Active Countermeasures

All

45 repositories

rita
Public
Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis.
log-analysis incident-response intrusion-detection network-monitoring threat-hunting beacons cyber-security zeek security-tools threat-intelligence
Go
•
GNU General Public License v3.0
•43•437•24•6•Updated Dec 13, 2025Dec 13, 2025
BeaKer
Public
Beacon Kibana Executable Report. Aggregates Sysmon Network Events With Elasticsearch and Kibana
Shell
•
GNU General Public License v3.0
•42•299•3•2•Updated Nov 26, 2025Nov 26, 2025
espy
Public
Endpoint detection for remote hosts for consumption by RITA and Elasticsearch
Go
•
GNU General Public License v3.0
•18•80•7•0•Updated Oct 14, 2025Oct 14, 2025
zeek-log-tools
Public
Tools for working with Zeek logs
Shell
•
GNU General Public License v3.0
•0•1•0•0•Updated Jun 19, 2025Jun 19, 2025
zeek-log-transport
Public
This script ships logs from Zeek to AC-Hunter
Shell
•2•6•3•3•Updated Apr 1, 2025Apr 1, 2025
docker-zeek
Public
Run zeek with zeekctl in docker
docker hacktoberfest zeek zeekctl
Shell
•
MIT License
•21•59•7•4•Updated Sep 12, 2024Sep 12, 2024
zeek-open-connections
Public
Zeek
•
GNU General Public License v3.0
•4•15•1•0•Updated Aug 15, 2024Aug 15, 2024
rita-legacy
Public
Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis.
dns security analytics analysis logs threat beacon scanning beacon-sniffer network-traffic
Go
•
GNU General Public License v3.0
•359•2.5k•81•10•Updated Jul 10, 2024Jul 10, 2024
zcutter
Public
Extracts fields from zeek logs, compatible with zeek-cut
tsv converter json python3 python-3 zeek tsv-parser
Python
•
GNU General Public License v3.0
•3•25•0•0•Updated Jul 10, 2024Jul 10, 2024
shell-lib
Public
Shell Scripts Used Across ActiveCM Projects
Shell
•
BSD 3-Clause "New" or "Revised" License
•2•4•4•1•Updated Apr 30, 2024Apr 30, 2024
safelist-tools
Public
Tools for working with the safelist (formerly whitelist)
Go
•
GNU General Public License v3.0
•4•5•1•1•Updated Apr 11, 2024Apr 11, 2024
pcap-stats
Public
Learn about a network from a pcap file or reading from an interface
python pcap traffic-analysis python3 scapy network-analysis
Python
•
GNU General Public License v3.0
•4•29•1•0•Updated Apr 6, 2024Apr 6, 2024
active-dns-lookup
Public
Lookup hostnames via dns
python dns converter python3 dns-client zeek
Python
•
GNU General Public License v3.0
•0•0•0•0•Updated Apr 6, 2024Apr 6, 2024
sniffer-template
Public
Template for building a packet sniffer
python template pcap python3 pcap-files scapy pcap-analyzer pcap-library
Python
•
GNU General Public License v3.0
•4•15•0•0•Updated Mar 25, 2024Mar 25, 2024
threat-tools
Public
Tools for simulating threats
Python
•
GNU General Public License v3.0
•33•199•0•0•Updated Oct 27, 2023Oct 27, 2023
save_json_stream
Public
JSON TCP stream importer for RITA and AC-Hunter
python3 threat-hunting python-3 zeek rita zeek-ids bricata
Python
•
GNU General Public License v3.0
•1•1•0•0•Updated Sep 8, 2023Sep 8, 2023
rita-bl
Public archive
Real Intelligence Threat Analytics -- Blacklist Database
Go
•
GNU General Public License v3.0
•8•10•2•0•Updated Jul 12, 2023Jul 12, 2023
ACH-Zeek
Public
Zeek installer packaged with AC-Hunter
Shell
•0•1•0•0•Updated May 25, 2023May 25, 2023
smudge
Public
Passive OS detection based on SYN packets without Transmitting any Data
Python
•
GNU General Public License v3.0
•6•49•5•0•Updated Mar 29, 2023Mar 29, 2023
passer
Public
Passive service locator, a python sniffer that identifies servers, clients, names and much more
python linux dns security pcap packets gplv3 sniffer network-monitoring macosx
Python
•
GNU General Public License v3.0
•51•256•0•2•Updated Feb 16, 2023Feb 16, 2023
db-lib
Public
Python database access library
python sqlite python3 sqlite3 sqlite3-database
Python
•
Do What The F*ck You Want To Public License
•0•0•0•0•Updated Jan 3, 2023Jan 3, 2023
tcp-sig-json
Public
Json file that holds TCP signatures for passive OS fingerprinting
Python
•
GNU General Public License v3.0
•1•1•0•0•Updated Dec 13, 2022Dec 13, 2022
zeek-agent-v2
Public
Open source endpoint agent providing host information to Zeek. [v2]
C++
•
Other
•8•0•0•0•Updated Nov 29, 2022Nov 29, 2022
zeekcfg
Public
A node.cfg generator for zeekctl
Go
•
MIT License
•4•7•3•0•Updated Nov 11, 2022Nov 11, 2022
zeek-log-clean
Public
Delete Zeek log files until disk usage is under a given threshold
Shell
•
MIT License
•1•3•1•0•Updated Jul 1, 2022Jul 1, 2022
bad-asn-list
Public
An open source list of ASNs known to belong to cloud, managed hosting, and colo facilities.
114•2•0•0•Updated Jun 22, 2022Jun 22, 2022
pcap-resources
Public
Support files and tools for pcap analysis and packet capture
GNU General Public License v3.0
•2•3•0•0•Updated Mar 1, 2022Mar 1, 2022
certificate-issues
Public
Identifies certificate problems from Zeek ssl log files
Shell
•
GNU General Public License v3.0
•0•4•0•0•Updated Jan 19, 2022Jan 19, 2022
mgosec
Public archive
A Small Helper Library For Securing MongoDB Connections with Golang
Go
•
MIT License
•0•4•1•0•Updated Dec 1, 2021Dec 1, 2021
get-release
Public
Github Action to get release information based on a tag
JavaScript
•
MIT License
•43•0•0•0•Updated Oct 19, 2021Oct 19, 2021