360-FAAR (Firewall Analysis Audit and Repair) is an offline, command line, Perl firewall policy manipulation tool to filter, compare to logs, merge, translate, and output firewall commands for new policies, in Checkpoint dbedit, Cisco ASA, or ScreenOS commands. It is all contained in one file. It can read policy and logs for: Checkpoint FW1 (in odumper.csv / logexport format), Netscreen ScreenOS (in get config / syslog format), and Cisco ASA (show run / syslog format). It uses both inclusive and exclusive CIDR and text filters, permitting you to split large policies into smaller ones for virutalization at the same time as removing unused connectivity. It supports policy to log association, object translation, rulebase reordering and simplification, rule moves, and duplicate matching automatically. It allows you to seamlessly move rules to where you need them. 'print' mode creates a spreadsheet for your audit needs with one command.
GoAccess is a real-time Web log analyzer and interactive viewer for almost every Web server. It runs in a terminal and provides fast and valuable HTTP statistics for system administrators that require log monitoring and visual reports on the fly. GoAccess can monitor unique visitors, browsers, spiders, OS, hosts and IP geolocation, keyphrases, referring sites, status codes, etc. It has support for IPv6 and it parses nearly any Web log format.
DenyThem is a program designed to protect your Linux system from malicious attacks. It is an active response system to disrupt and block dictionary attacks and DOS attacks. DenyThem by default uses /var/log/syslog and /var/log/auth.log and searches for hack attempts. When DenyThem finds enough hack attempts from a single host, it will add a DROP statement to your system's firewall, thus preventing future attacks. DenyThem uses iptables, so it will only work on Linux or any other system that uses iptables. It can also block traffic from specific countries.
Zero RRD Framework provides a central HTTP-based service for importing into standard RRD databases and for generating graphs. A lightweight, easily extendable agent for the data sources pushes updates with minimal resource consumption to the master service using HTTP. With the introduction of VMs for the service, it's easy to test-drive the application and even the architecture (connecting agents to the service in the VM).
The Subukan Sensor is a complete Network Intrusion Detection System (NIDS) platform. It is not simply an application one can install on an existing operating system. Rather, Subukan is a total software solution including both an operating system and a unique compilation of security tools. It is based on a single file image or firmware that transforms almost any hardware equipment into a fully functional NIDS appliance. Appliance- based technology simplifies administration and provides the capability for remote upgrades.
Ruby Nmap::Parser Library provides a Ruby interface to Nmap's scan data. It can run Nmap and parse its XML output directly from the scan, parse a file containing the XML data from a separate scan, parse a String of XML data from a scan, or parse XML data from an object via its read() method. This information is presented in an easy-to-use and intuitive fashion for storage and manipulation.