Repositories list

• rita

  Public
  Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis.

  log-analysisincident-responseintrusion-detection+ 13

  log-analysisincident-responseintrusion-detectionnetwork-monitoringthreat-huntingbeaconscyber-securityzeeksecurity-toolsthreat-intelligence+ 6

  Go

  •

  GNU General Public License v3.0

  •5858 forks•548548 stars•1616 issues•66 pull requests•Updated Apr 2, 2026Apr 2, 2026

• docker-zeek

  Public
  Run zeek with zeekctl in docker

  dockerhacktoberfestzeek+ 1

  dockerhacktoberfestzeekzeekctl

  Go

  •

  GNU General Public License v3.0

  •2222 forks•6363 stars•77 issues•44 pull requests•Updated Mar 27, 2026Mar 27, 2026

• zeek-open-connections

  Public
  Zeek

  •

  GNU General Public License v3.0

  •44 forks•1717 stars•11 issue•00 pull requests•Updated Mar 24, 2026Mar 24, 2026

• espy

  Public
  Endpoint detection for remote hosts for consumption by RITA and Elasticsearch

  Go

  •

  GNU General Public License v3.0

  •2020 forks•8080 stars•77 issues•00 pull requests•Updated Mar 19, 2026Mar 19, 2026

• BeaKer

  Public
  Beacon Kibana Executable Report. Aggregates Sysmon Network Events With Elasticsearch and Kibana

  Shell

  •

  GNU General Public License v3.0

  •4444 forks•302302 stars•33 issues•22 pull requests•Updated Mar 19, 2026Mar 19, 2026

• zeek-log-transport

  Public
  This script ships logs from Zeek to AC-Hunter

  Shell

  •33 forks•77 stars•33 issues•33 pull requests•Updated Mar 19, 2026Mar 19, 2026

• ACH-Zeek

  Public
  Zeek installer packaged with AC-Hunter

  Shell

  •00 forks•00 stars•00 issues•00 pull requests•Updated Mar 19, 2026Mar 19, 2026

• passer

  Public
  Passive service locator, a python sniffer that identifies servers, clients, names and much more

  pythonlinuxdns+ 16

  pythonlinuxdnssecuritypcappacketsgplv3sniffernetwork-monitoringmacosx+ 9

  Python

  •

  GNU General Public License v3.0

  •5454 forks•262262 stars•00 issues•22 pull requests•Updated Feb 9, 2026Feb 9, 2026

• tcp-sig-json

  Public
  Json file that holds TCP signatures for passive OS fingerprinting

  Python

  •

  GNU General Public License v3.0

  •11 fork•11 star•00 issues•00 pull requests•Updated Feb 9, 2026Feb 9, 2026

• shell-lib

  Public archive
  Shell Scripts Used Across ActiveCM Projects

  Shell

  •

  BSD 3-Clause "New" or "Revised" License

  •33 forks•44 stars•33 issues•11 pull request•Updated Feb 5, 2026Feb 5, 2026

• rita-legacy

  Public
  Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis.

  dnssecurityanalytics+ 14

  dnssecurityanalyticsanalysislogsthreatbeaconscanningbeacon-sniffernetwork-traffic+ 7

  Go

  •

  GNU General Public License v3.0

  •353353 forks•2.5k2.5k stars•8181 issues•44 pull requests•Updated Jan 12, 2026Jan 12, 2026

• zeek-log-tools

  Public
  Tools for working with Zeek logs

  Shell

  •

  GNU General Public License v3.0

  •00 forks•11 star•00 issues•00 pull requests•Updated Jun 19, 2025Jun 19, 2025

• zcutter

  Public
  Extracts fields from zeek logs, compatible with zeek-cut

  tsvconverterjson+ 4

  tsvconverterjsonpython3python-3zeektsv-parser

  Python

  •

  GNU General Public License v3.0

  •66 forks•2727 stars•00 issues•00 pull requests•Updated Jul 10, 2024Jul 10, 2024

• safelist-tools

  Public
  Tools for working with the safelist (formerly whitelist)

  Go

  •

  GNU General Public License v3.0

  •44 forks•55 stars•11 issue•11 pull request•Updated Apr 11, 2024Apr 11, 2024

• pcap-stats

  Public
  Learn about a network from a pcap file or reading from an interface

  pythonpcaptraffic-analysis+ 3

  pythonpcaptraffic-analysispython3scapynetwork-analysis

  Python

  •

  GNU General Public License v3.0

  •55 forks•2929 stars•11 issue•00 pull requests•Updated Apr 6, 2024Apr 6, 2024

• sniffer-template

  Public
  Template for building a packet sniffer

  pythontemplatepcap+ 5

  pythontemplatepcappython3pcap-filesscapypcap-analyzerpcap-library

  Python

  •

  GNU General Public License v3.0

  •55 forks•1515 stars•00 issues•00 pull requests•Updated Mar 25, 2024Mar 25, 2024

• threat-tools

  Public
  Tools for simulating threats

  Python

  •

  GNU General Public License v3.0

  •3737 forks•203203 stars•00 issues•00 pull requests•Updated Oct 27, 2023Oct 27, 2023

• save_json_stream

  Public
  JSON TCP stream importer for RITA and AC-Hunter

  python3threat-huntingpython-3+ 4

  python3threat-huntingpython-3zeekritazeek-idsbricata

  Python

  •

  GNU General Public License v3.0

  •22 forks•11 star•00 issues•00 pull requests•Updated Sep 8, 2023Sep 8, 2023

• rita-bl

  Public archive
  Real Intelligence Threat Analytics -- Blacklist Database

  Go

  •

  GNU General Public License v3.0

  •88 forks•1010 stars•22 issues•00 pull requests•Updated Jul 12, 2023Jul 12, 2023

• smudge

  Public
  Passive OS detection based on SYN packets without Transmitting any Data

  Python

  •

  GNU General Public License v3.0

  •99 forks•5050 stars•55 issues•00 pull requests•Updated Mar 29, 2023Mar 29, 2023

• zeekcfg

  Public
  A node.cfg generator for zeekctl

  Go

  •

  MIT License

  •44 forks•77 stars•33 issues•00 pull requests•Updated Nov 11, 2022Nov 11, 2022

• zeek-log-clean

  Public
  Delete Zeek log files until disk usage is under a given threshold

  Shell

  •

  MIT License

  •11 fork•33 stars•11 issue•00 pull requests•Updated Jul 1, 2022Jul 1, 2022

• bad-asn-list

  Public
  An open source list of ASNs known to belong to cloud, managed hosting, and colo facilities.

  117117 forks•22 stars•00 issues•00 pull requests•Updated Jun 22, 2022Jun 22, 2022

• pcap-resources

  Public
  Support files and tools for pcap analysis and packet capture

  GNU General Public License v3.0

  •33 forks•33 stars•00 issues•00 pull requests•Updated Mar 1, 2022Mar 1, 2022

• certificate-issues

  Public
  Identifies certificate problems from Zeek ssl log files

  Shell

  •

  GNU General Public License v3.0

  •00 forks•44 stars•00 issues•00 pull requests•Updated Jan 19, 2022Jan 19, 2022

• mgosec

  Public archive
  A Small Helper Library For Securing MongoDB Connections with Golang

  Go

  •

  MIT License

  •00 forks•44 stars•11 issue•00 pull requests•Updated Dec 1, 2021Dec 1, 2021

• get-release

  Public
  Github Action to get release information based on a tag

  JavaScript

  •

  MIT License

  •4343 forks•00 stars•00 issues•00 pull requests•Updated Oct 19, 2021Oct 19, 2021

• threat-hunting-labs

  Public
  Collection of walkthroughs on various threat hunting techniques

  HTML

  •

  GNU General Public License v3.0

  •1919 forks•7777 stars•00 issues•00 pull requests•Updated Aug 3, 2020Aug 3, 2020

• bro-install

  Public archive
  An Installation Script for Bro IDS on Debian Based Systems

  Shell

  •77 forks•2020 stars•00 issues•00 pull requests•Updated Jun 25, 2020Jun 25, 2020

• pi_project_installer

  Public
  A support library and set of scripts to simplify installing software on the Raspberry Pi/Raspbian

  Shell

  •

  GNU General Public License v3.0

  •22 forks•55 stars•00 issues•00 pull requests•Updated Feb 4, 2020Feb 4, 2020