maryam-2.5.2-1.{fc36,fc37,fc38,el8,amzn2}.x86_64.rpm and maryam-2.5.2-1.el9.{x86_64,aarch64}.rpm -
OWASP Maryam is a modular/optional open-source framework based on OSINT and data gathering.
Maryam is written in the Python programming language and has been designed to provide a powerful environment to harvest data from open sources and search engines and collect data quickly and thoroughly.
See here for documentation on the modules provided for Maryam.
Note that Maryam is not available for CentOS/RHEL 7 at this time.
avml-0.11.4-1.{fc36,fc37,fc38}.x86_64.rpm and avml-0.11.4-1.el9.{x86_64,aarch64}.rpm -
AVML is an X86_64 userland volatile memory acquisition tool written in Rust, intended to be deployed as a static binary.
AVML can be used to acquire memory without knowing the target OS distribution or kernel a priori.
No on-target compilation or fingerprinting is needed.
AVML can produce a memory image suitable for processing with
Volatility 2 or Volatility 3 once the appropriate profiles
have been created.
libpst{,-devel,-devel-doc,-doc,-libs}-0.6.72-4.{el7,el8}.x86_64.rpm, python3-libpst-0.6.72-4.el8.x86_64.rpm, and python36-libpst-0.6.72-4.el7.x86_64.rpm -
The libpst utilities convert Outlook .pst files to other formats.
See here for the list of changes.
python{2,36}-ssdeep-3.2-1.el7.x86_64.rpm -
Python-SSDeep is a Python wrapper for SSDeep fuzzy hashing library.
This package was built to support the packaging of Volatility-community-plugins.
yaf{,-devel}-2.14.0-1.{fc36,fc37,fc38,el7,el8,amzn2}.x86_64.rpm and yaf{,-devel}-2.14.0-1.el9.{x86_64,aarch64}.rpm -
Yaf is Yet Another Flowmeter and yaf is a suite of tools to do flow metering.
Yaf is used as a sensor to capture flow information on a network and export that information in IPFIX format.
It reads packet data from pcap(3) dumpfiles as generated by tcpdump(1), from live capture from an interface using
pcap(3), an Endace DAG capture device,
or a Napatech adapter, aggregates these packets into flows, and exports flow records via IPFIX
over SCTP, TCP or
UDP, Spread, or into serialized IPFIX message streams (IPFIX files) on the local file system.
Note that for CentOS 7, 8, and 9 for the x86_64 architecture, yaf has been built to use PF_Ring.
silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.21.0-1.{fc36,fc37,fc38,el7,el8,amzn2}.x86_64.rpm and silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.21.0-1.el9.{x86_64,aarch64}.rpm -
SiLK is the System for Internet-Level Knowledge, a collection of
traffic analysis tools developed by the CERT Network Situational Awareness Team (CERT NetSA) to facilitate security analysis of large networks.
See here for a list of changes in this version.
analysis-pipeline-5.11.4-5.{fc36,fc37,fc38,el7,el8,amzn2}.x86_64.rpm and analysis-pipeline-5.11.4-5.el9.{x86_64,aarch64}.rpm -
The analysis-pipeline
processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events,
and to feed interesting data to a security information and event manager (SIEM).
This package was rebuilt for silk 3.21.0.
prism-1.2-10.{fc36,fc37,fc38,el7,el8,amzn2}.x86_64.rpm -
The prism trend script is a tool for quickly visualizing flow data as a time-series broken down into several configurable bins by SiLK's rwfilter tool.
The script can be used directly, or might be used as a component in other more specialized scripts.
In addition to providing immediate visualizations, the Prism trend script can store these breakdowns in a relational database (currently supporting PostgreSQL or sqlite) for later quick lookup.
This package was rebuilt to use silk 3.21.0.
super_mediator-1.9.1-2.{fc36,fc37,fc38,el7,el8,amzn2}.x86_64.rpm and super_mediator-1.9.1-2.el9.{x86_64,aarch64}.rpm -
Super_mediator
is an IPFIX mediator for use with the YAF
and SiLK tools.
It collects and filters YAF output data to various IPFIX collecting processes and/or csv files.
See here for the list of changes.
This package was rebuilt to use silk 3.21.0.
silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.21.0-2.{fc36,fc37,fc38,el7,el8,amzn2}.x86_64.rpm and silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.21.0-2.el9.{x86_64,aarch64}.rpm -
This release of the SiLK tools can be found in an optional repository that is now part of
cert-forensics-tools-release named forensics-sip, the definition of which can be found in /etc/yum.repos.d/cert-forensics-tools.repo.
This repository is diabled by default and can be enabled by running the script named /usr/bin/EnableSilkWithIPA as root.
silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.21.0-101.{fc36,fc37,fc38,el7,el8,amzn2}.x86_64.rpm and silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.21.0-101.el9.{x86_64,aarch64}.rpm -
SiLK is the System for Internet-Level Knowledge, a collection of
traffic analysis tools developed by the CERT Network Situational Awareness Team (CERT NetSA) to facilitate security analysis of large networks.
These packages are installed in the forensics-test repository.
These packages were rebuilt to use libfixbuf 3.0.0.alpha2.
Please address any comments on these packages to netsa-help@cert.org.
analysis-pipeline-5.11.4-6.{fc36,fc37,fc38,el7,el8,amzn2}.x86_64.rpm and analysis-pipeline-5.11.4-6.el9.{aarch64,x86_64}.rpm -
The analysis-pipeline
processes SiLK Flow records, and its goals are to automate common tasks, to get closer to "real-time" reporting of events,
and to feed interesting data to a security information and event manager (SIEM).
This package is installed in the forensics-test repository.
This package was rebuilt to use libfixbuf 3.0.0.alpha2 and silk 3.21.0.
Please address any comments on these packages to netsa-help@cert.org.
pfring-8.5.0-8365.x86_64.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package contains header files and libraries, among other files, to support the PF_Ring network socket.
Here is the announcement of PF_Ring 7.8.
pfring-dkms-8.5.0.8365-dkms.noarch.rpm -
PF_Ring is a new type of network socket that dramatically improves the packet capture speed.
This package conains the code and supporting files needed to create the PF_Ring kernel module.
ndpi-4.7.0-4280.x86_64.rpm -
ndpi is an open source LGPLv3 library for deep-packet inspection.
lime-kernel-modules-el9-{x86_64,aarch64}-1.9.1-18.noarch.rpm -
Support for the following kernels were added for LiME for both the x86_64 and aarch64 architectures:
5.14.0-331 for EL9
5.14.0-330 for EL9
fmem-kernel-modules-el9-{x86_64,aarch64}-1.6-1.18.noarch.rpm -
Support for the following kernels were added for Fmem for both the x86_64 and aarch64 architectures:
5.14.0-331 for EL9
5.14.0-330 for EL9
lime-kernel-modules-el8-x86_64-1.9.1-39.noarch.rpm -
Support for the following kernels were added for LiME:
4.18.0-499 for EL8
fmem-kernel-modules-el8-x86_64-1.6-1.39.noarch.rpm -
Support for the following kernels were added for Fmem:
4.18.0-499 for EL8
lime-kernel-modules-el7-x86_64-1.9.1-90.noarch.rpm -
Due to configuration errors, support for the following kernels were added for LiME:
3.10.0-1160.92.1 for EL7
fmem-kernel-modules-el7-x86_64-1.6-1.90.noarch.rpm -
Due to configuration errors, support for the following kernels were added for Fmem: