My Favorite Open Source Security Tools
2015-01-07 17:43
267 查看
So working at GitHub it is no surprise I believe in and use a lot of open source software. I think especially
for security this makes sense, for a number of reasons:
We need tools we can trust, so transparency is key
We need tools we can modify, since we often need things that don’t exist
We need tools that are cross platform
And the list goes on. I try to support these projects, with code, with feedback, with use, and sometimes, with praise. So, in sort of a weird security “Oprah
like” favorite things list here are a few of my favorite open source security tools:
Ok, #realtalk: This is an open source version of Mandiant/FireEye’s
MIR incident response platform. The idea is systems have an agent that reports to a server. The server can then set up jobs to look across an individual system, a group, or an entire population for a specific indicator of compromise, individual file, or many
other forensic artifacts.
Given the expense of MIR or similar systems like Encase Enterprise it’s truly astonishing the amount of effort the Google team working on GRR has put in, and it’s a huge benefit to the community that they’ve released
it. You can find more information on their user mailing list and Google
Code site. ~~As a side note I made a fork on GitHub to encourage even more open source collaboration.~~ Google has even moved GRR development to GitHub:Google/GRR/.
I’m really interested in talking to folks who want to work on this.
So if GRR is an open source version of MIR then Moloch is an open source version of EMC/RSA/Netwitness’s Netwitness
Investigator full content monitoring tool. Put together by the fine folks at AOL Moloch helps you capture and hunt in network traffic.
Oh the fine folks from Etsy & Facebook gave us a gift. MIDAS, the Mac Intrusion Detection Analysis System, is a framework for building host level detection of compromises specifically for OSX. It allows building
complex detection routines in Python, then provides the structure to run, store, and report on them. I’ve done a bit of work with this and see amazing potential long term.
So this project hasn’t gotten a lot of love lately, but it’s hugely interesting to me. There aren’t a lot of tools that try to make it easier to collaborate on forensic investigations, in fact most seem hell bent
on the exact opposite. I’d love to see more work on this tool, and will be setting it up at home soon.
So you know that time you have to go investigate a nasty web page? There are plenty of options: fire up a virtual machine, try to use a stripped down browser, curl the site. All of these give away some amount of
information that you’re profiling, and may miss things. Thug seeks to fix this, by providing a safe (not a real web browser) method that still correctly emulates what a browser would look like (such as an IE7 user agent string instead of a curl user agent
string). Thug makes it safe, easy, and quick to do this type of analysis.
Cuckoo Sandbox is easily one of the most mature open source security tools available, and the team behind it should be applauded for that. A malware analysis system, Cuckoo runs malware through a VM, captures system
changes, web traffic, and other malware relevant activity and shares it with the analyst. Having just gone 1.0 they’ve
added tons of features, improved stability, and put this tool on par with more expensive commercial malware systems. If you work with Windows based malware, this system should be in your arsenal.
for security this makes sense, for a number of reasons:
We need tools we can trust, so transparency is key
We need tools we can modify, since we often need things that don’t exist
We need tools that are cross platform
And the list goes on. I try to support these projects, with code, with feedback, with use, and sometimes, with praise. So, in sort of a weird security “Oprah
like” favorite things list here are a few of my favorite open source security tools:
Google’s Rapid Response
Ok, #realtalk: This is an open source version of Mandiant/FireEye’sMIR incident response platform. The idea is systems have an agent that reports to a server. The server can then set up jobs to look across an individual system, a group, or an entire population for a specific indicator of compromise, individual file, or many
other forensic artifacts.
Given the expense of MIR or similar systems like Encase Enterprise it’s truly astonishing the amount of effort the Google team working on GRR has put in, and it’s a huge benefit to the community that they’ve released
it. You can find more information on their user mailing list and Google
Code site. ~~As a side note I made a fork on GitHub to encourage even more open source collaboration.~~ Google has even moved GRR development to GitHub:Google/GRR/.
I’m really interested in talking to folks who want to work on this.
AOL’s Moloch
So if GRR is an open source version of MIR then Moloch is an open source version of EMC/RSA/Netwitness’s NetwitnessInvestigator full content monitoring tool. Put together by the fine folks at AOL Moloch helps you capture and hunt in network traffic.
Etsy & Facebook’s MIDAS
Oh the fine folks from Etsy & Facebook gave us a gift. MIDAS, the Mac Intrusion Detection Analysis System, is a framework for building host level detection of compromises specifically for OSX. It allows buildingcomplex detection routines in Python, then provides the structure to run, store, and report on them. I’ve done a bit of work with this and see amazing potential long term.
FordropWeb
So this project hasn’t gotten a lot of love lately, but it’s hugely interesting to me. There aren’t a lot of tools that try to make it easier to collaborate on forensic investigations, in fact most seem hell benton the exact opposite. I’d love to see more work on this tool, and will be setting it up at home soon.
Buffer’s Thug
So you know that time you have to go investigate a nasty web page? There are plenty of options: fire up a virtual machine, try to use a stripped down browser, curl the site. All of these give away some amount ofinformation that you’re profiling, and may miss things. Thug seeks to fix this, by providing a safe (not a real web browser) method that still correctly emulates what a browser would look like (such as an IE7 user agent string instead of a curl user agent
string). Thug makes it safe, easy, and quick to do this type of analysis.
Cuckoo Sandbox
Cuckoo Sandbox is easily one of the most mature open source security tools available, and the team behind it should be applauded for that. A malware analysis system, Cuckoo runs malware through a VM, captures systemchanges, web traffic, and other malware relevant activity and shares it with the analyst. Having just gone 1.0 they’ve
added tons of features, improved stability, and put this tool on par with more expensive commercial malware systems. If you work with Windows based malware, this system should be in your arsenal.
相关文章推荐
- The Ultimate List of Open Source Static Code Analysis Security Tools
- How to Cheat at Configuring Open Source Security Tools
- 10 Open Source Security Tools from Google, Facebook, Netflix and Cisco
- Building Open Source Network Security Tools: Components and Techniques
- 11 open source security tools catching fire on GitHub
- open source Internet security framework & tools
- [zz]Freeware, Open source and Commercial Website Security Tools and Services
- Open Source Test Tools
- Open Source for Perimeter Security @ JDJ
- MITRE OpenSource Tools
- Facebook, Google, and the Rise of Open Source Security Software
- Open-Source performance testing tools(From other site)
- The list of vision-based SLAM / Visual Odometry open source projects, libraries, dataset, tools
- 开源软件执照检查和工具探讨(Discuss the audit tools for open source license GPL/LGPL/MIT)
- My open source : https://github.com/ndkk/GreatFoundationLibrary
- Open Source Testing Tools in Java
- start my life in open source code
- Some Java based open-source tools
- JSecurity, an open source alternative java security framework
- Open Source Replication and Synchronization Tools Written in Java