's engineering and technology manager. "We have built thousands of modules for all device types – including ordinary computers, mobile phones, routers, switches, industrial control systems, and embedded devices." I can hardly think of any software or firmware that does not work well with Metasploit. "Project Link: https://github.com/rapid7/metasploit-framework
2, brakeman
The brakeman is a vulnerability scanning tool specifically for Ruby on Rails applications, and also performs data flow analysis for a process that passes a portion of the value to another part of the program. Users can use the software without installing the entire application stack, explains Justin Collins, founder and maintainer of the brakeman.
Although speed performance is not unmatched, brakeman in a few minutes for large-scale application scanning, which has surpassed the "black box" scanning tool. Although recently targeted fixes have been made, users still need to be aware of false positives when using brakeman. Brakeman should be used to act as a Web site security Scanning Tool. Collins currently has no plans to extend it to other platforms, but he encourages other developers to make improvements to the project code. Project Link: Https://github.com/presidentbeef/brakeman
3, Cuckoo Sandbox
The Cuckoo Sandbox is an automated dynamic malware analysis system designed to check for suspicious files in isolated environments.
"The primary purpose of this solution is to automatically execute and monitor the abnormal activity of any given malware after it is launched in a Windows virtual machine environment." When the execution process is complete, cuckoo further analyzes the collected data and generates a comprehensive report explaining the specific destructive capabilities of the malware, "said project founder Claudio Guarnieri.
The data caused by the cuckoo include local functionality and Windows API call tracking, created and deleted file copies, and analysis machine memory dump data. Users can customize the processing and reporting mechanism of the project to make the report content in different formats, including JSON and HTML. The Cuckoo sandbox became one of Google's code summer projects since 2010. Project Link: Https://github.com/cuckoobox/cuckoo
4, Moloch
Moloch is a scalable IPv4 packet capture, indexing and database system that can be used as a simple web interface for browsing, searching, and exporting functions. It implements password support or front-end APAHCE capabilities with HTTPS and HTTP mechanisms, and eliminates the need to replace the original IDs engine.
The software is able to store and retrieve all network traffic in the standard PCAP format, and can be deployed on multiple systems, with capacity per second to scale to several gigabytes. Project components include snapping, executing single-threaded C-language applications, users can also run multiple capture processes on each device, a set of viewers, which are actually node. JS applications, web interfaces, and Pcap file transfers, while Elasticsearch database technology is responsible for searching for class tasks. Project Link: Https://github.com/aol/moloch
5. Mozdef:mozilla Defense Platform
The Mozilla defense platform, also known as Mozdef, is designed to automate the process of security events, providing defenders with the ability to respond to attackers: a real-time, integrated platform that enables monitoring, response, collaboration, and improved protection, the project's creator, Jeff Bryner explains.
Mozdef extends the capabilities of traditional Seim (i.e., security information and event management) to provide coordinated incident response, visualization, and the ability to integrate easily into other enterprise-class systems, Bryner noted. It uses Elasticsearch, Meteor, and MongoDB to collect a large number of different types of data and can be saved in any way according to user needs. "You can see Mozdef as a set of Siem Tiers based on Elasticsearch that can bring security incident response task flows," Bryner said. The project began its concept validation in 2013 within Mozilla. Project Link: https://github.com/jeffbryner/MozDef
6, MIDAS
As a result of collaboration between Etsy and Facebook security teams, Midas is a set of intrusion detection analysis system frameworks specifically for Mac devices (i.e. Mac intrusion detection analytical systems, abbreviated as midases). This modular framework provides accessibility tools and sample models to detect modification activities that occur in the OS X System residency mechanism. The project is based on the concepts set forth in the two reports on self-defense security and attack-driven defense.
"Our common goal in releasing this framework is to promote enthusiasm in this area and to provide enterprise users with a prototype of a solution that can be used to detect vulnerabilities and residency patterns common in OS X terminals," Etsy and Facebook security teams noted in a note document. Midas users are able to define the host inspection, validation, analysis, and other targeted operations of the module. Project Link: Https://github.com/etsy/MIDAS
7, Bro
The Bro network analysis framework "is fundamentally different from the intrusion detection mechanism that most people know," said Robin Sommer, chief developer of the Bro project and senior researcher at the International Computer Science Association at the University of California, Berkeley.
Although intrusion detection systems can often match the current range of attack patterns, bro is a true programming language, which makes it more powerful than typical systems, Sommer says. It helps users to perform task planning at the Gao level.
The goal of Bro is to search for attack activities and provide background information and usage patterns. It is able to organize the devices in the network into visual graphics, in-depth network traffic and check network packets, it also provides a more universal traffic analysis platform. Project Link: Https://github.com/bro/bro
8. OS X Auditor
OS X Auditor is a free computer forensics tool that can parse and hash artifacts from a replica of a target system that is running on the system or needs to be analyzed. Includes kernel extensions, system and third-party agents and daemons, non-applicable systems, and third-party startup items, and agents installed outside the user download file.
Users ' quarantined files can be extracted from safari history, Firefox cookies, chrome history, social and email accounts, and Wi-Fi access points in the audited system. Project Link: https://github.com/jipegit/OSXAuditor
9. The Sleuth Kit
The Sleuth kit is a collection of libraries and a variety of command-line tools designed to investigate disk mirroring, including individual volumes and file system data. The kit also provides a plug-in framework that allows users to add more modules to analyze file content and establish automated systems.
As a tool combination for Microsoft and UNIX systems, sleuth kit allows investigators to identify and recover from the image the various types of evidence in the event response process or in the native system. The Sleuth kit and other tools that act as user interface solutions are autopsy, a digital forensics platform. "Autopsy is more focused on user-oriented," Sleuth Kit and autopsy founder Brian Carrier pointed out. "The Sleuth kit is more like a set of libraries that can be incorporated into its own tools, but users do not need to use the training directly." "Project Link: Https://github.com/sleuthkit/sleuthkit
10, Ossec
The host-based Intrusion detection system (OSSEC) enables log analysis, file integrity checking, monitoring, and alerting, and can be easily compared to a variety of common operating systems, including Linux, Mac OS X, Solaris, AIX, and Windows.
Ossec is designed to help enterprise users meet a variety of compliance requirements, including PCI and HIPAA, and can alert you by configuring malicious activity that detects unauthorized file system modifications or embeds into software and custom application log files. A central management Server is responsible for performing policy management tasks between different operating systems. The OSSEC project is supported by Trend Micro Company. Project Link: https://github.com/ossec/ossec-hids
11, Passivedns
Passivedns is able to collect DNS records passively, thus enabling the functions of incident handling assistance, network security monitoring, and digital forensics. The software can be configured to read PCAP (i.e. packet capture) files and output DNS data as log files or extract data traffic from a specific interface.
This tool can act on IPV4 and IPV6 traffic, implement traffic resolution based on TCP and UDP, and cache in-memory DNS data copies in a way that limits the amount of recorded data while avoiding any negative impact on forensics. Project Link: Https://github.com/gamelinux/passivedns
Source: InfoWorld Author Paul krill
Top 11 Open Source security tools on GitHub