December 13, 2007 · 1:06 pm
Just a small update, I finally got around to creating static pages for the important things I’ve posted on my blog. You can view them on the right-hand column of the main page. I’ve created pages for the following projects/topics:
Hopefully this makes it easier to link to a particular project. Take a look and let me know if you find anything missing! I’m hoping to add a link for packages I’ve created soon also!
Also, I’m contemplating future posts, are there any requests for particular posts on a certain topic? More ZFS posts? More security tool posts? More how-to posts? Leave me a comment and let me know!
Filed under about, aimsnarf, author, blog, blogging, framework, nsm, nsm console, package, packages, programming, ruby
November 28, 2007 · 2:43 pm
Here’s a list of all the planned modules and completed (struck-out) modules for nsm-console: (if a module is struck out, it’s because I’ve finished making a module for it, it isn’t necessarily in the tarball for download)
aimsnarfngrep (gif/jpg/pdf/exe/pe/ne/elf/3pg/torrent)tcpxtracttcpflowchaosreaderbro-IDSsnorttcpdstatcapinfostsharkargusragatorracountrahostshash (md5 & sha256)rahoneysnapp0fpadsfl0piploc
foremost – thanks shadowbq!- flowgrep
tcptracetcpickflowtimeflowtagharimauclamscan
Think of any other useful modules? Leave me a comment and let me know!
P.S. I’m also brainstorming for some pcap/real-time network visualization tools, stay tuned!
Filed under aimsnarf, argus, bro-ids, capinfos, chaosreader, console, flowtag, flowtime, harimau, hash, honeysnap, md5, module, ngrep, nsm, p0f, ra, racount, ragator, rahosts, ruby, script, sha256, snort, tcpdstat, tcpflow, tcpxtract, tshark
Tagged as aimsnarf, argus, bro-ids, capinfos, chaosreader, console, flowtag, flowtime, harimau, hash, honeysnap, md5, module, ngrep, nsm, p0f, ra, racount, ragator, rahosts, ruby, script, sha256, snort, tcpdstat, tcpflow, tcpxtract, tshark
November 27, 2007 · 7:06 pm
Well, I’ve been hard at work for the last couple of days working on a (hopefully) useful tool for aiding in NSM file analysis (for pcap files, live analysis doesn’t work).
Behold! I present NSM-Console! (read more about it here, watch a screencast here)
Download the framework here.
Keep in mind this framework only includes 3 modules (mostly used just for testing)
NSM-Console in a small (< 500 1000 1500 lines) framework for running nsm modules. Essentially, it’s a framework for running things (but we don’t call it that because it sounds like it wasn’t any work 
). Here’s the breakdown: Continue reading →
Filed under aimsnarf, analysis, console, framework, hex, module, nsm, pcap, plugin, ruby, script, security
