Open Source Mac Network Monitoring Software

Angry IP scanner is fast and friendly network scanner for Windows, Linux, and Mac. It is very extensible, allowing it to be used for very wide range of purposes, with the primary goal of being useful to network administrators.

Osquery is an operating system instrumentation framework for Windows, OS X (macOS), Linux, and FreeBSD. The tools make low-level operating system analytics and monitoring both performant and intuitive. Osquery exposes an operating system as a high-performance relational database. This allows you to write SQL queries to explore operating system data. With osquery, SQL tables represent abstract concepts such as running processes, loaded kernel modules, open network connections, browser plugins, hardware events or file hashes.Osquery queries your devices like a database. Osquery uses basic SQL commands to leverage a relational data-model to describe a device. Frequently, attackers will leave a malicious process running but delete the original binary on disk. This query returns any process whose original binary has been deleted, which could be an indicator of a suspicious process.

Zeek has a long history in the open source and digital security worlds. Vern Paxson began developing the project in the 1990s under the name “Bro” as a means to understand what was happening on his university and national laboratory networks. Vern and the project’s leadership team renamed Bro to Zeek in late 2018 to celebrate its expansion and continued development. Zeek is not an active security device, like a firewall or intrusion prevention system. Rather, Zeek sits on a “sensor,” a hardware, software, virtual, or cloud platform that quietly and unobtrusively observes network traffic. Zeek interprets what it sees and creates compact, high-fidelity transaction logs, file content, and fully customized output, suitable for manual review on disk or in a more analyst-friendly tool like a security and information event management (SIEM) system.

OSSIM, AlienVault’s Open Source Security Information and Event Management (SIEM) product, provides event collection, normalization and correlation. For more advanced functionality, AlienVault Unified Security Management (USM) builds on OSSIM with these additional capabilities: * Log management * Advanced threat detection with a continuously updated library of pre-built correlation rules * Actionable threat intelligence updates from AlienVault Labs Security Research Team * Rich analytics dashboards and data visualization

Netdisco is an SNMP-based L2/L3 network management tool designed for moderate to large networks. Routers and switches are polled to log IP and MAC addresses and map them to switch ports. Automatic L2 network topology discovery, display, and inventory.

BASE is the Basic Analysis and Security Engine. It is based on the code from the Analysis Console for Intrusion Databases (ACID) project. This application provides a web front-end to query and analyze the alerts coming from a SNORT IDS system.

jpcap is a set of Java classes which provide an interface and system for network packet capture. A protocol library and tool for visualizing network traffic is included. jpcap utilizes libpcap, a widely deployed system library for packet capture.

NOTE: Project has moved to github, including file downloads. SharpPcap is a cross-platform packet capture framework for the .NET environment, based on the famous pcap / WinPcap libraries. It provides an API for capturing, injecting, analyzing and building packets using any .NET language such as C# and VB.NET.

phpLDAPadmin is a web-based LDAP administration tool for managing your LDAP server. With it you can browse your LDAP tree, view LDAP schema, perform searches, create, delete, copy and edit LDAP entries. You can even copy entries between servers.

Simple Event Correlator (SEC) is a lightweight event correlator for network management, log file monitoring, security management, fraud detection, and other tasks which involve event correlation.

Operative Systems Suported are: Linux-ubuntu, kali-linux, backtack-linux (un-continued), freeBSD, Mac osx (un-continued) Netool its a toolkit written using 'bash, python, ruby' that allows you to automate frameworks like Nmap, Driftnet, Sslstrip, Metasploit and Ettercap MitM attacks. this toolkit makes it easy tasks such as SNIFFING tcp/udp traffic, Man-In-The-Middle attacks, SSL-sniff, DNS-spoofing, D0S attacks in wan/lan networks, TCP/UDP packet manipulation using etter-filters, and gives you the ability to capture pictures of target webbrowser surfing (driftnet), also uses macchanger to decoy scans changing the mac address. Rootsector module allows you to automate some attacks over DNS_SPOOF + MitM (phishing - social engineering) using metasploit, apache2 and ettercap frameworks. Like the generation of payloads, shellcode, backdoors delivered using dns_spoof and MitM method to redirect a target to your phishing webpage. recent as introducted the scanner inurlbr (by cleiton)

The Neighbor Discovery Protocol Monitor (NDPMon) is used by Internet Protocol version 6 network administrators for monitoring ICMPv6 packets. NDPMon observes the local network for anomalies in the function of nodes using Neighbor Discovery Protocol (NDP) messages, especially during the Stateless Address Autoconfiguration. When an NDP message is flagged, it notifies the administrator by writing to the syslog or by sending an email report. It may also execute a user-defined script. For IPv6, NDPMon is an equivalent of Arpwatch for IPv4, and has similar basic features with added attacks detection. NDPMon also maintains up-to-date a list of neighbors on the link and watches all advertisements and changes. It permits to track the usage of cryptographically generated interface identifiers or temporary global addresses when Privacy extensions are enable (default behavior in Ubuntu and Windows for example).

netleak is a collection of small perlscripts that detects connectivity between network segments. It is mostly useful to detect "leaks" in large organizations that have private network segments physically separated from the Internet.

Access Point Utilites for Unix - it's a set of utilites to configure and monitor Wireless Access Points under Unix using SNMP protocol. Utilites knownly compiles and run under Linux, FreeBSD, NetBSD, OpenBSD, MacOS-X, AIX, QNX.

raddump interprets captured RADIUS packets to print a timestamp, packet length, RADIUS packet type, source and destination hosts and ports, and included attribute names and values for each packet.

viewstate is a decoder and encoder for ASP .Net viewstate data. It supports the different viewstate data formats and can extract viewstate data direct from web pages. viewstate will also show any hash applied to the viewstate data.

Automated Security Tools (autosec) aims to provide automatic tools which network administrators may use to help check and test the security of their network.

"Google Hack" Honeypot Project. GHH is written in PHP and assists the development of web based honeypots designed to lure search engine hackers.

Intrusion Block (IBlock) is a small Linux daemon which greps the alertfile of an IDS such as Snort or Suricata and blocks the offender hosts for a given amount of time using iptables.

This project uses JPcap library. By using it you can view Packet level information about ongoing traffic on your network. For windows7 you need to run the Jar file as Admin.

Passive Proxy Daemon (pproxyd) has moved to GitHub (https://github.com/rondilley/pproxyd ) This tool reads pcap format files or reads packets directly from the network, assembles web based traffic and generates squid proxy style logs.

TNV visualizes pcap data to graphically depict network packets, links, and ports for network traffic analysis to facilitate learning what constitutes 'normal' behavior, investigating security events, or network troubleshooting.

NSIA (Network System Integrity Analysis) is a web application monitoring system that scans web applications for potentially unwanted context such as defacements, unauthorized changes, errors, information leaks, profanity, compliance issues, etc

Common network dump analyzer tool to extract application data and pretty show. It reassembles and shows HTTP/SMTP/POP3/IMAP etc files. Please donate if you want this to be a candy.

ACID is a PHP-based analysis engine to search and process a database of security incidents generated by security-related software such as IDSes and firewalls (e.g. Snort, ipchains).