Michele M Jordan

Pig or (Packet intruder generator) is a Linux based packet crafting tool. You can use Pig for a number of different purposes such as testing your IDS/IPS through to spoofing ARP. Pig brings with it a number of well-known attack signatures which are ready ...

Pompem is an open source tool, which is designed to automate the search for exploits in major databases. Developed in Python, has a system of advanced search, thus facilitating the work of pentesters and ethical hackers. In its current version, performs s ...

Justniffer is a network protocol analyzer that captures network traffic and produces logs in a customized way, it can emulate Apache web server log files, track response times and extract all "intercepted" files from the HTTP traffic. It lets you interac ...

ngrep strives to provide most of GNU grep's common features, applying them to the network layer. ngrep is a pcap-aware tool that will allow you to specify extended regular or hexadecimal expressions to match against data payloads of packets. It currently ...

A tool to collect DNS records passively to aid Incident handling, Network  Security Monitoring (NSM) and general digital forensics. PassiveDNS sniffs traffic from an interface or reads a pcap-file and outputs the DNS-server answers to a log file. Passive ...

Sagan is an open source (GNU/GPLv2) high performance, real-time log analysis & correlation engine that run under *nix operating systems (Linux/FreeBSD/OpenBSD/etc). It is written in C and uses a multi-threaded architecture to deliver high performance log ...

ntopng is the next generation version of the original ntop, a network traffic probe that shows the network usage, similar to what the popular top Unix command does. ntopng is based on libpcap and it has been written in a portable way in order to virtually ...

Intrusion Prevention System (IPS) for ssh (default port 22), this IPS responds to the suspicious activity by setting the linux firewall (iptables) to block network traffic from the suspected malicious source. Suspicious activity is determined via auth or ...

Tcpflow is a program that captures data transmitted as part of TCP connections (flows), and stores the data in a way that is convenient for protocol analysis and debugging. Each TCP flow is stored in its own file. Thus, the typical TCP flow will be stored ...

Arkime (formerly Moloch) is an open source, large scale, full packet capturing, indexing and database system. A simple web interface is provided for PCAP browsing, searching, and exporting. APIs are exposed that allow PCAP data and JSON-formatted ses ...

OpenFPC is a set of scripts that combine to provide a lightweight full-packet network traffic recorder and buffering tool. Its design goal is to allow non-expert users to deploy a distributed network traffic recorder on COTS hardware while integrating int ...

An extensible network forensic analysis framework. Enables rapid development of plugins to support the dissection of network packet captures. Key features:Robust stream reassemblyIPv4 and IPv6 supportCustom output handlersChainable decoders

Stenographer is a full-packet-capture utility for buffering packets to disk for intrusion detection and incident response purposes. It provides a high-performance implementation of NIC-to-disk packet writing, handles deleting those files as disk fills up, ...

netsniff-ng is a free, performant linux network analyzer and networking toolkit. If you will, the Swiss army knife for network packets. The gain of performance is reached by built-in zero-copy mechanisms, so that on packet reception and transmission the ...

ModSecurity is an open source, cross-platform web application firewall (WAF) module. Known as the "Swiss Army Knife" of WAFs, it enables web application defenders to gain visibility into HTTP(S) traffic and provides a power rules language and API to imple ...

TrainACE runs CISSP training classes at two locations in the Baltimore - Washington metropolitan area, as well as online: Ashburn, VA and Greenbelt, MD.

The Viasat Eclypt Freedom is an encrypted, portable drive that gives fast access to secure data. Accredited by government organizations around the world to protect important data, the Eclypt Freedom uses advanced hardware-based full disk encryption. In t ...

Recon-ng is a full-featured Web Reconnaissance framework written in Python. Complete with independent modules, database interaction, built in convenience functions, interactive help, and command completion, Recon-ng provides a powerful environment in whic ...

BlackArch Linux is an Arch Linux-based distribution for penetration testers and security researchers. 

The EZ-Tap Pro is an industry leading protocol analyzer.