Zeek Vulnerability Scan Detector

A vulnerability scan detection script for Zeek. This script simply detects the difference between a basic scan and a vulnerability scan by whether a reasonable amount of data was transferred on a few ports or many hosts in a short period of time.

Many thanks to ncsa/bro-simple-scan on which this script is based.

Usage

$ zkg install https://github.com/lilyinstarlight/zeek-vuln-scan.git

Name		Name	Last commit message	Last commit date
Latest commit History 45 Commits
.github/workflows		.github/workflows
scripts		scripts
tests		tests
.gitignore		.gitignore
CHANGES		CHANGES
COPYING		COPYING
README		README
README.md		README.md
VERSION		VERSION
zkg.meta		zkg.meta

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

.github/workflows

.github/workflows

scripts

scripts

tests

tests

.gitignore

.gitignore

CHANGES

CHANGES

COPYING

COPYING

README

README

README.md

README.md

VERSION

VERSION

zkg.meta

zkg.meta

Repository files navigation

Zeek Vulnerability Scan Detector

Usage

About

Releases

Packages

Languages

License

lilyinstarlight/zeek-vuln-scan

Folders and files

Latest commit

History

Repository files navigation

Zeek Vulnerability Scan Detector

Usage

About

Resources

License

Stars

Watchers

Forks

Languages