Collect some excellent safety open source projects of Party A

This is a list of open source security projects, which collects some excellent open source security projects to help Party A's security practitioners build enterprise security capabilities. Each of these open source projects is committed to solving some security problems.

Ideas for project collection:

One is to focus on the security open source projects of Internet enterprises / teams. Through the internal practice of the enterprise, these best practices are worth learning from. The other is the demand from enterprise security capacity-building, which is classified according to the demand, such as WAF, HIDS, Git monitoring, etc.

This collection is a long-term process. I created a project in GitHub to collect some excellent Party A's security projects.

GitHub project address:

GitHub - bypass007 / safety project collection: collect some excellent open source security projects to help Party A's security practitioners build enterprise security capabilities.

Project content

According to the needs of enterprise security capacity-building, it can be roughly divided into the following types:

asset management

• Insight: insight - Yixin is a platform integrating application system asset management, vulnerability life cycle management and security knowledge base management.

  https://github.com/creditease-sec/insight

• xunfeng: a quick emergency and cruise scanning system for vulnerabilities in the enterprise intranet.

  https://github.com/ysrc/xunfeng

Security development

• rhizobia_J: JAVA security SDK and coding specification.

  https://github.com/momosecurity/rhizobia_J

• rhizobia_P: PHP security SDK and coding specification.

  https://github.com/momosecurity/rhizobia_P

Automated code audit

• fortify: static code scanning tool.

  http://www.fortify.net/

• RIPS: static source code analyzer for PHP script vulnerabilities.

  http://rips-scanner.sourceforge.net/

• OpenStack Bandit: a static analyzer based on Python AST, which is used to find common security problems in Python code.

  https://github.com/openstack/bandit/releases/

• Cobra: a source code security audit tool that supports the detection of most significant security problems and vulnerabilities in the source code of multiple development languages.

  https://github.com/WhaleShark-Team/cobra

• banruo: an automated code audit system based on fotify.

  https://github.com/yingshang/banruo

WAF

• ngx_lua_waf: a network application firewall based on Lua nginx module (openresty).

  https://github.com/loveshell/ngx_lua_waf

• OpenRASP: a free, open source application runtime self-protection product.

  https://rasp.baidu.com/

• ModSecurity: an intrusion detection and protection engine.

  http://www.modsecurity.org/

• Royal shield: the next generation web application firewall based on openresty(nginx+lua).

  http://www.jxwaf.com/

Fortress machine

• Jumpserver: the world's first fully open source fortress machine, which is a professional operation and maintenance audit system in line with 4A.

  https://github.com/jumpserver/jumpserver

• teleport: an easy-to-use open source fortress machine system, which supports remote connection and audit management of RDP/SSH/SFTP/Telnet protocol.

  https://tp4a.com/

• CrazyEye: an easy-to-use IT audit fortress machine based on Python.

  https://github.com/triaquae/CrazyEye

• gateone: a web version SSH terminal simulator written using HTML5 technology.

  https://github.com/liftoff/GateOne

• Kirin fortress machine: the open source version only supports some functions, and the remaining functions need to be purchased.

  https://www.tosec.com.cn/

HIDS

• OSSEC: an open source IDS detection system, including log analysis, integrity check, rook kit detection, time-based alarm and active response.

  https://www.ossec.net/

• Wazuh: a free, open source enterprise security monitoring solution for threat detection, integrity monitoring, event response and compliance.

  http://wazuh.com/

• Suricata: a free open source, mature, fast and powerful network threat detection engine.

  https://suricata-ids.org/

• Snort: network intrusion detection and prevention system.

  https://www.snort.org/

• Samhain Labs: a comprehensive open source solution for centralized host integrity monitoring.

  https://www.la-samhna.de/

• Firestorm: a very high-performance network intrusion detection system (NIDS).

  http://www.scaramanga.co.uk/firestorm/

• MozDef: Mozilla defense platform, a set of real-time integrated platform, which can realize monitoring, response, cooperation and improve relevant protection functions.

  https://github.com/mozilla/MozDef

• Yulong HIDS: open source host intrusion detection system.

  https://github.com/ysrc/yulong-hids

• Agentsmith HIDS: lightweight HIDS system, low performance loss, HIDS tool using LKM technology.

  https://github.com/DianrongSecurity/AgentSmith-HIDS

• Sobek HIDS: a python based host IDS system.

  http://www.codeforge.cn/article/331327

Network traffic analysis

• Zeek: a powerful network analysis framework.

  https://www.zeek.org/

• Kismet: a wireless network and device detector, sniffer, driver tool and WIDS (wireless intrusion detection) framework.

  https://www.kismetwireless.net/

Enterprise cloud disk

• KodExplorer: Kedao cloud is a private cloud online document management solution based on Web technology.

  https://kodcloud.com/

• Seafile: an open source enterprise cloud disk, focusing on reliability and performance.

  https://www.seafile.com/home/

• NextCloud: an open source network hard disk system.

  https://nextcloud.com/

• owncloud: an open source cloud project based on Linux.

  https://owncloud.com/products/

• iBarn: open source network disk based on PHP.

  http://www.godeye.org/code/ibarn

• Cloudrev: quickly build a public-private network disk system at the lowest cost.

  http://cloudreve.org/

• Filebrowser: a lightweight file management system based on GO.

  https://github.com/filebrowser/filebrowser/releases/latest

• FileRun: a powerful multifunctional network disk and file manager.

  https://filerun.com/

• kiftd: a private network disk system for individuals, teams and small organizations.

  https://github.com/KOHGYLW/kiftd

DLP

• OpenDLP: a free, open source, agent-based and agent-free, centrally managed, mass distributed data loss protection tool.

  https://code.google.com/archive/p/opendlp/

GitHub monitoring

• GSIL: GitHub sensitive information disclosure tool.

  https://github.com/FeeiCN/GSIL

• Hawkeye: monitor the GitHub code base, timely find the behavior of employees hosting company code to GitHub and give early warning to reduce the risk of code leakage.

  https://github.com/0xbug/Hawkeye

• Github monitor: system for monitoring Github code warehouse.

  https://github.com/VKSRC/Github-Monitor

• gshark: easily and effectively scan sensitive information in Github.

  https://github.com/neal1991/gshark

• GitGuardian: a solution for real-time scanning of GitHub activities.

  https://www.gitguardian.com/

Honeypot technology

• T-Pot: multi honeypot platform, visual analysis.

  https://github.com/dtag-dev-sec/tpotce/

• opencanary_web: honeypot network management platform.

  https://github.com/p1r06u3/opencanary_web

• Honeyd: a small daemon that can create virtual hosts on the network.

  http://www.honeyd.org/

• Glastopf: Python Web application honeypot.

  https://github.com/mushorg/glastopf

• Cowrie: a medium interactive SSH and Telnet honeypot used to record violent attacks and shell interactions performed by attackers.

  https://github.com/cowrie/cowrie

• Kippo: a medium interactive SSH honeypot used to record violent attacks and, most importantly, the entire shell interaction performed by the attacker.

  https://github.com/desaster/kippo

• Dionaea: a low interaction honeypot that can simulate FTP/HTTP/MSSQL/MYSQL/SMB and other services.

  https://github.com/DinoTools/dionaea

• Conpot: an ICS honeypot whose goal is to collect intelligence about the motives and methods of enemies against industrial control systems.

  https://github.com/mushorg/conpot

• Wordpot: a WordPress honeypot that can detect plug-ins, themes, timthumb and other commonly used files for fingerprint WordPress installation.

  https://github.com/gbrindisi/wordpot

• Shockpot: a Web application honeypot designed to find attackers trying to exploit Bash remote code vulnerabilities, CVE-2014-6271.

  https://github.com/threatstream/shockpot

Risk control system

• Th Nebula: Nebula risk control system is a set of Internet risk control analysis and detection platform.

  https://github.com/threathunterX/nebula

• Liudao: six channel real-time business risk control system.

  https://github.com/ysrc/Liudao

• Momo risk control system: static rule engine, zero basis, simple and convenient configuration of a variety of complex rules, real-time and efficient control of user abnormal behavior.

  https://github.com/momosecurity/aswan

• Drools: a powerful open source rule engine based on java.

  https://www.drools.org/

SIEM/SOC

• OSSIM: open source security information management system, which is an open source security information and event management system. It integrates a series of tools that can help administrators better carry out computer security, intrusion detection and prevention.

  https://www.alienvault.com/products/ossim

• Apache Metron: a network security application framework that enables organizations to detect network exceptions and enable organizations to quickly respond to identified exceptions.

  https://github.com/apache/metron

• Siemens: monitor the entire network at a very low cost.

  https://siemonster.com/

• SeMF: enterprise intranet security management platform, including asset management, vulnerability management, account management, knowledge base management and security scanning automation function modules, which can be used for enterprise internal security management.

  https://gitee.com/gy071089/SecurityManageFramwork

• Prelude: a SIEM framework that combines various other open source tools.

  https://www.prelude-siem.org/

• MozDef: Mozilla defense platform, a set of real-time integrated platform, which can realize monitoring, response, cooperation and improve relevant protection functions.

  https://github.com/jeffbryner/MozDef