BigSnarf blog

Infosec FTW

Open Source Monitoring Tools

Open source monitoring projects

  • statsd is a node.js network daemon that listens for metrics and aggregates them for transfer into another service such as Graphite.
  • Graphite stores time-series data and displays them in graphs through a Django web application.
  • Bucky measures the performance of a web application from end user’s browsers and sends that data back to the server for collection.
  • Sensu is an open source monitoring framework written in Ruby but applicable to any programming language web application.
  • Graph Explorer by Vimeo is a Graphite-based dashboard with added features and a slick design.
  • PacketBeat sniffs protocol packets. Elasticsearch then allows developers to search the collected data and visualize what’s happening inside their web application using the Kibana user interface.
  • Munin is a client plugin-based monitoring system that sends monitoring traffic to the Munin node where the data can be analyzed and visualized. Note this project is written in Perl so Perl 5 must be installed on the node collecting the data.

Open Source Intelligence Feeds

Source Location Notes Various malware trackers.
AdBlock AdBlock pattern matches
AlienVault AlienVault’s IP reputation database. Blacklists.
AVG Site Safety Report Site safety checker.
Bing Scraping but future version to also use API. Blacklists. Look up username availability on popular sites.
DNS Your configured DNS server. Defaults to your local DNS but can be configured to whatever IP address you supply SpiderFoot.
Facebook Scraping but future version to also use API.
Google Scraping but future version to also use API.
Google+ Scraping but future version to also use API.
Google Safe Browsing Site safety checker.
LinkedIn Scraping but future version to also use API. Blacklists. Blacklists. Blacklists.
McAfee SiteAdvisor Site safety checker.
NameDroppers Blacklists.
OpenBL Blacklists.
PasteBin Achieved through Google scraping.
PGP Servers PGP public keys.
PhishTank Identified phishing sites.
Project Honeypot Blacklists. API key needed.
SANS ISC Internet Storm Center IP reputation database.
SHODAN API key needed.
SORBS Blacklists.
SpamHaus Blacklists.
ThreatExpert Blacklists.
TOR Node List Domains/IPs used by malware.
UCEPROTECT Blacklists.
Whois Various Whois


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: