A 'honeypot' is designed to detect server-side attacks. In contrast, a 'honeyclient' is designed to detect client-side attacks. Specifically, a honeyclient is a dedicated host that drives specially instrumented applications to access remote servers to see if those servers are behaving in a malicious manner (by compromising the client). Honeyclients can proactively detect exploits against client applications without known signatures. This framework uses a client-server model with SOAP messaging as the primary communication method, and uses the free version of VMware Server as a means of virtualizing the client environment.
DNSdoctor is a tool based on zonecheck that is intended to help with solving misconfigurations and inconsistencies in DNS zone files. It features a powerful configuration file, does not depend on policies, fine grained test selection (by test, categories, or zones), full IPv6 support (connectivity and AAAA records), and several input/output interfaces (CLI, GUI, CGI, and a dedicated mode for use inside shell scripts). It uses threads to cut down checking time and can be extended with new tests, interfaces, and reports, and features exception and cache mechanisms to simplify test writing.
nVentory is a Ruby on Rails application to manage inventory in multiple data centers. It can manage server functionality assignment, customer/server assignment, racking, and more. It can track which servers are doing what, and where they are in your data centers. It allows you to visualize server locations and rack space with GUI tools.
Websitary is a script that monitors Web pages, RSS feeds, and podcasts and reports what's new. For many tasks, it reuses other programs (such as w3m, diff, and webdiff) to do the actual work. By default, it works on an ASCII basis, i.e. with the output of text-based Web browsers. With the help of some friends, it can also work with HTML.
Trisul meters bandwidth usage, monitors flows, and stores raw packets for future drilldown analysis. All traffic data is stored in a SQLITE3 database. It communicates with the outside world via the Trisul Remote Protocol (TRP) and via a Ruby-on-rails application called Web Trisul. What sets Trisul apart from other monitoring tools is its drill-down capabilities for analyzing past events (e.g. "Show me the top hosts using ICMP at 5AM this morning"). Trisul combined with WebTrisul can be used as a Web-based network security monitoring platform. Web Trisul features live SVG charts that allow you to select a time interval and invoke drill-down analysis using the raw traffic data as the source. You can also write tools that communicate with Trisul directly via a secure TLS connection using the Trisul Remote Protocol.
Ruby Nmap::Parser Library provides a Ruby interface to Nmap's scan data. It can run Nmap and parse its XML output directly from the scan, parse a file containing the XML data from a separate scan, parse a String of XML data from a scan, or parse XML data from an object via its read() method. This information is presented in an easy-to-use and intuitive fashion for storage and manipulation.