Packages
By amzn
Plugin that enables parsing of the Profinet protocol
By 0xxon
Identify certificates potentially affected by CVE-2017-15361
By amzn
Plugin that enables parsing of the S7 protocol
By amzn
Plugin that enables parsing of the Tabular Data Stream (TDS) protocol
By 0xxon
A PostgreSQL reader and writer for Zeek.
By jsiwek
Gathers and prints field descriptions for all Zeek logs.
The default output format is CSV files.
By corelight
Detects the Google QUIC (GQUIC) protocol and adds "gquic"
to conn.log's "service" field.
By cybera
Sniffpass will alert on cleartext passwords discovered in HTTP POST requests
By corelight
A Facefish rootkit detector, based on Spicy.
By corelight
An IPSec Zeek protocol analyzer based on Spicy.
By corelight
A Zeek OpenVPN protocol analyzer, based on Spicy.
By corelight
A Zeek OSPF packet analyzer, based on Spicy.
By corelight
A Zeek STUN protocol analyzer based on Spicy.
By corelight
A Wireguard VPN protocol analyzer, based on Spicy.
By dopheide
This script replaces the default ssh/interesting-hostnames and reduces the number of asyncrhonous when() calls made by Zeek.
By 0xxon
Two-dimensional buckets for sumstats (count occurences per $str).
By jsiwek
An example Zeek package for testing purposes.
By 0xxon
"This package generates a file called tls.log. The difference from ssl.log is that it is much more focused on logging all kinds of protocol features. This can be interesting for academic purposes - or if one is just interested in more information about specific features used in local TLS traffic."
By tenzir
A package that enables Zeek to communicate with VAST
By corelight
A plugin to find Windows executables that have been XOR encoded.
Page 11 of 12, showing 20 record(s) out of 223 total