The hottest 11 open source security tools on GitHub

Malware analysis, penetration testing, and computer forensics - GitHub hosts a host of compelling security tools that address the real needs of computing environments of all sizes.

As the cornerstone of open source development, "all holes are superficial" has become a well-known principle or even a credo. As widely known as Linus's law, the theory that open code can improve the efficiency of project vulnerability detection is also widely accepted by IT professionals when discussing the security benefits of the open source model.

Now, with the advent of highly popular code-sharing sites such as GitHub, the entire open source industry is beginning to increasingly help other businesses protect their own code and systems and provide them with a wide variety of security tools and frameworks designed to accomplish Malware analysis, penetration testing, computer forensics, and other similar tasks.

The following eleven basic security projects are all based on GitHub. Anyone interested in security code and system administrators need to pay attention to them.

1, Metasploit framework

As a one-hand project driven by the open-source community and security firm Rapid7, the Metasploit framework is a set of vulnerability development and delivery systems specifically designed for penetration testing. It acts like a set of vulnerability libraries that help managers assess the security of an application by locating vulnerabilities and taking remedies before an attacker can spot those vulnerabilities. It can be used to test Windows, Linux, Mac, Android, iOS and many other system platforms.

"Metasploit provides security researchers with a way to express vulnerabilities in a relatively common format," said Tod Beardsley, engineering manager at Rapid7. "We've created thousands of modules for all types of devices - including normal computers, cell phones, routers, switches, industrial control systems, and embedded devices - and I can scarcely think of any software or firmware that does not work well for Metasploit's great usability . "Project Link: https://github.com/rapid7/metasploit-framework

2, Brakeman

Brakeman is a vulnerability scanning tool designed specifically for Ruby on Rails applications and performs data flow analysis of processes passed from one part of a program's values to another. Users do not need to install the entire application stack to use the software, explained Justin Collins, creator and defender of Brakeman.

Despite its unrivaled speed performance, Brakeman is just minutes away from large application scans, a move that has outgrown the "black box" scanning tool. Although recent fixes have been made, users still need to be aware of false positives when using Brakeman. Brakeman should be used as a web security scanning tool. Collins currently has no plan to extend it to other platforms, but he encourages other developers to make improvements to the project's code. Project Link: https://github.com/presidentbeef/brakeman

3, Cuckoo Sandbox

Cuckoo Sandbox is an automated dynamic malware analysis system designed to examine suspicious files in isolated environments.

"The main purpose of this solution is to automatically execute and monitor the anomalous activity of any given malware after it is started in a Windows virtual machine environment.After the execution process is over, Cuckoo will further analyze the data and generate a copy Comprehensive report that explains the specific disruptive capabilities of malware, "said project founder Claudio Guarnieri.

Cuckoo's data includes local features and Windows API call tracing, a copy of files created and deleted, and analyzer memory dump data. Users can customize the project's processing and reporting mechanisms to generate reports in different formats, including JSON and HTML. Cuckoo Sandbox has been one of the projects in the Google Code Summer since 2010. Project Link: https://github.com/cuckoobox/cuckoo

4, Moloch

Moloch is a scalable IPv4 packet capture, indexing and database system that enables browsing, searching and exporting as a simple web interface. It leverages HTTPS and HTTP mechanisms for password support or front-end Apahce capabilities without having to replace the original IDS engine.

The software stores and retrieves all network traffic in standard PCAP format and can be deployed on a variety of systems with throughput scales to several gigabytes per second. Project components include capturing and executing single-threaded C-language applications, and users can run multiple capture processes on each device; a set of viewers, which are actually Node.js applications for web interface and PCAP file transfers; Elasticsearch database technology is responsible for search class tasks. Project Link: https://github.com/aol/moloch

5, MozDef: Mozilla defense platform

This Mozilla defensive platform, MozDef, is designed to automate the process of security incidents to provide defenders with the same capabilities as attackers: a real-time, integrated platform for monitoring, reacting, collaborating and improving Relevant protections, explained Jeff Bryner, the project's founder.

MozDef extends traditional SEIM (Security Information and Event Management) capabilities to include the ability to respond to collaborative events, visualize, and easily integrate with other enterprise-class systems, Bryner said. It uses Elasticsearch, Meteor, and MongoDB to collect a vast array of different types of data and save it any way you want. "You can think of MozDef as a set of SIEM layers built on top of Elasticsearch, which brings with it the security incident response task flow," Bryner said. The project started proof of concept within Mozilla in 2013. Project Link: https://github.com/jeffbryner/MozDef

6, MIDAS

As a product of collaboration between security teams from both Etsy and Facebook, MIDAS is a suite of intrusion detection analysis systems (MIDASes) designed specifically for Mac devices. This module framework provides assistive tools and sample models to detect modifications that occur in the OS X system hosting mechanism. The project is based on the concepts articulated in two reports, "self-made defense security" and "attack-driven defense."

"Our common goal in this framework is to foster this area of enthusiasm and to provide business users with a prototype solution that detects common patterns of exploit and presence in OS X terminals," said Etsy and Facebook The team pointed out in a note. MIDAS users can define the module's host checking, verification, analysis and other targeted operations. Project Link: https://github.com/etsy/MIDAS

7, Bro

The Bro Web Analytics Framework "is essentially the same as the most commonly known intrusion detection mechanism," said Robin Sommer, chief project developer for the Bro project and a senior fellow at the International Computer Science Institute at Berkeley.

Although intrusion detection systems are often able to effectively match the types of attacks currently in existence, Bro is a true programming language that makes it even more powerful than typical systems, Sommer said. It helps users to execute tasks based on high semantic levels.

Bro's goal is to search for attacks and provide background information and usage patterns. It can organize all the devices in the network into visual graphics, in-depth network traffic and check network packets; it also provides a more versatile traffic analysis platform. Project Link: https://github.com/bro/bro

8, OS X Auditor

OS X Auditor is a free computer forensics tool that parses and hashes the artifacts in a target system copy above or on the fly. Including kernel extensions, systems with third-party proxies and daemons, systems that do not apply, and third-party startup items that are already installed on the user's download file.

Users' quarantined files can be extracted from Safari history, Firefox cookies, Chrome history, social and email accounts, and Wi-Fi access points in the audited system. Project Link: https://github.com/jipegit/OSXAuditor

9, The Sleuth Kit

The Sleuth Kit is a collection of libraries and command line tools designed to investigate disk images, including volumes and file system data. The kit also provides a plug-in framework that allows users to add more modules to analyze the contents of the file and create an automated system.

As a toolkit for both Microsoft and Unix systems, the Sleuth Kit allows investigators to identify and recover from the images any evidence within the incident response or within the autonomic system. Autopsy, the user interface solution for Sleuth Kit and other tools, is a digital forensics platform. "Autopsy is more user-oriented," said Brian Carrier, creator of Autodesk and Sleuth Kit. "The Sleuth Kit is more of a library of tools for everyone to include in their own tools, but users do not have to use it directly." Project Link: https://github.com/sleuthkit/sleuthkit

10, OSSEC

Host-based intrusion detection system OSSEC enables log analysis, file integrity checking, monitoring and alerting, as well as a host of other popular operating systems, including Linux, Mac OS X, Solaris, AIX, and Windows.

OSSEC is designed to help business users meet compliance compliance requirements, including PCI and HIPAA, and can be issued by configuring malicious activities where they detect unauthorized file system modifications or embedded into software and custom application log files alarm. A central management server is responsible for executing policy management tasks between different operating systems. The OSSEC project is supported by Trend Micro. Project Link: https://github.com/ossec/ossec-hids

11, PassiveDNS

PassiveDNS collects DNS records passively, enabling incident handling aids, cyber security monitoring, and digital forensics. The software can be configured to read the pcap (packet capture) file and output the DNS data as a log file or extract data traffic from a particular interface.

This tool works on both IPv4 and IPv6 traffic, parsing traffic based on TCP and UDP and avoiding any negative impact on forensics work by limiting the amount of logged data by caching copies of DNS data in memory. Project Link: https://github.com/gamelinux/passivedns