Zeek
zeek.org Server/ VM/ Pi
Zeek (formally Bro) Passively monitors network traffic and looks for suspicious activity.
- Homepage: zeek.org
- GitHub: github.com/zeek/zeek
- Web info: web-check.xyz/check/zeek.org
Zeek Source Code
Author
Description
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.
Homepage
https://www.zeek.orgLicense
NOASSERTION
Created
06 Jul 12
Last Updated
16 Jun 26
Latest version
Primary Language
C++
Size
264,956 KB
Stars
7,727
Forks
1,370
Watchers
7,727
Language Usage
Star History
Top Contributors
-
@timwoj (3656)
-
@jsiwek (3546)
-
@rsmmr (2448)
-
@awelzel (2212)
-
@0xxon (2024)
-
@vpax (1117)
-
@ckreibich (815)
-
@zeek-bot (452)
-
@bbannier (314)
-
@grigorescu (284)
-
@evantypanski (176)
-
@J-Gras (173)
-
@MaxKellermann (172)
-
@mavam (129)
-
@Neverlord (116)
-
@sethhall (80)
-
@srunnels (52)
-
@mauropalumbo75 (51)
-
@dxbjavid (32)
-
@FlyingWithJerome (24)
-
@eladsolomon-ms (23)
-
@JustinAzoff (23)
-
@fatemabw (21)
-
@leres (21)
-
@jsoref (21)
-
@dnthayer (21)
-
@AmazingPP (20)
-
@ynadji (18)
-
@cstruck (17)
-
@pbcullen (17)
-
@1wilkens (14)
-
@jbencteux (12)
-
@dependabot[bot] (12)
-
@jshlbrd (11)
-
@dopheide-esnet (10)
-
@jwallior (10)
-
@hosom (9)
-
@p-l- (8)
-
@ekoyle (7)
-
@jsbarber (7)
-
@jrolli (7)
-
@stevesmoot (6)
-
@jeff-bb (6)
-
@grapestems (6)
-
@marktayl (6)
-
@dale-lakes (5)
-
@yunzheng (5)
-
@micrictor (5)
-
@ronwellman (4)
-
@urvalkheni (4)
-
@MP-Corelight (4)
-
@jasonlue (4)
-
@wglodek (4)
-
@balintm (4)
-
@sujalavnelavai (4)
-
@sheharbano (4)
-
@aeppert (4)
-
@moshekaplan (4)
-
@lukevalenta (4)
-
@henridf (4)
-
@martincmr (3)
-
@keithjjones (3)
-
@kshitiz-bartariya (3)
-
@bhaskarbhar (3)
-
@msmiley (3)
-
@lcesarz (3)
-
@cubic1271 (3)
-
@frerich (3)
-
@abdelsaxd (2)
-
@The-Alchemist (2)
-
@Mr-Click (2)
-
@anthonykasza (2)
-
@cccs-will (2)
-
@christina23 (2)
-
@jgvt (2)
-
@jmestwa-coder (2)
-
@naveensrinivasan (2)
-
@voidbar (2)
-
@xb-anssi (2)
-
@XueSongTap (2)
-
@dcode (2)
-
@petiepooo (2)
-
@LBLSecurity (2)
-
@albertzaharovits (2)
-
@abenson (2)
-
@assafmo (2)
-
@edoardomich (2)
-
@zambo99 (2)
-
@Ruddxxy (2)
-
@neu5ron (2)
-
@Mymaqn (2)
-
@Mohan-Dhawan (2)
-
@juno0812 (2)
-
@perkinjo (2)
-
@hillu (2)
-
@olaldiko (2)
-
@airshelley (1)
-
@agent-connor (1)
-
@gkso (1)
-
@0xekez (1)
Recent Commits
-
Merge remote-tracking branch 'origin/topic/awelzel/sip-fix-as-count-error-to-weird' * origin/topic/awelzel/sip-fix-as-count-error-to-weird: sip: Weird on invalid CONTENT-LENGTH headers
-
Merge remote-tracking branch 'origin/topic/awelzel/smb1-write-andx-response' * origin/topic/awelzel/smb1-write-andx-response: smb/smb1_writex_and_response: Fix written_high int overflow by using <<
-
Merge remote-tracking branch 'origin/topic/awelzel/utils-atoi-n-overflow' * origin/topic/awelzel/utils-atoi-n-overflow: utils/atoi_n: Switch to std::from_chars utils/atoi_n: Reject neg for unsigned, prevent overflow for signed utils/atoi_n: Prevent overflows and fix digit parsing for base < 10
-
utils/atoi_n: Switch to std::from_chars This does all the hard work already.
-
utils/atoi_n: Reject neg for unsigned, prevent overflow for signed Mostly add tests for parsing edge cases of int8_t before switching to std::from_chars.
-
utils/atoi_n: Prevent overflows and fix digit parsing for base < 10 Fuzzing with UBSAN triggered the n = n * base + d line as overflowing, incorporate the atoi_n changes from Spicy also in the Zeek code and add some tests for the edge cases. Reference zeek/spicy#2382 zeek/spicy#2397
-
Merge remote-tracking branch 'origin/topic/timw/circleci-include-plugins-zeekctl-testing' * origin/topic/timw/circleci-include-plugins-zeekctl-testing: Add zeekctl and include-plugin testing to CircleCI config
-
Add zeekctl and include-plugin testing to CircleCI config
-
Update zeek-testing commit hash to latest commit
-
Merge remote-tracking branch 'origin/topic/bbannier/gh-ci-skip-in-private-repo' * origin/topic/bbannier/gh-ci-skip-in-private-repo: Skip GH CI when running in private repos [skip ci]
-
Merge remote-tracking branch 'origin/topic/timw/ignore-libkqueue-headers-for-clang-tidy' * origin/topic/timw/ignore-libkqueue-headers-for-clang-tidy: Ignore build-time-generated libkqueue headers for clang-tidy
-
Merge remote-tracking branch 'origin/topic/timw/circleci-disable-default-buildx-attestations' * origin/topic/timw/circleci-disable-default-buildx-attestations: Disable default buildx attestations when building docker images
-
sip: Weird on invalid CONTENT-LENGTH headers Commit b02623bb74772a859eb2f8494c3e86bef1ddcf35 changed to_count() usage to "as count" casts which is stricter for trailing and fronting whitespace. For this specific usage seems better to just weird if the conversion isn't possible. This was found by OSS-Fuzz because it has "abort on scripting" errors enabled. Fix and triage done by me, test PCAP and btest almsot autonomously via an LLM.
-
smb/smb1_writex_and_response: Fix written_high int overflow by using << The uint16 written_high is promoted to int before the multiplication and potentially causes the sign-bit of the int be set, causing UBSAN to report an overflow: /src/zeek/build/src/analyzer/protocol/smb/smb_pac.cc:8456:40: runtime error: signed integer overflow: 56387 * 65536 cannot be represented in type 'int' Bit-shifting with 16 has the same effect, but is not undefined with C++20 anymore, so use this. Alternative would be to create a written_high32 intermediary in the &let section, but the data_len of the write_andx_request uses shifting, too.
-
Merge remote-tracking branch 'origin/topic/awelzel/fix-some-pedantic-things' * origin/topic/awelzel/fix-some-pedantic-things: telemetry/ProcessStats: Use %lu for rss_pages binpac: Fix %3o / %2x / %x parsing expecting unsigned int zeek.bif: Fix %hhx expecting unsigned char Fix some %p expecting void* warnings BasicThread/Reporter/Debug/AnalyzerSet: Fix stray semicolon
-
Disable default buildx attestations when building docker images
-
Ignore build-time-generated libkqueue headers for clang-tidy
-
Merge remote-tracking branch 'origin/topic/timw/circleci-general-fixes' * origin/topic/timw/circleci-general-fixes: Fix token usage for GH API requests Pass -y to brew in macOS prepare.sh script Set ZEEK_CI_CPUS based on a parameter for some jobs
-
Fix token usage for GH API requests
-
Pass -y to brew in macOS prepare.sh script
-
Set ZEEK_CI_CPUS based on a parameter for some jobs
-
Merge remote-tracking branch 'origin/topic/timw/update-to-latest-upstream-libkqueue' * origin/topic/timw/update-to-latest-upstream-libkqueue: Update to latest upstream libkqueue
-
Update to latest upstream libkqueue
-
Skip GH CI when running in private repos [skip ci] The matrix in our GH CI is huge so it requires a lot of compute. This is fine for public repos which have no compute limit, but an issue for private versions where we would run out of credits in days or hours. With this patch we now only run this CI job if we are in a public repo. An alternative approach would have been to hardcode the repo name, but that would have meant that users couldn't run CI in their forks at all, while now we at least gatekeep on public forks.
-
telemetry/ProcessStats: Use %lu for rss_pages We read into an unsigned long and the value should always be positive. This squelches: ProcessStats.cc:154:29: warning: format ‘%ld’ expects argument of type ‘long int*’, but argument 6 has type ‘long unsigned int*’ [-Wformat=]
-
binpac: Fix %3o / %2x / %x parsing expecting unsigned int
-
zeek.bif: Fix %hhx expecting unsigned char
-
Fix some %p expecting void* warnings
-
BasicThread/Reporter/Debug/AnalyzerSet: Fix stray semicolon
-
Docs: Regenerated via GitHub workflow [nomail] [skip ci]
Zeek Security
Zeek Website
Website
The Zeek Network Security Monitor
Zeek (formerly Bro) is the world’s leading platform for network security monitoring. Flexible, open source, and powered by defenders.
Redirects
Does not redirect
Security Checks
All 65 security checks passed
Server Details
- IP Address 192.0.78.212
- Location San Francisco, California, United States of America, NA
- ISP Automattic Inc
- ASN AS2635
Associated Countries
-
US -
CA -
FR
Safety Score
Website marked as safe
100%
Blacklist Check
zeek.org was found on 0 blacklists
- AntiSocial Blacklist
- Artists Against 419
- Badbitcoin
- Bambenek Consulting
- CERT Polska
- CoinBlockerLists
- CRDF
- CryptoScamDB
- EtherAddressLookup
- EtherScamDB
- Fake Website Buster
- MetaMask EthPhishing
- NABP Not Recommended Sites
- OpenPhish
- PetScams
- PhishFeed
- PhishFort
- Phishing.Database
- PhishStats
- PhishTank
- Phishunt
- RPiList Not Serious
- Scam.Directory
- SecureReload Phishing List
- Spam404
- StopGunScams
- Suspicious Hosting IP
- ThreatFox
- ThreatLog
- TweetFeed
- URLhaus
- ViriBack C2 Tracker
Website Preview
Zeek Reviews
More Intrusion Detection
-
An 802.11 layer2 wireless network detector, sniffer, and intrusion detection system.
-
OSSEC is an Open Source host-based intrusion detection system, that performs log analysis, integrity checking, monitoring, rootkit detection, real-time alerting and active response.
-
picosnitch helps protect your security and privacy by "snitching" on anything that connects to the internet, letting you know when, how much data was transferred, and to where. It uses BPF to monitor network traffic per application, and per parent to cover those that just call others. It also hashes every executable, and will complain if some mischievous program is giving it trouble.
-
SNARE (System iNtrusion Analysis and Reporting Environment) is a series of log collection agents that facilitate centralized analysis of audit log data. Logs from the OS are collected and audited. Full remote access, through a web interface easy to use manually, or by an automated process.
Not Open Source
About the Data: Zeek
API
You can access Zeek's data programmatically via our API. Simply make a GET request to:
https://api.awesome-privacy.xyz/v1/services/zeekThe REST API is free, no-auth and CORS-enabled. To learn more, view the API Docs or read the API Usage Guide.
Share Zeek
Help your friends compare Intrusion Detection, and pick
privacy-respecting software and services.
Share Zeek and Awesome Privacy with your network!