10.15. Operation and Maintenance

10.15.1. Traffic

• Bro

• Moloch Large scale, open source, indexed packet capture and search

• TCPFlow

• TCPDump

• WireShark

• Argus

• PcapPlusPlus

• ngrep

• cisco joy A package for capturing and analyzing network flow data and intraflow data, for network research, forensics, and security monitoring.

• impacket is a collection of Python classes for working with network protocols

• NFStream a Flexible Network Data Analysis Framework

• BruteShark Network Analysis Tool

10.15.2. Bastion Machine

• jumpserver

• CrazyEye

• GateOne

10.15.3. Honeypots

• Dionaea

• Modern Honey Network

• Cowrie SSH/Telnet Honeypot

• honeything IoT Honeypot

• ConPot Industrial Control Facility Honeypot

• MongoDB HoneyProxy

• ElasticHoney

• DCEPT

• Canarytokens

• Honeydrive

• T-Pot The All In One Honeypot Platform

• opencanary

• HFish

• kippo SSH Honeypot

• Ehoney Deception Defense System

10.15.4. VPN Install

• pptp

• ipsec

• openvpn

10.15.5. Tunnels/Proxy

• ngrok

• rtcp

• Tunna

• reDuh Create a TCP circuit through validly formed HTTP requests

• reGeorg pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn

• Neo-reGeorg Neo-reGeorg is a project that seeks to aggressively refactor reGeorg

• ABPTTS TCP tunneling over HTTP/HTTPS for web application servers

• frp A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet

• lanproxy intranet penetration tool

• ligolo Reverse Tunneling made easy for pentesters

• EarthWorm is a tool for enabling SOCKS v5 proxy service. It is developed based on standard C and can provide transfer communication between multiple platforms for data forwarding in complex network environments.

• Tunna is a set of tools which will wrap and tunnel any TCP communication over HTTP

• mssqlproxy is a toolkit aimed to perform lateral movement in restricted environments through a compromised Microsoft SQL Server via socket reuse

• nps a lightweight, high-performance, powerful intranet penetration proxy server, with a powerful web management terminal

10.15.6. Proxy chain

• Netch Support Socks5, Shadowsocks, ShadowsocksR, V2Ray, Trojan proxies. UDP NAT FullCone

• proxychains a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4, SOCKS5 or HTTP(S) proxy

• gost GO Simple Tunnel

10.15.7. Asset Management

• BlueKing CMDB is an enterprise-level configuration management platform for assets and applications

• ARL Asset Scouting Beacon System

10.15.8. Compliance

• bombus compliance audit platform

10.15.9. Risk Control

• nebula

• Liudao “Liu Dao” real-time business risk control system

• aswan MoMo risk control system static rule engine

10.15.10. SIEM

• metron

• MozDef

10.15.11. Security Operation

• Scout URL Monitoring System

• OpenDnsdb Python-based DNS management system

10.15.12. System Monitoring

• netdata Real-time performance monitoring

• bcc Tools for BPF-based Linux IO analysis, networking, monitoring, and more

10.15.13. Windows

• Windows Sysinternals

10.15.14. Network Test

• Toxiproxy A TCP proxy to simulate network and system conditions for chaos and resiliency testing

10.15.15. Red Team Simulation

• CALDERA Scalable Automated Adversary Emulation Platform

10.15.16. Network Simulation

• Internet Emulator A Python framework for creating emulation of the Internet