Search Results for "network intrusion detection system"
Sort By:
Showing 338 open source projects for "network intrusion detection system"
View related business solutions-
Try Google Cloud Risk-Free With $300 in CreditUse your credit across every product. Compute, storage, AI, analytics. When it runs out, 20+ products stay free. You only pay when you choose to.
-
Gemini 3 and 200+ AI Models on One PlatformBuild generative AI apps with Vertex AI. Switch between models without switching platforms.
-
1
Network Flight Simulator
A utility to safely generate malicious network traffic patterns
flightsim is a lightweight utility used to generate malicious network traffic and help security teams to evaluate security controls and network visibility. The tool performs tests to simulate DNS tunneling, DGA traffic, requests to known active C2 destinations, and other suspicious traffic patterns. -
2
Elkeid
Open source solution that can meet the requirements of workloads
...For container or cloud-native workloads, it also supports gathering audit logs from Kubernetes and correlating events across processes, network, and file activity to detect security threats. The platform packages data collection, event-streaming, and a rule/event engine (called “HUB”) — letting users define detection rules, alerts, baseline checks, and policy enforcement. -
3
PacketFence
Free and Open Source network access control (NAC) solution
PacketFence is a fully-featured, open-source network access control (NAC) solution that provides secure wired and wireless network access. It supports 802.1X, captive portal authentication, device profiling, endpoint compliance, and guest access. PacketFence is used in enterprise, education, and healthcare environments to enforce security policies and network segmentation. -
4
Zeek
Zeek is a powerful network analysis framework
...Vern and the project’s leadership team renamed Bro to Zeek in late 2018 to celebrate its expansion and continued development. Zeek is not an active security device, like a firewall or intrusion prevention system. Rather, Zeek sits on a “sensor,” a hardware, software, virtual, or cloud platform that quietly and unobtrusively observes network traffic. Zeek interprets what it sees and creates compact, high-fidelity transaction logs, file content, and fully customized output, suitable for manual review on disk or in a more analyst-friendly tool like a security and information event management (SIEM) system. -
Our Free Plans just got better! | Auth0You asked, we delivered! Auth0 is excited to expand our Free and Paid plans to include more options so you can focus on building, deploying, and scaling applications without having to worry about your security. Auth0 now, thank yourself later.
-
5
ntopng
Web-based Traffic and Security Network Traffic Monitoring
ntopng® is a web-based network traffic monitoring application released under GPLv3. It is the new incarnation of the original ntop written in 1998, and is now revamped in terms of performance, usability, and features. ntopng is a network traffic probe that provides 360° Network visibility, with its ability to gather traffic information from traffic mirrors, NetFlow exporters, SNMP devices, Firewall logs, and Intrusion Detection systems. ntopng has been written in a portable way in order to virtually run on every Unix platform, including Linux and FreeBSD, MacOS and on Windows as well. ntopng captures traffic from SPAN/mirror ports or TAP devices using libpcap, or PF_RING (on Linux) for best performance. ... -
6
Netdata
Open-source systems performance monitor
Netdata is a well-crafted real time performance monitor to detect anomalies in your system infrastructure. Visualize many types of data including disk activity, SQL queries, website visitors and more. This tool is useful to monitor linux servers. -
7
Suricata Anti-DDoS Lab
Suricata VMware VM dor IDS practicing
Suricata Anti-DDoS Security Lab (Debian 13 VMware Virtual Machine): Preconfigured VMware virtual machine for educational network security monitoring and intrusion detection using Suricata. Designed for hands-on IDS and SOC-style training in a controlled lab environment. Includes the following integrated services: + Suricata – network intrusion detection and traffic inspection + EveBox – alert visualisation and event analysis + DVWA – vulnerable web application for traffic generation and testing + phpMyAdmin – database management and inspection Default setup demonstrates DDoS-related detection scenarios, but the lab is fully customisable for other network-based attacks. ... -
8
BGPalerter
BGP and RPKI monitoring tool
Self-configuring BGP monitoring tool, which allows you to monitor in real time. BGP and RPKI monitoring tool. Pre-configured for real-time detection of visibility loss, RPKI invalid announcements, hijacks, ROA misconfiguration, and more. -
9
Sysdig
Linux system exploration and troubleshooting tool
Continuously assess cloud security posture by flagging misconfigurations and suspicious activity. Consolidate container and host scanning in a single workflow. Automate scanning locally in your CI/CD tools without images leaving your environment and block vulnerabilities pre-deployment. Visualize all network communication across apps and services. Apply microsegmentation by automating Kubernetes-native network policies. Unify threat detection and incident response across containers,... -
MongoDB Atlas runs apps anywhereMongoDB Atlas gives you the freedom to build and run modern applications anywhere—across AWS, Azure, and Google Cloud. With global availability in over 115 regions, Atlas lets you deploy close to your users, meet compliance needs, and scale with confidence across any geography.
-
10
BiglyBT
Feature-filled Bittorrent client based on the Azureus open source
BiglyBT is a fully-featured, open-source BitTorrent client based on the former Vuze/Azureus codebase. It offers extensive functionality without ads, spyware, or paid features, making it a favorite for advanced users. BiglyBT includes detailed torrent management tools, built-in swarm merging, VPN detection, I2P support, and streaming capabilities. It’s highly customizable and supports a wide range of plugins, automation tools, and scheduling options. The client runs on Java and is available... -
11
Network Security Toolkit (NST)
A network security analysis and monitoring toolkit Linux distribution.
Network Security Toolkit (NST) is a bootable ISO image (Live USB Flash Drive) based on Fedora 42 providing easy access to best-of-breed Open Source Network Security Applications and should run on most x86_64 systems. The main intent of developing this toolkit was to provide the security professional and network administrator with a comprehensive set of Open Source Network Security Tools. The majority of tools published in the article: Top 125 Security Tools by INSECURE.ORG are available... -
12
ByteHook
ByteHook is an Android PLT hook library
ByteHook is a ByteDance-hosted project whose name suggests a hooking or instrumentation library, likely used for hooking system calls or API calls for monitoring, sandboxing or instrumentation. The repository appears to aim at low-level hooking/injection capabilities, perhaps to support runtime introspection, behavioral monitoring, or hooking-based instrumentation (e.g. for security, tracing, sandboxing, or debugging). Because hooking is a common technique for intercepting library or system... -
13
Connectivity
Makes Internet connectivity detection more robust by detecting Wi-FI
Connectivity is a wrapper for Apple's Reachability providing a reliable measure of whether Internet connectivity is available where Reachability alone can only indicate whether an interface is available that might allow a connection. Connectivity's objective is to solve the captive portal problem whereby an iOS device is connected to a WiFi network lacking Internet connectivity. Such situations are commonplace and may occur for example when connecting to a public WiFi network which requires... -
14
GrimAC
Fully async, multithreaded, predictive, open source, 3.01 reach
GrimAC is an open-source anticheat system designed to detect and prevent cheating on Minecraft multiplayer servers through predictive simulation and advanced movement analysis. The project uses a simulation-based detection engine that recreates player movement and physics in order to identify discrepancies between legitimate gameplay and modified client behavior. By analyzing how players move, interact with the world, and send network packets to the server, Grim can detect a variety of cheats such as reach hacks, speed hacks, and anti-knockback modifications. ... -
15
Frigate NVR
NVR with realtime local object detection for IP cameras
Frigate is a local network video recorder designed for real-time object detection on IP camera streams using machine learning. It runs entirely on local hardware and integrates closely with Home Assistant to provide smart surveillance without relying on cloud processing. The system uses OpenCV and TensorFlow to analyze video feeds and detect objects such as people, vehicles, and animals in real time. -
16
CrowdSec
Firewall able to analyze visitor behavior & provide adapted response
CrowdSec - an open-source massively multiplayer firewall able to analyze visitor behavior & provide an adapted response to all kinds of attacks. It also leverages the crowd power to generate a global IP reputation database to protect the user network. Crowdsec shouldn't, and didn't crash any production so far we know, but some features might be missing or undergo evolutions. IP Blocklists are limited to very-safe-to-ban IPs only (~5% of the global database so far, will grow soon). A modern behavior detection system, written in Go. It stacks on Fail2ban's philosophy, but uses Grok patterns & YAML grammar to analyse logs, a modern decoupled approach (detect here, remedy there) for Cloud/Containers/VM based infrastructures. ... -
17
ShellCrash
Run sing-box/mihomo as client in shell
ShellCrash is a shell-based client runner for proxies like sing-box and mihomo, optimized for headless devices (e.g. OpenWrt routers). It provides scripted installation, automatic configuration reload, network port detection, and UI-less control via terminal. It simplifies running proxy services on embedded Linux devices. -
18
Apache SkyWalking
Application Performance Monitoring System
Apache SkyWalking is an open source application performance monitoring system designed specifically for microservices, as well as cloud-native and container-based(Docker, Mesos, Kubernetes) architectures. It is capable of monitoring, tracing and diagnosing distributed systems in cloud native architectures. Apache Skywalking supports the collection of telemetry data from a number of different sources and in different formats, such as Java, .NET Core, PHP, LUA agent and more. It also... -
19
Hysteria
Hysteria is a powerful, lightning fast and censorship resistant proxy
Hysteria is a high-performance, censorship-resistant proxy and VPN-like networking tool designed to deliver fast, reliable connectivity over unstable or lossy networks by leveraging a custom UDP/QUIC-based transport layer that can masquerade as standard HTTP/3 traffic to evade detection. It supports a wide range of use cases including SOCKS5 and HTTP proxying, TCP/UDP forwarding, Linux TProxy for network redirection, and even tunneling via TUN interfaces, making it a flexible choice for... -
20
ESP32-Paxcounter
Wifi & BLE driven passenger flow metering with cheap ESP32 boards
Wifi & Bluetooth driven, LoRaWAN enabled, battery-powered mini Paxcounter built on cheap ESP32 LoRa IoT boards. Paxcounter is an ESP32 MCU-based device for metering passenger flows in real time. It counts how many mobile devices are around. This gives an estimation of how many people are around. Paxcounter detects Wifi and Bluetooth signals in the air, focusing on mobile devices by evaluating their MAC addresses. The intention of this project is to do this without intrusion in privacy: You... -
21
Tsunami
Network security scanner for detecting severity vulnerabilities
Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence. When security vulnerabilities or misconfigurations are actively exploited by attackers, organizations need to react quickly in order to protect potentially vulnerable assets. As attackers increasingly invest in automation, the time window to react to a newly released, high severity vulnerability is usually measured in hours. ... -
22
ttl
Fast, modern traceroute with real-time TUI, per-hop stats
ttl is a modern traceroute-style network diagnostic tool built to feel more like an interactive, real-time “mtr replacement” than a one-shot traceroute dump. It uses a full-screen terminal UI to continuously probe paths and refresh hop-by-hop measurements, which makes transient loss, jitter, and routing changes much easier to spot. The design emphasizes per-hop visibility with live statistics, and it enriches what you see by resolving network identity details like ASN and geolocation when... -
23
ThreatMapper
Open source cloud native security observability platform
Thousands of companies trust Deepfence to secure their most critical cloud workloads and applications with a unified platform. Experience rapid threat detection and remediation, while significantly reducing non-critical security alerts by 90%. Deepfence ThreatMapper hunts for threats in your production platforms, and ranks these threats based on their risk of exploit. It uncovers vulnerable software components, exposed secrets, and deviations from good security practices. ThreatMapper uses a... -
24
Netdeep Secure Firewall
Next Generation Open Source Firewall
Netdeep Secure is a Linux distribution with focus on network security. Is a Next Generation Open Source Firewall, which provides virtually all perimeter security features that your company may need. It offers Web content filters, ensuring better performance of the network, allowing users to use the service efficiently and securely, providing a deep control of the use of the Web access service, blocking access to unwanted websites, Virus, Spam, Applications and intrusion attempts. Its... -
25
WhisperLive
A nearly-live implementation of OpenAI's Whisper
WhisperLive is a “nearly live” implementation of OpenAI’s Whisper model focused on real-time transcription. It runs as a server–client system in which the server hosts a Whisper backend and clients stream audio to be transcribed with very low delay. The project supports multiple inference backends, including Faster-Whisper, NVIDIA TensorRT, and OpenVINO, allowing you to target GPUs and different CPU architectures efficiently. It can handle microphone input, pre-recorded audio files, and network streams such as RTSP and HLS, making it flexible for live events, monitoring, or accessibility workflows. ...
