Zeek

zeek.org
Zeek Icon

Detect if you have a malware-infected computer on your network, and powerful network analysis framework and monitor.

Open Source

Zeek Source Code

Author

zeek

Description

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.

#bro#dfir#network-monitoring#nsm#pcap#security#zeek

Homepage

https://www.zeek.org

License

NOASSERTION

Created

06 Jul 12

Last Updated

05 Oct 24

Latest version

v7.1.0-dev

Primary Language

C++

Size

172,970 KB

Stars

6,391

Forks

1,210

Watchers

6,391

Language Usage

Language Usage

Star History

Star History

Recent Commits

  • Arne Welzel (28 Sept 24)

    POP3: Rework unbounded pending command fix Processing out-of-order commands or finishing commands based on invalid server responses resulted in inconsistent analyzer state, potentially triggering null pointer references for crafted traffic. This commit reworks cf9fe91705f878e94ae14b373e5e5ea212273e2f such that too many pending commands are simply discarded, rather than any attempt being made to process them. Further, invalid server responses do not result in command completion anymore. Test PCAP was crafted based on traffic produced by the OSS-Fuzz reproducer. Closes #215

  • Christian Kreibich (04 Oct 24)

    Merge branch 'topic/christian/bump-cluster-testing' * topic/christian/bump-cluster-testing: Bump zeek-testing-cluster to pull in a baseline update

  • Christian Kreibich (04 Oct 24)

    Bump zeek-testing-cluster to pull in a baseline update The recently expanded `Describe()` output (c0ffaabe) caused one test to complain.

  • Arne Welzel (04 Oct 24)

    Merge remote-tracking branch 'origin/topic/etyp/centos-missing-file-test-fail' * origin/topic/etyp/centos-missing-file-test-fail: Fix flaky `missing-file-initially` test

  • Evan Typanski (04 Oct 24)

    Fix flaky `missing-file-initially` test That test got flaky probably from #3949 on centosstream9 CI. You can replicate that behavior by increasing the sleep time when waiting for the file such that the test will attempt to read the missing file again. Since the one second wait for file is glacially slow for this, speeding it up should mean that the file gets created sooner and so the test won't try to open the file again. But, it's always still technically possible, since the test will wait for 10 seconds and the heartbeat seems to be 1 second. At least if that happens, it's probably a bug or massive slowdown of some kind.

  • Benjamin Bannier (04 Oct 24)

    Merge branch 'topic/bbannier/spicyz-usage'

  • Benjamin Bannier (04 Oct 24)

    Add missing newline in `spicyz` usage message

  • Arne Welzel (02 Oct 24)

    Merge remote-tracking branch 'origin/topic/etyp/bg-test-nondeterminism' * origin/topic/etyp/bg-test-nondeterminism: Fix input error test nondeterminism

  • Evan Typanski (02 Oct 24)

    Fix input error test nondeterminism It seems like other similar tests get by because they have more "stuff" before they call `terminate()` most likely. But, to be safe, just removing the "received termination signal" line seems like the best approach.

  • Arne Welzel (01 Oct 24)

    Merge remote-tracking branch 'origin/topic/etyp/remove-duplicate-table-warns' * origin/topic/etyp/remove-duplicate-table-warns: Report suppressed warnings count Avoid duplicating warnings when reading table

  • Evan Typanski (27 Sept 24)

    Report suppressed warnings count This also triggers if there is one warning, which seems a little weird, but it seems mostly reasonable.

  • Evan Typanski (24 Sept 24)

    Avoid duplicating warnings when reading table Invalid lines in a file was the one case that would not suppress future warnings. Just make it suppress warnings too, but clear that suppression if there is a field in between that doesn't error. Fixes #3692

  • zeek-bot (28 Sept 24)

    Update doc submodule [nomail] [skip ci]

  • Christian Kreibich (27 Sept 24)

    Merge branch 'topic/vern/script-opt-maint.Sep24B' * topic/vern/script-opt-maint.Sep24B: factoring of logic used by ZAM's low-level optimizer when adjusting control flow info BTest baseline update for more complete function/lambda names tweak to -O gen-C++ maintenance script to avoid treating plugins as BTests fixed lambda hash collision bug due to function descriptions lacking full parameter information fixes (to avoid collisions) for AST profiling's function hash computations removed unused ZAM cast-to-any operation fixes for ZAM tracking the return type associated with function calls ZAM control-flow tracking now explicitly includes the ends of loops fix for ZAM identification of common subexpressions "-O dump-final-ZAM" option similar to "dump-ZAM" only prints final version of functions fix for setting object locations to avoid use-after-free situation extended "-O allow-cond" to apply to both gen-C++ and gen-standalone-C++ -O gen-C++ fix for run-time warnings for "when" lambdas fix to -O gen-C++ for recent AST profiling changes for identifying function parameters fix to -O gen-C++ for dealing with "hidden" parameters tweak to prevent an incorrect warning for scripts compiled to C++ fixed overly narrow Spicy test for manipulating packet analyzers fixed memory leak for recursive ZAM functions that exit via an exception remove unnecessary header include

  • Vern Paxson (27 Sept 24)

    factoring of logic used by ZAM's low-level optimizer when adjusting control flow info

  • Vern Paxson (11 Sept 24)

    BTest baseline update for more complete function/lambda names

  • Vern Paxson (12 Sept 24)

    tweak to -O gen-C++ maintenance script to avoid treating plugins as BTests

  • Vern Paxson (11 Sept 24)

    fixed lambda hash collision bug due to function descriptions lacking full parameter information

  • Vern Paxson (11 Sept 24)

    fixes (to avoid collisions) for AST profiling's function hash computations

  • Vern Paxson (11 Sept 24)

    removed unused ZAM cast-to-any operation

  • Vern Paxson (11 Sept 24)

    fixes for ZAM tracking the return type associated with function calls

  • Vern Paxson (11 Sept 24)

    ZAM control-flow tracking now explicitly includes the ends of loops

  • Vern Paxson (11 Sept 24)

    fix for ZAM identification of common subexpressions

  • Vern Paxson (11 Sept 24)

    "-O dump-final-ZAM" option similar to "dump-ZAM" only prints final version of functions

  • Vern Paxson (11 Sept 24)

    fix for setting object locations to avoid use-after-free situation

  • Vern Paxson (11 Sept 24)

    extended "-O allow-cond" to apply to both gen-C++ and gen-standalone-C++

  • Vern Paxson (11 Sept 24)

    -O gen-C++ fix for run-time warnings for "when" lambdas

  • Vern Paxson (11 Sept 24)

    fix to -O gen-C++ for recent AST profiling changes for identifying function parameters

  • Vern Paxson (11 Sept 24)

    fix to -O gen-C++ for dealing with "hidden" parameters

  • Vern Paxson (11 Sept 24)

    tweak to prevent an incorrect warning for scripts compiled to C++

Zeek Website

Website

The Zeek Network Security Monitor

Zeek (formerly Bro) is the world’s leading platform for network security monitoring. Flexible, open source, and powered by defenders.

Redirects

Redirects to https://zeek.org/

Security Checks

All 66 security checks passed

Server Details

  • IP Address 192.0.78.150
  • Location San Francisco, California, United States of America, NA
  • ISP Automattic Inc
  • ASN AS2635

Associated Countries

  • US

Saftey Score

Website marked as safe

100%

Blacklist Check

zeek.org was found on 0 blacklists

  • ThreatLog
  • OpenPhish
  • PhishTank
  • Phishing.Database
  • PhishStats
  • URLhaus
  • RPiList Not Serious
  • AntiSocial Blacklist
  • PhishFeed
  • NABP Not Recommended Sites
  • Spam404
  • CRDF
  • Artists Against 419
  • CERT Polska
  • PetScams
  • Suspicious Hosting IP
  • Phishunt
  • CoinBlockerLists
  • MetaMask EthPhishing
  • EtherScamDB
  • EtherAddressLookup
  • ViriBack C2 Tracker
  • Bambenek Consulting
  • Badbitcoin
  • SecureReload Phishing List
  • Fake Website Buster
  • TweetFeed
  • CryptoScamDB
  • StopGunScams
  • ThreatFox
  • PhishFort

Website Preview

Zeek Reviews

More Self-Hosted Network Security

About the Data: Zeek

API

You can access Zeek's data programmatically via our API. Simply make a GET request to:

https://api.awesome-privacy.xyz/networking/self-hosted-network-security/zeek

The REST API is free, no-auth and CORS-enabled. To learn more, view the Swagger Docs or read the API Usage Guide.

About the Data

Beyond the user-submitted YAML you see above, we also augment each listing with additional data dynamically fetched from several sources. To learn more about where the rest of data included in this page comes from, and how it is computed, see the About the Data section of our About page.

Share Zeek

Help your friends compare Self-Hosted Network Security, and pick privacy-respecting software and services.
Share Zeek and Awesome Privacy with your network!

View Self-Hosted Network Security (8)