Here’s a list of all the planned modules and completed (struck-out) modules for nsm-console: (if a module is struck out, it’s because I’ve finished making a module for it, it isn’t necessarily in the tarball for download)
- aimsnarf
- ngrep (gif/jpg/pdf/exe/pe/ne/elf/3pg/torrent)
- tcpxtract
- tcpflow
- chaosreader
- bro-IDS
- snort
- tcpdstat
- capinfos
- tshark
- argus
- ragator
- racount
- rahosts
- hash (md5 & sha256)
- ra
- honeysnap
- p0f
- pads
- fl0p
- iploc
- foremost – thanks shadowbq!
- flowgrep
- tcptrace
- tcpick
- flowtime
- flowtag
- harimau
- clamscan
Think of any other useful modules? Leave me a comment and let me know!
P.S. I’m also brainstorming for some pcap/real-time network visualization tools, stay tuned!
foremost data carver – http://foremost.sourceforge.net/
Link | December 25th, 2007 at 4:34 pm
check out afterglow
Link | January 4th, 2008 at 11:00 am
Real-time network visualization
Afterglow – http://afterglow.sourceforge.net/
rumint – http://www.rumint.org/
flowtag – http://chrislee.dhs.org/pages/research/projects.html#flowtag
tnv http://tnv.sourceforge.net/
These are mainly researtch project with small user bases. It would be nice though to have use of one or main of these projects as a day to day analyst. It sometimes is hard to integrate these into a work model for anaylst. nsm-console modules could help.
Thanks
shadowbq
Link | January 14th, 2008 at 2:36 pm