Zeek

zeek.org
Zeek

Detect if you have a malware-infected computer on your network, and powerful network analysis framework and monitor.

Open Source

Zeek Source Code

Author

zeek

Description

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.

#bro#dfir#ndr#network-monitoring#nsm#pcap#security#zeek

Homepage

https://www.zeek.org

License

NOASSERTION

Created

06 Jul 12

Last Updated

11 Jul 26

Latest version

v9.0.0-dev

Primary Language

C++

Size

277,057 KB

Stars

7,762

Forks

1,382

Watchers

7,762

Language Usage

Language Usage

Star History

Star History

Top Contributors

Recent Commits

  • Tim Wojtulewicz (10 Jul 26)

    Merge remote-tracking branch 'origin/topic/timw/upgrade-ci-clang-to-clang-22' * origin/topic/timw/upgrade-ci-clang-to-clang-22: CCI: Update date for debian-12 image Fix additional warning from clang-tidy-22 CI: Use newer ubuntu-24.04 image and clang-22 CI: Install clang-22 in ubuntu-24.04 Dockerfile

  • Tim Wojtulewicz (08 Jul 26)

    CCI: Update date for debian-12 image

  • Tim Wojtulewicz (08 Jul 26)

    Fix additional warning from clang-tidy-22

  • Tim Wojtulewicz (07 Jul 26)

    CI: Use newer ubuntu-24.04 image and clang-22

  • Tim Wojtulewicz (07 Jul 26)

    CI: Install clang-22 in ubuntu-24.04 Dockerfile

  • Arne Welzel (09 Jul 26)

    Merge remote-tracking branch 'origin/topic/awelzel/skip-check-for-docs-only' * origin/topic/awelzel/skip-check-for-docs-only: github/workflows/check: Skip check.yml workflow for docs only changes

  • Tim Wojtulewicz (09 Jul 26)

    Merge remote-tracking branch 'origin/topic/timw/clean-up-ubsan-cmake-setup' * origin/topic/timw/clean-up-ubsan-cmake-setup: Enable UBSan 'builtin' and 'pointer-overflow' checks Reformat list of enabled/disabled checks in CMakeLists.txt

  • Tim Wojtulewicz (21 Jun 26)

    Enable UBSan 'builtin' and 'pointer-overflow' checks These two weren't implemented by various old versions of GCC when we added UBSan support, but they're ok in newer versions.

  • Tim Wojtulewicz (21 Jun 26)

    Reformat list of enabled/disabled checks in CMakeLists.txt

  • Arne Welzel (09 Jul 26)

    github/workflows/check: Skip check.yml workflow for docs only changes Directly from the docs: https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#example-excluding-paths

  • zeek-bot (09 Jul 26)

    Docs: Regenerated via GitHub workflow [nomail] [skip ci]

  • Tim Wojtulewicz (08 Jul 26)

    Merge remote-tracking branch 'origin/topic/awelzel/revert-util-fmt-fprintf-and-assert' * origin/topic/awelzel/revert-util-fmt-fprintf-and-assert: util/fmt: Remove non-main thread warning / abort() again

  • Arne Welzel (08 Jul 26)

    util/fmt: Remove non-main thread warning / abort() again JavaScript code execution does not happen on the main thread. Execution is offloaded to a separate thread while Zeek's main thread is fully paused until JavaScript execution completes at which point the main thread resumes. The util::fmt() function is reachable through various paths from JavaScript by using zeek.invoke() to execute Zeek script or builtin functions. This triggers the just added fprintf() / abort() from commit d6db4402db3bcdfdbd374ad70540d03e679d2d2b. Revert this logic as it's a false positive for this particular case and it wasn't the greatest idea.

  • Evan Typanski (08 Jul 26)

    Merge remote-tracking branch 'origin/topic/etyp/openssl-configure-stall' * origin/topic/etyp/openssl-configure-stall: Bump cmake for OpenSSL includes Fix stall with OpenSSL check on Mac with ASAN

  • Arne Welzel (08 Jul 26)

    Merge remote-tracking branch 'origin/topic/awelzel/skip-zeekjs-on-debian-12' * origin/topic/awelzel/skip-zeekjs-on-debian-12: ci/NEWS: Skip installing libnode-dev on Debian 12

  • Evan Typanski (07 Jul 26)

    Bump cmake for OpenSSL includes

  • Evan Typanski (08 Jul 26)

    Merge remote-tracking branch 'origin/topic/etyp/leak-asan-cycle' * origin/topic/etyp/leak-asan-cycle: Disable leak checking on cycle test

  • Johanna Amann (08 Jul 26)

    Merge remote-tracking branch 'origin/topic/johanna/bif-doc-fixes' * origin/topic/johanna/bif-doc-fixes: Protocol/file analysis bif doc fixes

  • Evan Typanski (08 Jul 26)

    Disable leak checking on cycle test I broke ASAN with #5593 Also switches other uses of `ASAN_OPTIONS` to use the correct separator.

  • Arne Welzel (08 Jul 26)

    ci/NEWS: Skip installing libnode-dev on Debian 12 The Debian 12 build fails because GCC 12.x doesn't yet have <format>. <...>/zeek/auxil/zeekjs/src/Nodejs.cc:7:10: fatal error: format: No such file or directory 7 | #include <format> | ^~~~~~~~ And seems fine to me to require a more recent distribution when JavaScript is enabled. Debian 13 has been released almost a year ago, JavaScript does have the experimental sticker still, and I don't think this will affect enough users to be worth a libfmt fallback. I'd be positively surprised if that's wrong :-)

  • Johanna Amann (04 Jun 26)

    Protocol/file analysis bif doc fixes This commit applies a range of small documentation fixes to some of the analyzer and file_analyzer bifs. This includes minor formatting changes, fixed todos, typos, unfinished sentences, and a couple of incorrect statements. This was made with the help of Claufe Opus 4.7 (which found the issues), and then manually edited. I understand and verified all of the changes.

  • Arne Welzel (08 Jul 26)

    Merge branch 'smtp_docs' of https://github.com/malvidin/zeek * 'smtp_docs' of https://github.com/malvidin/zeek: Align RCPT TO comment with docs Clarify SMTP documentation Remove email header label for SMTP commands Expand Message-ID & Reply-To to match RFC822

  • Steven (08 Jul 26)

    Align RCPT TO comment with docs

  • Steven (08 Jul 26)

    Clarify SMTP documentation Remove email header label for SMTP commands Expand Message-ID & Reply-To to match RFC822

  • Arne Welzel (08 Jul 26)

    Merge branch 'topic/vfmt-thread-safety-callers' of https://github.com/stefangoetzcorelight/zeek * 'topic/vfmt-thread-safety-callers' of https://github.com/stefangoetzcorelight/zeek: util/fmt: guard fmt() misuse util/fmt: Use thread-safe Fmt() in backend threads Modified to always emit the warning once, abort() in DEBUG only.

  • Arne Welzel (08 Jul 26)

    Merge remote-tracking branch 'origin/topic/awelzel/bump-zeekjs-0-24-0' * origin/topic/awelzel/bump-zeekjs-0-24-0: Bump zeekjs to v0.24.0

  • zeek-bot (08 Jul 26)

    Docs: Regenerated via GitHub workflow [nomail] [skip ci]

  • Tim Wojtulewicz (07 Jul 26)

    Merge remote-tracking branch 'origin/topic/christian/broker-backpressure-tests' * origin/topic/christian/broker-backpressure-tests: Add Broker backpressure tests

  • Evan Typanski (07 Jul 26)

    Merge remote-tracking branch 'origin/topic/etyp/val-recursion' * origin/topic/etyp/val-recursion: Fix infinite recursion in val describe

  • Stefan Götz (06 Jul 26)

    util/fmt: guard fmt() misuse util::fmt() uses a single process-global buffer, so it is only safe on the main thread: a backend thread calling it can overwrite the buffer while the main thread still holds a returned pointer (e.g. across the copy_string() in Writer/ReaderFrontend), leading to corruption. Add a DEBUG-only assertion in vfmt() that aborts if it is called off the main thread. Make code comments more explicit about correct use.

Zeek Security

7/10

Repo Security Summary

Updated 29 Jun 26 Fuzz tested

  • Code-Review 8/10
  • Maintained 10/10
  • Security-Policy 9/10
  • CII-Best-Practices 0/10
  • Dangerous-Workflow 10/10
  • Token-Permissions 0/10
  • License 9/10
  • Fuzzing 10/10
  • Packaging 10/10
  • Branch-Protection N/A
  • Signed-Releases 8/10
  • Binary-Artifacts 10/10
  • SAST 0/10
  • Pinned-Dependencies 1/10

Zeek Website

Website

The Zeek Network Security Monitor

Zeek (formerly Bro) is the world’s leading platform for network security monitoring. Flexible, open source, and powered by defenders.

Redirects

Redirects to https://zeek.org/

Security Checks

All 65 security checks passed

Server Details

  • IP Address 192.0.78.212
  • Location San Francisco, California, United States of America, NA
  • ISP Automattic Inc
  • ASN AS2635

Associated Countries

  • US US
  • FR FR
  • CA CA

Safety Score

Website marked as safe

100%

Blacklist Check

zeek.org was found on 0 blacklists

  • AntiSocial Blacklist
  • Artists Against 419
  • Badbitcoin
  • Bambenek Consulting
  • CERT Polska
  • CoinBlockerLists
  • CRDF
  • CryptoScamDB
  • EtherAddressLookup
  • EtherScamDB
  • Fake Website Buster
  • MetaMask EthPhishing
  • NABP Not Recommended Sites
  • OpenPhish
  • PetScams
  • PhishFeed
  • PhishFort
  • Phishing.Database
  • PhishStats
  • PhishTank
  • Phishunt
  • RPiList Not Serious
  • Scam.Directory
  • SecureReload Phishing List
  • Spam404
  • StopGunScams
  • Suspicious Hosting IP
  • ThreatFox
  • ThreatLog
  • TweetFeed
  • URLhaus
  • ViriBack C2 Tracker

Website Preview

Website preview

Zeek Reviews

More Self-Hosted Network Security

About the Data: Zeek

API

You can access Zeek's data programmatically via our API. Simply make a GET request to:

https://api.awesome-privacy.xyz/v1/services/zeek

The REST API is free, no-auth and CORS-enabled. To learn more, view the API Docs or read the API Usage Guide.

Share Zeek

Help your friends compare Self-Hosted Network Security, and pick privacy-respecting software and services.
Share Zeek and Awesome Privacy with your network!

View Self-Hosted Network Security (8)