30 open-source projects similar to usarmyresearchlab/dshell, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Dshell alternative.
gopacket is a Go library for live packet capture and multi-layer protocol decoding. It provides a framework for parsing raw network bytes into structured protocol layers, enabling inspection and analysis of network traffic directly from interfaces or packet capture files. The library distinguishes itself through a layered protocol stack that organizes decoders as independent, composable layers, and an interface-based decoder registry that supports extensible custom protocol development. It offers zero-copy packet decoding for high-throughput parsing, stream-based TCP reassembly to reconstruct
Suricata is an open-source network intrusion detection and prevention engine that analyzes live network traffic in real-time to identify and alert on malicious activity. It operates as a rule-based threat detection system, matching traffic against user-defined signatures to detect known attack patterns and policy violations, and can be placed inline to actively block malicious packets before they reach their target. The engine inspects a wide range of application-layer protocols including HTTP, DNS, TLS, SMB, and MQTT, and supports high-performance packet capture through specialized hardware a
Scapy is a network packet manipulation tool and protocol analysis suite designed for crafting, sending, sniffing, and dissecting network traffic. It functions as a framework for building custom network tools that interact directly with low-level packet headers and payloads, enabling users to perform security research and network diagnostics. The system distinguishes itself through a layer-based construction model that allows users to define protocols as stacked objects, which automatically handle checksums and field offsets. It utilizes dynamic field reflection to map packet structures to bin
GhostTrack is an open-source intelligence (OSINT) framework that aggregates geographic, network, and social identity information from public data sources. It functions as a digital footprint analyzer, collecting various pieces of publicly available information to build comprehensive profiles of target individuals. The framework combines multiple investigative capabilities into a single tool, including IP address geolocation, phone number intelligence, and social media username discovery. It distributes queries across external data services to maximize coverage and accuracy, resolving IP addre
GeoLite.mmdb is a curated repository of prebuilt MaxMind GeoIP databases in the MMDB binary format, providing ready-to-use files for mapping IP addresses to geographic locations and autonomous system network providers without requiring a MaxMind account or manual compilation. The project serves as a central source for country-level, city-level, and autonomous system number (ASN) databases that enable fast, decompression-free IP lookups. The repository delivers three primary database files: the GeoLite2 Country database for resolving IP addresses to their registered countries, the GeoLite2 Cit
This project is a security hardening guide and privacy configuration manual for macOS. It provides a comprehensive set of instructions for configuring system settings to improve privacy, reduce the attack surface, and implement a malware defense framework. The guide covers technical methods for validating software notarization, verifying application sandboxing, and auditing system activity. It distinguishes itself by providing detailed workflows for restricting high-risk features and applying advanced security configurations to protect the operating system. The documentation covers several k
Bettercap is a modular framework designed for network reconnaissance, security testing, and the execution of man-in-the-middle attacks. It functions as a comprehensive utility for surveying wired and wireless network segments, identifying connected devices, and analyzing communication protocols through real-time traffic interception and manipulation. The platform distinguishes itself through an event-driven architecture that coordinates network state changes and packet-level data through a centralized message pipeline. It provides a programmable scripting engine and an API for orchestrating s
Ahoy is a first-party analytics framework for Ruby on Rails applications. It provides tools for capturing user behaviors and page views, allowing developers to maintain full ownership of their analytics data. The system distinguishes itself through relational data analytics, which links visit identifiers directly to application models for deep business object attribution. It includes a privacy-preserving tracking tool that utilizes IP address masking and cookie-less visitor grouping to anonymize user data. The project covers a broad range of analytics capabilities, including custom event tra
Moloch is a full packet capture system and network forensics platform designed for large scale network traffic recording and indexing. It functions as a distributed packet indexer that stores raw data in PCAP format for deep packet analysis and security investigations. The system distinguishes itself through a decentralized architecture that distributes capture and viewing components across multiple nodes to handle high volumes of network traffic. It utilizes a web-based management interface for browsing network sessions and provides a programmable API for exporting captured traffic and metad
Stenographer is a packet capture solution which aims to quickly spool all packets to disk, then provide simple, fast access to subsets of those packets. Discussion/announcements at stenographer@googlegroups.com
NETworkManager is a comprehensive suite of network administration tools designed for the deployment, monitoring, and diagnostic management of enterprise networks. It provides a centralized interface for subnet management, IP address configuration, and wireless network analysis. The project distinguishes itself by integrating a multi-protocol remote administration client that supports SSH, RDP, VNC, Telnet, and PowerShell sessions within a unified tabbed interface. It further differentiates its capabilities through hardware-level discovery using LLDP and CDP frames, alongside the ability to en
reconftw is an attack surface management framework and reconnaissance workflow orchestrator designed to automate the discovery, mapping, and monitoring of external digital assets. It operates as a modular tool-chain pipeline that coordinates a sequence of security tools to perform intelligence gathering and vulnerability scanning. The project distinguishes itself through a cloud-native deployment model that parallelizes scanning workloads across a fleet of remote VPS instances to bypass local resource constraints. It utilizes container-based environment isolation to ensure consistent executio
IPQuality is a specialized diagnostic toolset for analyzing the reputation, risk scores, and connectivity of network addresses. It functions as an IP address quality analyzer and reputation checker that aggregates risk scores and fraud factors from external security databases to identify potentially malicious or high-risk traffic. The project differentiates itself through targeted accessibility validation, including a streaming access validator to check for geographic restrictions on AI and streaming platforms, and an email deliverability tester to evaluate connectivity to global email servic
Dask is a parallel computing framework and distributed task scheduler designed to scale Python data science workflows from single machines to large clusters. It functions as a cluster resource manager that orchestrates computational logic by representing tasks and their dependencies as directed acyclic graphs. This architecture allows the system to automate the distribution of workloads across available hardware while managing complex execution requirements. The project distinguishes itself through a lazy evaluation engine that defers data operations until they are explicitly requested, enabl
nDPI is a deep packet inspection toolkit and network protocol classifier designed to identify protocols and detect security threats through packet payload inspection. It functions as a network security monitor and a traffic analysis framework used to determine the services originating network flows. The system utilizes a modular dissector architecture and a sequence-based dissector chain to interpret network traffic. It supports custom protocol definition and protocol dissector extensions, allowing for the identification of proprietary or new network protocols. The toolkit provides capabilit
Termshark is a terminal-based network packet analyzer and protocol flow inspector. It serves as a keyboard-driven interface for the tshark command-line utility, providing a terminal user interface to monitor data flow and analyze network traffic. The tool functions as a terminal interface for Wireshark, utilizing its filtering and inspection logic to analyze recorded capture files or live network interfaces. It specifically enables the reassembly and inspection of TCP and UDP flows to isolate traffic patterns and analyze network conversations by protocol. The system includes capabilities for
Reactotron is a desktop application for inspecting the state, network traffic, and logs of React and React Native applications. It serves as a specialized debugging interface for monitoring network requests, performance metrics, and state transitions in JavaScript and mobile application frameworks. The tool provides a real-time interface for tracking data flow and dispatching actions to test different state transitions. It includes a network traffic monitor to intercept and display API requests and responses, as well as a performance analysis tool for capturing execution data and measuring op
Pixie is an open-source observability platform for Kubernetes that uses eBPF to automatically capture telemetry data from clusters without requiring any manual instrumentation or code changes. It functions as an eBPF telemetry collector, a continuous application profiler, a network traffic analyzer, and a scriptable telemetry query engine, all within a single Kubernetes-native tool. The platform distinguishes itself through several integrated capabilities. It continuously samples stack traces from compiled-language code to identify CPU performance bottlenecks, visualizing the results as inter
OpenEDR is an endpoint detection and response platform designed to collect telemetry and monitor system activity to identify security breaches. It functions as a host-based intrusion detection system and telemetry collector, gathering detailed data on process, network, and file activity. The system includes a dockerized security stack that bundles search, logging, and visualization tools into containers for analyzing endpoint telemetry. It features a security event visualizer that maps process lineage and indexes logs to facilitate root-cause analysis of attacks. The platform provides capabi
Wireshark is a network protocol analyzer and traffic inspector used for capturing and inspecting network traffic. It functions as a packet capture tool that intercepts live data from network interfaces and a TCP/IP dissector that decodes network protocol layers to translate raw binary packets into human-readable fields. The system provides capabilities for protocol stream reconstruction, grouping related packets into cohesive conversations between endpoints. It also operates as a packet file converter, allowing for the reading, modification, and conversion of network capture files across vari
Metalsmith is a Node.js static site generator and static content processor that transforms source files into websites, eBooks, or technical documentation. It functions as a file-to-object transformer, converting directory trees into plain JavaScript objects that can be programmatically manipulated in memory. The project is built around a pluggable build pipeline where files are passed through a sequence of custom functions to transform content and metadata incrementally. This architecture allows users to extend functionality by writing their own plugins or using third-party modules to define
FLEX is an in-app debugging tool and runtime exploration environment for iOS applications. It provides an integrated suite for inspecting and modifying the internal state of a running process without the use of an external debugger. The project includes a runtime inspector for browsing the memory heap and calling methods dynamically, alongside a view hierarchy debugger for visualizing and adjusting layout structures in real time. It features a network traffic monitor to log and analyze HTTP request history, headers, and responses, as well as a sandbox manager for viewing and editing files and
opentrack is head tracking software for simulators that measures a user's head orientation using cameras, sensors, or a smartphone's gyroscope and sends the data to flight simulators and games for immersive view control. It detects printed fiducial markers from a webcam feed to compute head rotation angles with sub‑degree accuracy, and it can also stream orientation data from a phone's IMU over a local network, replacing dedicated hardware. A plugin‑based pipeline architecture drives the tracking process through a configurable chain of input, filter, and output modules connected by a shared da
PCredz is a network credential extraction tool and traffic analyzer designed to intercept passwords, hashes, and tokens from IPv4 and IPv6 traffic. It functions as both a real-time monitor for live network interfaces and a parser for saved packet capture files. The tool identifies sensitive information, including credit card numbers and authentication tokens, using protocol-aware parsing. It further acts as a password hash recovery utility by normalizing captured authentication hashes into specific syntaxes compatible with external recovery software. Capabilities include real-time traffic in
AutoRecon is an automated network reconnaissance tool that performs concurrent port scanning and service enumeration across multiple targets. It operates as a multi-target port scanner, probing IP addresses, CIDR ranges, or hostnames in parallel, and automatically dispatches service-specific enumeration tools after port detection to gather detailed information about each open service. The tool distinguishes itself through a plugin-based scanning system that allows extending or replacing default port and service scans via a flexible plugin architecture. It provides real-time pattern-based outp
GoReplay is a network traffic recording and replay tool used to capture live HTTP and binary protocol requests. It functions as a traffic shadowing proxy that duplicates incoming network requests to test environments and a utility for recording traffic to local or cloud storage for later analysis and playback. The system is capable of processing non-textual data formats, such as Thrift and Protocol Buffers, allowing for the capture and replay of specialized application-to-application communication. The tool supports live traffic capture and asynchronous duplication to validate infrastructure
Torsniff is a BitTorrent network sniffer and traffic analyzer designed to intercept and capture torrent metadata and peer traffic. It functions as a network utility that extracts information about available files and trackers from peer-to-peer networks. The tool utilizes a distributed hash table to gather metadata without relying on a central tracker. It includes a bencode data parser to decode specialized metadata formats, allowing for the extraction of file names, directory paths, and total sizes. The project covers network monitoring and data analysis through packet-level traffic inspecti
This project is a browser developer tool designed for inspecting JavaScript execution, network traffic, and page layouts. It functions as a JavaScript debugger and a Chrome DevTools Protocol debugger to manage the state of a web engine and identify logic errors in web applications. The suite provides specialized utilities for web performance profiling, including the detection of memory leaks and the analysis of processing bottlenecks. It also includes a network traffic analyzer for troubleshooting API calls and a browser storage manager for modifying cookies, cache, and local database entries
radare2 is a reverse engineering framework and binary analysis toolset. It functions as a multi-architecture disassembler, low-level binary debugger, and hexadecimal editor for inspecting executable structures and interpreting machine code when original source files are unavailable. The framework provides capabilities for decompiling machine instructions, performing symbolic analysis, and diffing binary files to identify structural changes across versions. It also includes a digital forensic analyzer and disk analyzer for browsing filesystem formats in userland. The toolset supports binary p
Bagel is a native network debugging and inspection system designed to capture and monitor HTTP traffic from iOS simulators and physical hardware. It functions as an HTTP traffic inspector and device-based monitor that organizes captured network requests by project and device. The tool enables the interception of network requests directly within the operating system, removing the requirement for manual proxy configurations or the installation of custom security certificates. It provides capabilities for mobile traffic analysis and network debugging, including the ability to group intercepted