2 Repos
Systems designed to capture and persist network traffic and logs from malicious actors.
Distinct from Attack Chain Analysis: Captures raw intruder activity logs rather than analyzing specific attack paths or vulnerability chains
Explore 2 awesome GitHub repositories matching security & cryptography · Attack Data Collection. Refine with filters or upvote what's useful.
T-Pot is a multi-honeypot orchestration platform and threat intelligence collector. It utilizes a Docker-based security sandbox to deploy and manage a collection of diverse decoy services that simulate vulnerable targets to lure attackers and record their activity. The system features a distributed sensor network where remote nodes capture attack logs and transmit them via encrypted communication to a central hub. This central hub employs an analytics stack to transform raw logs into geographic maps and interactive dashboards for adversary behavior visualization. To increase the realism of si
Captures and persists network traffic and attacker logs to facilitate detailed security analysis.
Maltrail is a malicious traffic detection system used for network intrusion detection. It consists of a network intrusion sensor for monitoring interfaces, a threat intelligence aggregator for syncing blacklists, and a detection engine that identifies security threats through signature matching and heuristic attack patterns. The system distinguishes itself through a distributed sensor architecture that collects traffic data from multiple remote probes and forwards events to a central analysis server. It employs heuristic behavioral analysis to identify unknown threats, such as port scanning o
Extracts attacker IP addresses from network traffic to facilitate integration with external blocking tools.