Zeek

zeek.org

Awesome Privacy ➔ Networking ➔ Self-Hosted Network Security ➔ Zeek

Detect if you have a malware-infected computer on your network, and powerful network analysis framework and monitor.

Homepage: zeek.org
GitHub: github.com/zeek/zeek
Web info: web-check.xyz/results/zeek.org

Open Source

Zeek Source Code

Author

zeek

Description

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.

#bro#dfir#network-monitoring#nsm#pcap#security#zeek

Homepage

https://www.zeek.org

License

NOASSERTION

Created

06 Jul 12

Last Updated

29 Apr 24

Latest version

v7.0.0-dev

Primary Language

C++

Size

161,733 KB

Stars

5,935

Forks

1,164

Watchers

5,935

Language Usage

Star History

Top Contributors

@jsiwek (3434)
@rsmmr (2732)
@timwoj (1995)
@0xxon (1779)
@awelzel (937)
@vpax (847)
@ckreibich (563)
@grigorescu (282)
@zeek-bot (257)
@sethhall (181)
@MaxKellermann (172)
@bbannier (136)
@mavam (129)
@Neverlord (103)
@J-Gras (102)
@srunnels (52)
@mauropalumbo75 (51)
@JustinAzoff (26)
@FlyingWithJerome (24)
@jsoref (21)
@eladsolomon-ms (21)
@leres (20)
@cstruck (17)
@dnthayer (17)
@ynadji (16)
@AmazingPP (15)
@pbcullen (15)
@1wilkens (14)
@fatemabw (13)
@jbencteux (12)

Recent Commits

Tim Wojtulewicz (29 Apr 24)
Merge remote-tracking branch 'origin/topic/johanna/gh-3700' * origin/topic/johanna/gh-3700: Fix cid propagation into files.log
Tim Wojtulewicz (29 Apr 24)
Merge remote-tracking branch 'origin/topic/vern/script-opt.May24' * origin/topic/vern/script-opt.May24: factored BTest constants into globals to prevent premature ZAM optimization when testing addressed minor issues flagged by Coverity
Tim Wojtulewicz (29 Apr 24)
Merge remote-tracking branch 'origin/topic/timw/val-avoid-type-casting' * origin/topic/timw/val-avoid-type-casting: Avoid calling typecasts in Val when we have direct access to the underlying value object
Johanna Amann (29 Apr 24)
Fix cid propagation into files.log Changes to the connection id were not propagated to files.log in all cases. Fixes GH-3700
Johanna Amann (29 Apr 24)
Update broker submodule [nomail]
Vern Paxson (28 Apr 24)
factored BTest constants into globals to prevent premature ZAM optimization when testing
Vern Paxson (28 Apr 24)
addressed minor issues flagged by Coverity
zeek-bot (27 Apr 24)
Update doc submodule [nomail] [skip ci]
Tim Wojtulewicz (26 Apr 24)
Merge remote-tracking branch 'pbcullen/topic/pbcullen/shadow-file-handling' * pbcullen/topic/pbcullen/shadow-file-handling: reformat changes Gracefully handle empty/missing shadow file
Christian Kreibich (26 Apr 24)
Merge branch 'topic/christian/3671-fix-icmp-caplen-violations' * topic/christian/3671-fix-icmp-caplen-violations: Factor in caplens in ICMPAnalyzer::DeliverPacket length calculations
Tim Wojtulewicz (26 Apr 24)
Update binpac submodule [nomail]
Tim Wojtulewicz (26 Apr 24)
Update gen-zam submodule [nomail]
zeek-bot (26 Apr 24)
Update doc submodule [nomail] [skip ci]
Christian Kreibich (25 Apr 24)
Factor in caplens in ICMPAnalyzer::DeliverPacket length calculations Relying only on the IP-header-provided length could violate buffer boundaries in the endpoints' rule matching. This change mirrors what we do in UDP and TCP. Resolves #3671
Tim Wojtulewicz (24 Apr 24)
Avoid calling typecasts in Val when we have direct access to the underlying value object
Tim Wojtulewicz (25 Apr 24)
Merge remote-tracking branch 'origin/topic/vern/ZAM-perf.Apr24' * origin/topic/vern/ZAM-perf.Apr24: (27 commits) BTest updates for changes due to use of ZAM BiF replacements rewrite of ZAM optimization of BiFs and script functions/idioms flag base script as being known to ZAM optimization ZAM optimization for constructing records w/ fields initialized to network_time factor some functionality used by BiFs to make accessible to ZAM instructions factor script optimization Expr AST nodes out of main AST header new internal AST node for expression idioms with corresponding ZAM built-ins streamlining of expressions only used for script optimization reordering of expressions to match main usage vs. script-optimization extras support for conditional expressions transforming into interal has-elements expr make same_expr() functionality accessible as a utility unify functionality across EqExpr and RelExpr classes introduce notions of script functions/BiFs that are (1) foldable, (2) replaceable optimization of scripting idioms - min/max, has-elements hooks for ZAM optimization of calls to particular functions shift ZAM maintenance monitoring of new BiFs to a BTest so it automatically runs make externally available the expression used for initializating a record field record field initialization optimization: do coercions at compile-time if applicable $ZAM_PROFILE_ALL set tells ZAM to profile function bodies even if not executed performance speed-up for SMB base scripts ...
Vern Paxson (08 Apr 24)
BTest updates for changes due to use of ZAM BiF replacements
Vern Paxson (08 Apr 24)
rewrite of ZAM optimization of BiFs and script functions/idioms
Vern Paxson (08 Apr 24)
flag base script as being known to ZAM optimization
Vern Paxson (08 Apr 24)
ZAM optimization for constructing records w/ fields initialized to network_time
Vern Paxson (08 Apr 24)
factor some functionality used by BiFs to make accessible to ZAM instructions
Vern Paxson (08 Apr 24)
factor script optimization Expr AST nodes out of main AST header
Vern Paxson (08 Apr 24)
new internal AST node for expression idioms with corresponding ZAM built-ins
Vern Paxson (08 Apr 24)
streamlining of expressions only used for script optimization
Vern Paxson (08 Apr 24)
reordering of expressions to match main usage vs. script-optimization extras
Vern Paxson (08 Apr 24)
support for conditional expressions transforming into interal has-elements expr
Vern Paxson (08 Apr 24)
make same_expr() functionality accessible as a utility
Vern Paxson (08 Apr 24)
unify functionality across EqExpr and RelExpr classes
Vern Paxson (08 Apr 24)
introduce notions of script functions/BiFs that are (1) foldable, (2) replaceable
Vern Paxson (08 Apr 24)
optimization of scripting idioms - min/max, has-elements

Zeek Website

Website

The Zeek Network Security Monitor

Zeek (formerly Bro) is the world’s leading platform for network security monitoring. Flexible, open source, and powered by defenders.

Redirects

Redirects to https://zeek.org/

Security Checks

All 66 security checks passed

Server Details

IP Address 192.0.78.150
Location San Francisco, California, United States of America, NA
ISP Automattic Inc
ASN AS2635

Associated Countries

Saftey Score

Website marked as safe

100%

Blacklist Check

zeek.org was found on 0 blacklists

ThreatLog
OpenPhish
PhishTank
Phishing.Database
PhishStats
URLhaus
RPiList Not Serious
AntiSocial Blacklist
PhishFeed
NABP Not Recommended Sites
Spam404
CRDF
Artists Against 419
CERT Polska
PetScams
Suspicious Hosting IP
Phishunt
CoinBlockerLists
MetaMask EthPhishing
EtherScamDB
EtherAddressLookup
ViriBack C2 Tracker
Bambenek Consulting
Badbitcoin
SecureReload Phishing List
Fake Website Buster
TweetFeed
CryptoScamDB
StopGunScams
ThreatFox
PhishFort

Website Preview

View full report at
web-check.xyz

Zeek Reviews

More Self-Hosted Network Security

Pi-Hole
pi-hole.net

Network-level advertisement and Internet tracker blocking application which acts as a DNS sinkhole. Pi-Hole can significantly speed up your internet, remove ads and block malware. It comes with a nice web interface and a mobile app with monitoring features, it's open source, easy to install and very widely used.

Open Source pi-hole/pi-hole

View Pi-Hole Report
Technitium
technitium.com/dns

Another DNS server for blocking privacy-invasive content at its source. Technitium doesn't require much of a setup, and basically works straight out of the box, it supports a wide range of systems (and can even run as a portable app on Windows). It allows you to do some additional tasks, such as add local DNS addresses and zones with specific DNS records. Compared to Pi-Hole, Technitium is very lightweight, but lacks the deep insights that Pi-Hole provides, and has a significantly smaller community behind it.

Open Source TechnitiumSoftware/DnsServer

View Technitium Report
IPFire
ipfire.org

A hardened, versatile, state-of-the-art open source firewall based on Linux. Its ease of use, high performance and extensibility make it usable for everyone.

Open Source ipfire/ipfire-2.x

View IPFire Report
PiVPN
pivpn.io

A simple way to set up a home VPN on any Debian server. Supports OpenVPN and WireGuard with elliptic curve encryption keys up to 512 bit. Supports multiple DNS providers and custom DNS providers - works nicely along-side PiHole.

Open Source pivpn/pivpn

View PiVPN Report
E2guardian
e2guardian.org

Powerful open source web content filter.

Open Source e2guardian/e2guardian

View E2guardian Report
PF Sense
pfsense.org

Widely used, open source firewall/router.

Open Source pfsense/pfsense

View PF Sense Report
Firezone
firezone.dev

Open-source self-hosted VPN and firewall built on WireGuard®.

Open Source firezone/firezone

View Firezone Report

About the Data: Zeek

API

You can access Zeek's data programmatically via our API. Simply make a GET request to:

https://api.awesome-privacy.xyz/networking/self-hosted-network-security/zeek

The REST API is free, no-auth and CORS-enabled. To learn more, view the Swagger Docs or read the API Usage Guide.

About the Data

Beyond the user-submitted YAML you see above, we also augment each listing with additional data dynamically fetched from several sources. To learn more about where the rest of data included in this page comes from, and how it is computed, see the About the Data section of our About page.

Share Zeek

Help your friends compare Self-Hosted Network Security, and pick privacy-respecting software and services.
Share Zeek and Awesome Privacy with your network!

← Previous

PF Sense

View Self-Hosted Network Security (8)

Firezone

Awesome Privacy