pyWhat
maltrail
Our great sponsors
pyWhat | maltrail | |
---|---|---|
16 | 5 | |
6,352 | 5,749 | |
- | - | |
0.0 | 10.0 | |
6 months ago | 3 days ago | |
Python | Python | |
MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
pyWhat
-
Go Library like PyWhat?
Is there a library written in Go similar to PyWhat? I want to use a subset of the functionality for a simple go program I'm writing. I could just call PyWhat, link to lemmeknow, or even write a simple go implementation myself, but I wanted to ask if there was a pure go implementation. Thanks!
-
lemmeknow v0.7.0 is here with support for identifying bytes with help of regex crate!
Lemmeknow is basically used for identifying text as mentioned in README and video. It is Rust implementation of PyWhat. You can see various usecases there too.
-
lemmeknow - The fastest way to identify anything!
For rarity, we have got the database from pyWhat and the wiki says:
-
lemmeknow - the fastest way to identify anything!
This project was inspired by u/beesec 's pyWhat
- Tips for Making a Popular Open-Source Project in 2021 [Ultimate Guide]
- PyWhat - Identify Anything
- PyWhat - Identify Anything. Easily identify API keys, secrets, cryptocurrency wallets and more.
-
Is there an application or way to find hashes?
Do you mean something like this: https://github.com/bee-san/pyWhat
- Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is
-
IT Pro Tuesday #155 - Carrier Lookup, Network Podcast, Identification Tool & More
pyWhat enables you to easily identify emails, IP addresses and more. Feed it a .pcap file or some mysterious text or hex of a file, and it will tell you what it is. The tool is recursive, so it can identify everything in text, files and more. A shout out to the tool's author for sharing his creation.
maltrail
-
Maltrail: Malicious traffic detection system
I just wanted to tell you about Maltrail (https://github.com/stamparm/maltrail/).
-
Is Maltrait worth the trouble?
Yes, MT had OOM on *BSD, because of python-pcapy module, which is currently unmaintained. So, the fork was done and python-pcapy-ng becomes actual module for MT, which fixed OOM and now MT works OK for *BSD-line: [1] https://github.com/stamparm/maltrail/issues/19056 [2] https://github.com/stamparm/maltrail/issues/16710 [3] py-pcapy-ng on Fresh Ports: https://www.freshports.org/net/py-pcapy-ng/ Also /requirement.txt file was modified for MT to avoid installing python-pcapy instead of python-pcapy-ng: [4] https://github.com/stamparm/maltrail/commit/2aa2da5ba5c332ddd106020290926d1fdfd0f8b2 Despite on all it, some mass-medias keep saying that python-pcapy is required for MT to work. No, just python-pcapy-ng. "Given everything is now encrypted, does anyone know if it is still effective?" <-- IDS (MT is the IDS itself) is passive detection, it doesn't provide the prevention actions. MT can use blocking mechanism, they are describes for Linux: https://github.com/stamparm/maltrail/wiki/Miscellaneous#1-setting-up-maltrail-as-an-intrusion-prevention-system-ips . If some can describe mechanism for MT on *BSD-line, that would be nice. Anyway would be thankful, if you provide details on missing ransomware. Perhaps, it is needed to update network IoCs, if ransomware comprometation was via network. Thank you! "Are the signatures reasonably up to date?" <-- trying to be up-to-dated: https://github.com/stamparm/maltrail/commits/master
-
Low resource alternative to Security Onion
Security Onion is a suite of tools, but if you just want visibility into things happening on your perimeter with Fail2ban style mitigation check out MalTrail. https://github.com/stamparm/MalTrail
-
Having Problems Using Wire? That's Because Wire Domains Are Ending Up In NextDNS Threat Intelligence Blocklists!
The Threat Intelligence Feeds have multiple upstream sources, see https://github.com/nextdns/metadata/blob/master/security/threat-intelligence-feeds.json. In this case, Maltrail Blacklist seems to have included this domain. You can report this directly to that maintainer here: https://github.com/stamparm/maltrail/issues
-
How do you run self-hosted software?
last docker discovery : maltrail (https://github.com/stamparm/maltrail , about to be moved from VM to docker)
What are some alternatives?
arkime - Arkime is an open source, large scale, full packet capturing, indexing, and database system.
Suricata - Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community.
BruteShark - Network Analysis Tool
Fail2Ban - Daemon to ban hosts that cause multiple authentication errors
chepy - Chepy is a python lib/cli equivalent of the awesome CyberChef tool.
rpi-appliance-monitor - Device to monitor appliances that vibrate, such as clothes dryers or garage door openers
TryHackMe - This is a repository containing TryHackMe Writeups in Somali language on various of rooms & challenges, including notes, files and solutions.
community - Volatility plugins developed and maintained by the community
usaddress - :us: a python library for parsing unstructured United States address strings into address components
hosts - 🔒 Consolidating and extending hosts files from several well-curated sources. Optionally pick extensions for porn, social media, and other categories.
dumpulator - An easy-to-use library for emulating memory dumps. Useful for malware analysis (config extraction, unpacking) and dynamic analysis in general (sandboxing).
MalConfScan - Volatility plugin for extracts configuration data of known malware