Zeek

zeek.org

Awesome Privacy ➔ Networking ➔ Self-Hosted Network Security ➔ Zeek

Detect if you have a malware-infected computer on your network, and powerful network analysis framework and monitor.

Homepage: zeek.org
GitHub: github.com/zeek/zeek
Web info: web-check.xyz/results/zeek.org

Open Source

Zeek Source Code

Author

zeek

Description

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.

#bro#dfir#network-monitoring#nsm#pcap#security#zeek

Homepage

https://www.zeek.org

License

NOASSERTION

Created

06 Jul 12

Last Updated

28 Mar 24

Latest version

v7.0.0-dev

Primary Language

C++

Size

160,192 KB

Stars

5,859

Forks

1,155

Watchers

5,859

Language Usage

Star History

Top Contributors

@jsiwek (3434)
@rsmmr (2726)
@timwoj (1969)
@0xxon (1772)
@awelzel (937)
@vpax (814)
@ckreibich (552)
@grigorescu (282)
@zeek-bot (253)
@sethhall (181)
@MaxKellermann (172)
@bbannier (133)
@mavam (129)
@Neverlord (103)
@J-Gras (102)
@srunnels (52)
@mauropalumbo75 (51)
@JustinAzoff (26)
@FlyingWithJerome (24)
@jsoref (21)
@eladsolomon-ms (21)
@leres (20)
@cstruck (17)
@dnthayer (17)
@ynadji (16)
@AmazingPP (15)
@devbali (14)
@1wilkens (14)
@fatemabw (13)
@jbencteux (12)

Recent Commits

Robin Sommer (25 Mar 24)
Merge remote-tracking branch 'origin/topic/robin/bump-spicy' * origin/topic/robin/bump-spicy: Bump Spicy to current `main`.
Robin Sommer (25 Mar 24)
Bump Spicy to current `main`.
Tim Wojtulewicz (19 Mar 24)
Merge remote-tracking branch 'origin/topic/vern/fine-grained-ZAM-profiling' * origin/topic/vern/fine-grained-ZAM-profiling: tie into updates to gen-zam ZAM documentation updated to reflect finer-grained profiling ZAM-specific BTest baseline changes for tweak to how ZAM bodies print BTest baseline changes for tweak to how ZAM bodies print ZAM execution changes to support richer profiling use richer block-aware location information for ZAM instructions better isolation of ZAM instruction elements hooks for tracking extended ZAM profiling location framework for --enable-ZAM-profiling configuration profiles go to zprof.log rather than stdout ZAM classes in support of finer-grained profiling refined ZAM function profiling to include (correct) statement line number blocks avoid potentially expensive mallinfo() call if result won't be used
Vern Paxson (10 Mar 24)
tie into updates to gen-zam
Vern Paxson (10 Mar 24)
ZAM documentation updated to reflect finer-grained profiling
Vern Paxson (10 Mar 24)
ZAM-specific BTest baseline changes for tweak to how ZAM bodies print
Vern Paxson (10 Mar 24)
BTest baseline changes for tweak to how ZAM bodies print
Vern Paxson (10 Mar 24)
ZAM execution changes to support richer profiling
Vern Paxson (10 Mar 24)
use richer block-aware location information for ZAM instructions
Vern Paxson (10 Mar 24)
better isolation of ZAM instruction elements hooks for tracking extended ZAM profiling location
Vern Paxson (10 Mar 24)
framework for --enable-ZAM-profiling configuration profiles go to zprof.log rather than stdout
Vern Paxson (10 Mar 24)
ZAM classes in support of finer-grained profiling
Vern Paxson (10 Mar 24)
refined ZAM function profiling to include (correct) statement line number blocks
Vern Paxson (10 Mar 24)
avoid potentially expensive mallinfo() call if result won't be used
Tim Wojtulewicz (19 Mar 24)
Merge remote-tracking branch 'origin/topic/timw/fix-std-function-stmt' * origin/topic/timw/fix-std-function-stmt: Remove variant from StdFunctionStmt
Tim Wojtulewicz (19 Mar 24)
Remove variant from StdFunctionStmt The variant ended up conflicting with std::bind, which resulted in failures on the btest invoking it. Change back to a single function that takes a flow, and default it to a value in Exec.
Tim Wojtulewicz (18 Mar 24)
Merge remote-tracking branch 'origin/topic/timw/std-function-event-handler' * origin/topic/timw/std-function-event-handler: Add a method to register an event handler to a std::function via C++
Tim Wojtulewicz (08 Mar 24)
Add a method to register an event handler to a std::function via C++
Tim Wojtulewicz (18 Mar 24)
Merge remote-tracking branch 'origin/topic/neverlord/broker-bump' * origin/topic/neverlord/broker-bump: Update Broker submodule
Dominik Charousset (24 Feb 24)
Update Broker submodule
Arne Welzel (18 Mar 24)
Merge remote-tracking branch 'origin/topic/awelzel/remove-superflous-aws-ecr-username' * origin/topic/awelzel/remove-superflous-aws-ecr-username: cirrus: Remove misleading and always empty AWS_ECR_USERNAME
Arne Welzel (18 Mar 24)
cirrus: Remove misleading and always empty AWS_ECR_USERNAME
Arne Welzel (18 Mar 24)
Merge remote-tracking branch 'origin/topic/awelzel/3442-evt-port-deprecation' * origin/topic/awelzel/3442-evt-port-deprecation: btest/spicy: Remove most port usages spicy: Deprecate port/ports in .evt files
Arne Welzel (18 Mar 24)
Merge remote-tracking branch 'origin/topic/awelzel/generate-docs-spicy-pygments-use-cached' * origin/topic/awelzel/generate-docs-spicy-pygments-use-cached: Update doc submodule
Arne Welzel (18 Mar 24)
Update doc submodule For spicy-pygments.py sync.
Arne Welzel (18 Mar 24)
github/generate-docs: Only commit if there are staged changes git diff-index by default includes staged and non-staged changes. The autogen-spicy-docs script copies over spicy-pygments.py from the Spicy tree into doc/ext. The job would attempt to commit scripts and script-reference even though nothing actually is staged when a spurious diff existed in ext/spicy-pygments.py. Guard from this by using --cached.
Robin Sommer (16 Mar 24)
Merge remote-tracking branch 'origin/topic/robin/binary-build-fix' * origin/topic/robin/binary-build-fix: Add a CI test with the same options as we used for binary builds. Fix binary build of `spicyz`.
Robin Sommer (16 Mar 24)
Merge remote-tracking branch 'origin/topic/robin/bump-spicy-raw-pointers' * origin/topic/robin/bump-spicy-raw-pointers: Bump Spicy to latest version reworking AST memory management.
Robin Sommer (15 Mar 24)
Bump Spicy to latest version reworking AST memory management. Includes the necessary Zeek-side changes. Goes with https://github.com/zeek/spicy/pull/1691.
Christian Kreibich (15 Mar 24)
Merge remote-tracking branch 'origin/topic/timw/ci-remove-centos7-debian10' * origin/topic/timw/ci-remove-centos7-debian10: CI: Remove CentOS 7 and Debian 10 builds

Zeek Website

Website

The Zeek Network Security Monitor

Zeek (formerly Bro) is the world’s leading platform for network security monitoring. Flexible, open source, and powered by defenders.

Redirects

Redirects to https://zeek.org/

Security Checks

All 66 security checks passed

Server Details

IP Address 192.0.78.150
Location San Francisco, California, United States of America, NA
ISP Automattic Inc
ASN AS2635

Associated Countries

Saftey Score

Website marked as safe

100%

Blacklist Check

zeek.org was found on 0 blacklists

ThreatLog
OpenPhish
PhishTank
Phishing.Database
PhishStats
URLhaus
RPiList Not Serious
AntiSocial Blacklist
PhishFeed
NABP Not Recommended Sites
Spam404
CRDF
Artists Against 419
CERT Polska
PetScams
Suspicious Hosting IP
Phishunt
CoinBlockerLists
MetaMask EthPhishing
EtherScamDB
EtherAddressLookup
ViriBack C2 Tracker
Bambenek Consulting
Badbitcoin
SecureReload Phishing List
Fake Website Buster
TweetFeed
CryptoScamDB
StopGunScams
ThreatFox
PhishFort

Website Preview

View full report at
web-check.xyz

Zeek Reviews

More Self-Hosted Network Security

Pi-Hole
pi-hole.net

Network-level advertisement and Internet tracker blocking application which acts as a DNS sinkhole. Pi-Hole can significantly speed up your internet, remove ads and block malware. It comes with a nice web interface and a mobile app with monitoring features, it's open source, easy to install and very widely used.

Open Source pi-hole/pi-hole

View Pi-Hole Report
Technitium
technitium.com/dns

Another DNS server for blocking privacy-invasive content at its source. Technitium doesn't require much of a setup, and basically works straight out of the box, it supports a wide range of systems (and can even run as a portable app on Windows). It allows you to do some additional tasks, such as add local DNS addresses and zones with specific DNS records. Compared to Pi-Hole, Technitium is very lightweight, but lacks the deep insights that Pi-Hole provides, and has a significantly smaller community behind it.

Open Source TechnitiumSoftware/DnsServer

View Technitium Report
IPFire
ipfire.org

A hardened, versatile, state-of-the-art open source firewall based on Linux. Its ease of use, high performance and extensibility make it usable for everyone.

Open Source ipfire/ipfire-2.x

View IPFire Report
PiVPN
pivpn.io

A simple way to set up a home VPN on any Debian server. Supports OpenVPN and WireGuard with elliptic curve encryption keys up to 512 bit. Supports multiple DNS providers and custom DNS providers - works nicely along-side PiHole.

Open Source pivpn/pivpn

View PiVPN Report
E2guardian
e2guardian.org

Powerful open source web content filter.

Open Source e2guardian/e2guardian

View E2guardian Report
PF Sense
pfsense.org

Widely used, open source firewall/router.

Open Source pfsense/pfsense

View PF Sense Report
Firezone
firezone.dev

Open-source self-hosted VPN and firewall built on WireGuard®.

Open Source firezone/firezone

View Firezone Report

About the Data: Zeek

API

You can access Zeek's data programmatically via our API. Simply make a GET request to:

https://api.awesome-privacy.xyz/networking/self-hosted-network-security/zeek

The REST API is free, no-auth and CORS-enabled. To learn more, view the Swagger Docs or read the API Usage Guide.

About the Data

Beyond the user-submitted YAML you see above, we also augment each listing with additional data dynamically fetched from several sources. To learn more about where the rest of data included in this page comes from, and how it is computed, see the About the Data section of our About page.

Share Zeek

Help your friends compare Self-Hosted Network Security, and pick privacy-respecting software and services.
Share Zeek and Awesome Privacy with your network!

← Previous

PF Sense

View Self-Hosted Network Security (8)

Firezone

Awesome Privacy