Suricata is an Intrusion Detection and Prevention (IDS/IPS) engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support, file extraction capabilities, and many more features. It's capable of loading existing Snort rules and signatures, and supports many frontends through Barnyard2.
Junkie is a real-time packet sniffer and analyzer. It is modular enough to accomplish many different tasks. It can be a helpful companion to the modern network administrator and analyst. Compared to previously available tools, junkie lies in between tcpdump and wireshark. Unlike tcpdump, its purpose is to parse protocols of any depth; unlike wireshark, though, it is designed to analyze traffic in real-time and so cannot parse traffic as completely as wireshark does. In addition, its design encompasses extendability and speed. It has a plug-in system and high-level extension language that eases the development and combination of new functionalities; threaded packet capture and analysis for handling of high bandwidth networks; and a modular architecture to ease the addition of any protocol layer. It is based on libpcap for portability, and well-tested on professional settings.
Ostinato is a network packet and traffic generator and analyzer with a friendly GUI. It aims to be "Wireshark in Reverse" and thus become complementary to Wireshark. It features custom packet crafting with editing of any field for several protocols: Ethernet, 802.3, LLC SNAP, VLAN (with Q-in-Q), ARP, IPv4, IPv6, IP-in-IP a.k.a IP Tunneling, TCP, UDP, ICMPv4, ICMPv6, IGMP, MLD, HTTP, SIP, RTSP, NNTP, etc. It is useful for both functional and performance testing.
Multi Threaded TCP Port Scanner allows you to scan 65535 TCP ports on an IP address. You can specify how many threads to run and the timeout. Furthermore, it will tell you the MAC address of the target and the services that are running. You can scan IP addresses on your network and find out which open ports you have.
MCL-edge is an integrated command-line driven workbench for large scale network analysis. It includes programs for the computation of shortest paths, diameter, clustering coefficient, betweenness centrality, and network shuffles. A module for loading and analyzing gene expression data as a network is provided. The MCL algorithm is a fast and highly scalable cluster algorithm for networks based on stochastic flow. The flow process employed by the algorithm is mathematically sound and intrinsically tied to cluster structure, which is revealed as the imprint left by the process. The threaded implementation has handled networks with millions of nodes within hours and is widely used in the fields of bioinformatics, graph clustering, and network analysis.
RedWolf is a security threat simulator that tests security system effectiveness. Its threat generation capabilities include email, IM, malware, P2P, social networking, VoIP, DDoS, and many more. The guiding philosophy is that by generating realistic scenarios in a wide variety of categories, an auditor or organization can assess the effectiveness of network defenses. The scenario suite allows one to verify compliance with PCI-DSS, Sarbanes-Oxley, or HIPAA controls. RedWolf helps identify data loss risks and provides expert recommendations concerning risk mitigation. It reports present findings, recommendations, best practices, and blocking guidance in a straightforward, easily readable format. RedWolf also acts as a 'Red Team' agent, running drills to measure the readiness of your operations staff.
Chaosmap is an information gathering tool and DNS, Whois, and Web server scanner. It can be used to look up DNS names with a dictionary with or without using a salt. Salting for DNS means it will append numbers from 1-9 to the name in the dictionary with or without a - and _ or a leading 0. Salting for Web stuff will try double slashes and some directory traversal tricks. It performs reverse DNS lookups of a whole IP range (with optional Whois lookup) and dictionary scans for hidden paths on one Web server or a range of IP addresses. Optionally you can encode a path with URL encoding use Google dict lookup mode to find the path on Google and only query the Webserver if there are no search results. It can also extract email addresses from domains using a Google search or perform a list of Google Hacking queries on your domain.
Xtract attempts to demonstrate how Wireshark's powerful network traffic analysis capabilities can be combined with the file carving capabilities of programs such as Foremost and NetworkMiner in a manner that is portable and extensible (hence the choice of Perl). Specifically, it offers automated extraction of network stream sessions; visualization of networks via GraphViz; and integration of file carving capability. The scripts are intended as a proof-of-concept for how tedious tasks of reassembling TCP/UDP streams from network capture files and file carving based on these streams can be automated.