michalpurzynski/zeek-scripts

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/michalpurzynski/zeek-scripts)

michalpurzynski / zeek-scripts

zeek-scripts

☆44

Alternatives and similar repositories for zeek-scripts

Users that are interested in zeek-scripts are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

Sorting:

jbaggs / anomalous-dns
View on GitHub
A set of zeek scripts providing a module for tracking and correlating abnormal DNS behavior.
☆35Jan 4, 2025Updated last year
hosom / file-extraction
View on GitHub
Extract files from network traffic with Zeek.
☆102Mar 17, 2020Updated 6 years ago
SeisoLLC / zeek-kafka
View on GitHub
A Zeek log writer plugin that publishes to Kafka.
☆54Jun 3, 2026Updated last week
corelight / top-dns
View on GitHub
Top DNS Measurement for Bro
☆10Aug 22, 2020Updated 5 years ago
tianyulab / ThreatDetectionRules
View on GitHub
威胁检测规则集
☆15Jul 5, 2019Updated 6 years ago
End-to-end encrypted email - Proton Mail • Ad
Special offer: 40% Off Yearly / 80% Off First Month. All Proton services are open source and independently audited for security.
theparanoids / rdfp
View on GitHub
Remote Desktop Client Fingerprint script for Zeek. Based off of https://github.com/0x4D31/fatt
☆40Jun 20, 2023Updated 2 years ago
LubyRuffy / FingerPrinting-Ripple20
View on GitHub
Treck Network Stack Discovery Tool [Ripple20]
☆12Jul 1, 2020Updated 5 years ago
corelight / got_zoom
View on GitHub
A Zeek package that detects Zoom logins and meeting joins
☆12Apr 15, 2020Updated 6 years ago
initconf / smtp-url-analysis
View on GitHub
Extracting and analyzing URLs from Emails for phishing events
☆22Mar 28, 2026Updated 2 months ago
zeek / zeek-af_packet-plugin
View on GitHub
Plugin providing native AF_Packet support for Zeek.
☆33Oct 22, 2025Updated 7 months ago
advanced-threat-research / Ripple-20-Detection-Logic
View on GitHub
Ripple20 Critical Vulnerabilities - Detection Logic and Signatures
☆12May 28, 2021Updated 5 years ago
mitre-attack / bzar
View on GitHub
A set of Zeek scripts to detect ATT&CK techniques.
☆622Jun 26, 2024Updated last year
corelight / Corelight-Ansible-Roles
View on GitHub
Corelight-Ansible-Roles are a collection of Ansible Roles and playbooks that install, configure, run and manage a variety of Corelight, S…
☆16Jun 15, 2021Updated 5 years ago
corelight / detect-ransomware-filenames
View on GitHub
☆19Dec 20, 2024Updated last year
1-Click AI Models by DigitalOcean Gradient • Ad
Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
michalpurzynski / bro-gramming
View on GitHub
Bro IDS programs collection.
☆146Oct 16, 2019Updated 6 years ago
cisagov / ACID
View on GitHub
☆77Apr 3, 2025Updated last year
dale-lakes / MegaDev
View on GitHub
Bro IDS + ELK Stack to detect and block data exfiltration
☆46Oct 31, 2018Updated 7 years ago
vicsanjinez / wazuh-config
View on GitHub
Configurations to implement Wazuh
☆13Nov 28, 2022Updated 3 years ago
sudohyak / suricata-rules
View on GitHub
Suricata rules for the new critical vulnerabilities
☆85Jan 26, 2021Updated 5 years ago
secureworks / aristotle
View on GitHub
☆39Nov 2, 2024Updated last year
MITRECND / bro-http2
View on GitHub
Plugin for Zeek/Bro which provides http2 decoder/analyzer
☆30Jun 11, 2024Updated 2 years ago
securethelogs / Bluechecker
View on GitHub
Audit Powershell and search from known keywords in history #Blueteam
☆25Apr 22, 2020Updated 6 years ago
tylabs / dovehawk
View on GitHub
Dovehawk is a Zeek module that automatically imports MISP indicators and reports Sightings
☆122Jul 12, 2021Updated 4 years ago
Deploy to Railway using AI coding agents - Free Credits Offer • Ad
Use Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
Security-Onion-Solutions / securityonion-bro-scripts
View on GitHub
☆24Jan 19, 2020Updated 6 years ago
zeek / zeek-training
View on GitHub
Zeek Training Materials/Products
☆44Apr 21, 2026Updated last month
reber0 / vtest
View on GitHub
用于辅助安全工程师漏洞挖掘、测试、复现，集合了mock、httplog、dns tools、xss，可用于测试各类无回显、无法直观判断或特定场景下的漏洞。
☆11Apr 2, 2021Updated 5 years ago
SCILabsMX / yaraZeekAlert
View on GitHub
This script scans the files extracted by Zeek with YARA rules located on the rules folder on a Linux based Zeek sensor, if there is a mat…
☆62Dec 16, 2023Updated 2 years ago
rkamath13 / i2c-sensor-laptop-access
View on GitHub
☆10Apr 2, 2016Updated 10 years ago
emdnaia / OpenOCD
View on GitHub
some config files
☆15Jun 7, 2026Updated last week
ajackal / ir_scripts
View on GitHub
incident response scripts
☆18Mar 4, 2019Updated 7 years ago
dgunter / ParseZeekLogs
View on GitHub
Utility for parsing Bro log files into CSV or JSON format
☆42Jan 12, 2023Updated 3 years ago
bro / bro-osquery
View on GitHub
Bro integration with osquery
☆15Mar 24, 2023Updated 3 years ago
Managed hosting for WordPress and PHP on Cloudways • Ad
Managed hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
husseinmoghnieh / graphql-polymorphism
View on GitHub
☆12Aug 13, 2018Updated 7 years ago
ssh3ll / Windows-10-Hardening
View on GitHub
☆52Aug 22, 2021Updated 4 years ago
corelight / pycommunityid
View on GitHub
A Python implementation of the Community ID flow hashing standard
☆24Nov 29, 2023Updated 2 years ago
corelight / ecs-mapping
View on GitHub
Mapping Corelight or Zeek data to Elastic Common Schema fields
☆33May 23, 2026Updated 3 weeks ago
esnet / dpdk-plugin
View on GitHub
☆30Nov 15, 2022Updated 3 years ago
breakerspace / weaponizing-residual-censorship
View on GitHub
your censor is my censor: weaponizing residual censorship to perform availability attacks
☆22Aug 10, 2021Updated 4 years ago
w1u0u1 / exec
View on GitHub
Use current thread token to execute command
☆15Jan 27, 2021Updated 5 years ago