background preloader

Security Tools

Facebook Twitter

Apache Metron Big Data Security.

Sniffer-Ware

TargetIdAndAnalysis. Machine learning in Python — scikit-learn 0.13.1 documentation. "We use scikit-learn to support leading-edge basic research [...]

machine learning in Python — scikit-learn 0.13.1 documentation

" "I think it's the most well-designed ML package I've seen so far. " "scikit-learn's ease-of-use, performance and overall variety of algorithms implemented has proved invaluable [...]. " "For these tasks, we relied on the excellent scikit-learn package for Python. " "The great benefit of scikit-learn is its fast learning curve [...] " "It allows us to do AWesome stuff we would not otherwise accomplish" "scikit-learn makes doing advanced analysis in Python accessible to anyone. " Dsniff. Internet Monitoring, Analysis & Reporting. Ettercap. Ethereal. Wireshark · Go deep. Kismet. Kismet. Ngrep. Ngrep version 1.45 - How to Download and Install on Mac OS X.

Welcome to ntop.org. Tcpdump. TCPDUMP/LIBPCAP public repository. Autopsy Forensic Browser: Description. Description Autopsy is a graphical interface to the command line digital investigation analysis tools in The Sleuth Kit.

Autopsy Forensic Browser: Description

Together, they can analyze Windows and UNIX disks and file systems (NTFS, FAT, UFS1/2, Ext2/3). The Sleuth Kit and Autopsy are both Open Source and run on UNIX platforms (you can use Cygwin to run them both on Windows). As Autopsy is HTML-based, you can connect to the Autopsy server from any platform using an HTML browser. Autopsy provides a "File Manager"-like interface and shows details about deleted data and file system structures. Analysis Modes A dead analysis occurs when a dedicated analysis system is used to examine the data from a suspect system. Evidence Search Techniques File Listing: Analyze the files and directories, including the names of deleted files and files with Unicode-based names.

Case Management Case Management: Investigations are organized by cases, which can contain one or more hosts. Autopsy Forensic Browser: Download. Download There are six files to download for each release: autopsy-X.X.X-32bit.msi: A 32-bit Windows installer. autopsy-X.X.X-64bit.msi: A 64-bit Windows installer. autopsy-X.X.X-devplatform.zip: A platform for developers to write modules against.

Autopsy Forensic Browser: Download

Various .asc files that are GPG signatures of the above files. To use Autopsy on windows, download an msi and run it. Download The Autopsy Forensic Browser. Biew. BIEW: Binary vIEW project. HashDig. 1 Welcome To The HashDig Project HashDig technology is a collection of utilities designed to help practitioners automate the process of resolving MD5 and SHA1 hashes.

HashDig

In the early stages of an investigation, it is not typically possible or practical to examine all subject files. Therefore, practitioners need reliable methods that can quickly reduce the number of files requiring examination. One such method is to group files into two general categories: known and unknown. This method can be implemented quite effectively by manipulating hashes and comparing them to one or more reference databases. HashDig technology was designed to work in conjunction with FTimes and is currently maintained and distributed under that project (click here for cvs access).

FTimes is a system baselining and evidence collection tool. 2 Constructing Reference Databases There are a number of different sources for obtaining known hashes. Hash|category. Browse FTimes Files on SourceForge. Download FTimes. Rifiuti. Sleuthkit. The Sleuth Kit (TSK) & Autopsy: Open Source Digital Investigatio. The Sleuth Kit. The Sleuth Kit: Download. Browse The Sleuth Kit Files on SourceForge. Download The Sleuth Kit. Netsed. NetSED, on-the-fly packet modifier. SourceForge.net: Find and Develop Open Source Software.

Log In to SourceForge. SourceForge.net: Find and Develop Open Source Software. Software Search. Cryptcat. Cryptcat Project. Browse cryptcat - encrypting netcat Files on SourceForge. Download cryptcat - encrypting netcat from SourceForge. Firewalk. Macintosh Security Site -> Mac OS X Firewalk - Firewall Configur. Firewalk X - Mac OS XFirewall Configuration Utility Firewalk X 2 is out now - download @ bottom of page!

Macintosh Security Site -> Mac OS X Firewalk - Firewall Configur

What is Firewalk? Firewalk is a Mac OS X configuration utility for the built in firewall. While you are running Mac OS X you should be aware that you are running on a BSD/Mach kernal. The built in firewall that Mac OS X offers is rather dirty, some like to get into the unix part of the operating system others still prefer the nice Macintosh GUI. Firewalk X 2 offers all of the following in a single package Information Firewalk X 2 allows you to create TCP, UDP, and ICMP rules. Being able to set specific rules to have expiration dates is a strong point of this program. Network access can also be restricted to specific applications, your child shouldn't be playing Diablo II online on your computer - only you can. Rating Registration This is a 12.00 Shareware utility which may be registered online via KAGI.

Untitled. Pliris-soft.com - mac software Resources and Information. Netcat. Official homepage. Official homepage. Browse The GNU netcat Files on SourceForge. Download The GNU netcat from SourceForge. p0f. [the new p0f] Copyright (C) 2012 by Michal Zalewski <lcamtuf@coredump.cx> Yeah, it's back!

[the new p0f]

1. What's this? P0f is a tool that utilizes an array of sophisticated, purely passive traffic fingerprinting mechanisms to identify the players behind any incidental TCP/IP communications (often as little as a single normal SYN) without interfering in any way. Version 3 is a complete rewrite of the original codebase, incorporating a significant number of improvements to network-level fingerprinting, and introducing the ability to reason about application-level payloads (e.g., HTTP). Some of p0f's capabilities include: Highly scalable and extremely fast identification of the operating system and software on both endpoints of a vanilla TCP connection - especially in settings where NMap probes are blocked, too slow, unreliable, or would simply set off alarms. You can read more about its design and operation in this document. Fun fact: The idea for p0f dates back to June 10, 2000. AMAP - fast and reliable application fingerprint mapper.