Razorback is a framework for an intelligence driven security solution.
It consists of a Dispatcher at the core of the system, surrounded by
Nuggets of varying types.
The scripting nugget uses XML across named pipes to pass registration,
alerting and logging information back to the system. This allows the
use of any scripting (or even compiled) language that can pass XML out
STDOUT with Razorback.
Razorback is a framework for an intelligence driven security solution.
It consists of a Dispatcher at the core of the system, surrounded by
Nuggets of varying types.
SWF Nugget is a Razorback Detection Nugget that scans Flash files
collected by Razorback Collector Nuggets. SWF Nugget decompresses
(as necessary) and parses Flash files to detect attacks exploiting
known vulnerabilities.
The scan results are sent back to Razorback Dispatcher to correlate
with other Razorback Nuggets.
Razorback is a framework for an intelligence driven security solution.
It consists of a Dispatcher at the core of the system, surrounded by
Nuggets of varying types.
This nugget provides logging output via syslog.
Razorback is a framework for an intelligence driven security solution.
It consists of a Dispatcher at the core of the system, surrounded by
Nuggets of varying types.
This nugget checks the VirusTotal API for the MD5 of the submitted file.
If the file is found, the short data of the alert will contain the results
from the JSON response from VirusTotal.
Razorback is a framework for an intelligence driven security solution.
It consists of a Dispatcher at the core of the system, surrounded by
Nuggets of varying types.
The Yara nugget allows modified Yara rules to dictate which flags are
set when they alert.
shimmer is a pair of small programs (a client and a server) that provide an
alternative to port knocking program such as tumbler and are used to hide a
valuable port (such as a hidden web server or SSH) on a public IP address.
smap is a simple scanner for SIP enabled devices
smap sends off various SIP requests awaiting responses from SIP
enabled DSL router, proxies and user agents. It could be considered
a mashup of nmap and sipsak ;)
ssdeep is a tool for computing context triggered piecewise hashes.
Unlike other hash calculators such as md5, it supports partial match between
the original file and modified/truncated files. It can also compute the
degree of similarity between files.
PAM module which permits authentication for arbitrary services via
ssh-agent. Written with sudo in mind, but like any auth PAM module,
can be used for many purposes.
The Nmap::Parser library provides a Ruby interface to
Nmap's scan data. It can run Nmap and parse its XML
output directly from the scan, parse a file containing
the XML data from a separate scan, parse a String of
XML data from a scan, or parse XML data from an object
via its read() method. This information is presented
in an easy-to-use and intuitive fashion for storage
and manipulation.