These are projects that I have developed, am developing or are currently contributed to. If you have any questions, comments, or if you wish you submit a patch, feel free to contact me.
See updated projects on my Github page
- LIDS - L.I.D.S. - Locality Intrusion Detection System is a small C++ program designed to throw alarms for various network events. It differs from programs like Snort and Bro-IDS in that it uses (or will use) locality to determine whether an alarm should be raised.
- NSM-Console - NSM-Console (Network Security Monitoring Console) is a framework for performing analysis on packet capture files. It implements a modular structure to allow for an analyst to quickly write modules of their own without any programming language experience. Using these modules a large amount of pcap analysis can be performed quickly using a set of global (as well as per-module) options.
- Hex LiveCD - Hex LiveCD is a Network Security Monitoring (NSM) centric live CD, built based on the principles of NSM, for analysts, by analysts. Besides containing most of the popular Open Source NSM tools (including NSM-Console), the Hex LiveCD also contains tools to perform network forensics. Hex is based on FreeBSD 7.0-RELEASE, and provides Fluxbox as the default desktop environment. It also includes an installer for hard drive installation.
- aimsnarf - Extract AIM conversations from live network capture or from a pcap file
- yahsnarf - Extract Yahoo conversations from live network capture or from a pcap file
- iploc - Parse either live network capture or a pcap file and query hostip.info for location data.
- harimau - Parse a pcap file, querying the Harimau watchlist (http://watchlist.security.org.my/) for all the IP addresses in the file.
- RSB - (RubyStreamBuilder) A project exploring different ways to rebuild TCP streams using Ruby without any external dependencies. Code for the ongoing blog series.