Projects
These are projects that I have developed, am developing or are currently contributed to. If you have any questions, comments, or if you wish you submit a patch, feel free to contact me.
- NSM-Console - NSM-Console (Network Security Monitoring Console) is a framework for performing analysis on packet capture files. It implements a modular structure to allow for an analyst to quickly write modules of their own without any programming language experience. Using these modules a large amount of pcap analysis can be performed quickly using a set of global (as well as per-module) options.
- Hex LiveCD - Hex LiveCD is a Network Security Monitoring (NSM) centric live CD, built based on the principles of NSM, for analysts, by analysts. Besides containing most of the popular Open Source NSM tools (including NSM-Console), the Hex LiveCD also contains tools to perform network forensics. Hex is based on FreeBSD 6.2-RELEASE, and provides Fluxbox as the default desktop environment. It also includes an installer for hard drive installation.
- aimsnarf - Extract AIM conversations from live network capture or from a pcap file
- yahsnarf - Extract Yahoo conversations from live network capture or from a pcap file
- iploc - Parse either live network capture or a pcap file and query hostip.info for location data.
- harimau - Parse a pcap file, querying the Harimau watchlist (http://watchlist.security.org.my/) for all the IP addresses in the file.
-
- RSB - (RubyStreamBuilder) A project exploring different ways to rebuild TCP streams using Ruby without any external dependencies. Code for the ongoing blog series.
-