Open Source PHP Network Monitoring Software

OSSIM, AlienVault’s Open Source Security Information and Event Management (SIEM) product, provides event collection, normalization and correlation. For more advanced functionality, AlienVault Unified Security Management (USM) builds on OSSIM with these additional capabilities: * Log management * Advanced threat detection with a continuously updated library of pre-built correlation rules * Actionable threat intelligence updates from AlienVault Labs Security Research Team * Rich analytics dashboards and data visualization

BASE is the Basic Analysis and Security Engine. It is based on the code from the Analysis Console for Intrusion Databases (ACID) project. This application provides a web front-end to query and analyze the alerts coming from a SNORT IDS system.

phpLDAPadmin is a web-based LDAP administration tool for managing your LDAP server. With it you can browse your LDAP tree, view LDAP schema, perform searches, create, delete, copy and edit LDAP entries. You can even copy entries between servers.

Xplico is a Network Forensic Analysis Tool (NFAT). The goal of Xplico is extract from an internet traffic capture the applications data contained. For example, from a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP, MGCP, MEGACO, RTP), IRC, WhatsApp... Xplico is able to classify more than 140 (application) protocols. Xplico cam be used as sniffer-decoder if used in "live mode" or in conjunction with netsniff-ng. Xplico is used also in CapAnalysis: http://www.capanalysis.net

"Google Hack" Honeypot Project. GHH is written in PHP and assists the development of web based honeypots designed to lure search engine hackers.

OpenAanval - The Open Source version of the Commercial Aanval Console - A full featured advanced Intrusion Detection System (IDS) Console for Snort. Real-time LIVE event monitoring, comprehensive statistics, multi-user, email / audio alerting, IP marking

Automated Security Tools (autosec) aims to provide automatic tools which network administrators may use to help check and test the security of their network.

Cancerbero (the watchdog of the ports) is a portscan frontend based in nmap. Scans the hosts of net ranges every configured interval and it'll store the results in a mysql DB. Detect changes in ports, services and OS and notice you with an email ale

Admin Secure is an add-on script for PHP-Nuke web portal system. This add-on gives you additional protection schemes from common hacking activities. Admin Secure is an alternate protection for your PHP-Nuke based website.

BASE+ (Basic Analysis and Security Engine) is based on ACID project. This application provides a web front-end to query and analyze the alerts coming from various IDS systems (e.g. Snort).

KaTaLyzer is network traffic analyzer which offers full network communication monitoring through graphs of protocols traffic for all communicating nodes or for choosen node (based on IP or MAC address). See more at katalyzer.sk

SnortCon is a web-based utility that provides a real-time high-level overview of the threats that a network is currently facing. SnortCon is written in PHP and requires that Snort is logging to a MySQL database.

AIM Sniff is a network sniffer specifically designed to pick up messages transmitted using the AIM or MSN clients and their derivatives. All information can be sent to STDOUT or a MySQL DB.

ACID is a PHP-based analysis engine to search and process a database of security incidents generated by security-related software such as IDSes and firewalls (e.g. Snort, ipchains).

Archangel is meant to be a sort of 'improved' version of dansguardian and uses the same default lists as dansguardian. It is basically dansguardian rewritten in python as an ICAP server as opposed to a proxy front-end. The benefits of archangel over dansguardian include: 1. Because it is an ICAP filter, it interfaces with squid and can do HTTPS filtering as well as regular HTTP. 2. Because it uses blocking modules and is written in python, it is extremely easy to write new modules for very complex, intensive blocking. I have already written a module that does content-based blocking of youtube videos. Archangel uses the pyicap library to implement the ICAP functionality. The blockpage requires use of the PHP 5.4.x CLI. In order to do HTTPS filtering, you must first install squid compiled with SSL support and configure it to talk to archangel.

Server/client suite which provides per-user access control/firewall/QOS. Robust and high speed implementation is secure against MAC/IP spoofing, and can scale to large networks with many clients. Options for additional monitoring and captive portal.

A network analyzer designed be an Acceptable Use Policy Infraction Detector (AUPID). It allows Administrators to monitor a user's activies over the network. Supported by www.degreeme.com.

This module provides attack surface reduction enhancements against the HTTP Flood Attacks at the web application level. Massive crawling/scanning tools, HTTP Flood tools can be detected and blocked by this module via htaccess, firewall or iptables, etc. (like mod_evasive) You can use this module by including "iosec.php" to any PHP file which wants to be protected. You can test module here: http://www.iosec.org/test.php (demo) Watch the Proof of Concept video: http://goo.gl/dSiAL Hakin9 IT Security Magazine Article about IOSEC http://goo.gl/aQM4Di (different format -> http://goo.gl/JKMUPN) IJNSA Article at http://goo.gl/LLxRdX WP Plugin Page http://goo.gl/nF5nD CHANGES v.1.8.2 - Iptables Auto Ban Bash Script Included - Token Access via Implicit Deny - Reverse Proxy Support - reCAPTCHA Support Do you want more features? Check for third party addons http://sf.net/projects/iosecaddons Gökhan Muharremoğlu

The High Interaction Honeypot Analysis Toolkit (HIHAT) allows to transform arbitrary PHP applications into a web-based Honeypot. A semi-automatic user interface supports the analysis process, scans for attacks etc.

What are the packets rejected by your Netfilter based firewall today ? How often this suspicious host try to connect to your box ? What are the most rejected domains ? Who is this strange host which scan your ports ? The responses are in the iptables log

Ida, is a Apache log security analyzer written in PHP. It will scan Apache logs and report about security incidents like SQL injections, XSS attacks, path traveling and so on.

Maci web shell is a single-file multi-purpose multi-platform script written using PHP. It will work (With some exceptions) in any system that uses Apache+PHP. You just need to copy the script to the web server working dir and the script will allow you to browse files remotely, run commands, upload content and watch the configuration. By the way. The default password is -easywebshell- The difference with most other webshells out there is that this one has been designed to be more simple and easy to use, with nice looking icons and thumbnails.

NetDash is a network dashboard and intrusion detection system. NetDash passively collects network traffic and then stores key information to be analyzed for unwanted network activity. NetDash captures all traffic passed over the network and stores that traffic in a PCAP file that can be downloaded and analyzed with other tools such as Wireshark. NetDash processes each PCAP file and stores relevant information about each packet captured in a MySQL database. Loaded NetDash plugins display statistical and intrusion detection information on the dashboard and provide email and system notification of identified events.

NetSV is part of the management/supervision plane and its role is to assist the network administrator when performing an IPv6 network renumbering by supervising the procedure and making diagnostics on the monitore hosts.

Network Asset Management Archive: NAMA is a set to tools to track network assets. It uses SNMP to monitor assets added to your network and stores the information in an odbc compliant database. Assets can then be tracked through a PHP frontend.