Maltrail

Jul 20, 2023

Malicious traffic detection system, utilizing public (black)lists

Maltrail is a malicious traffic detection system, utilizing publicly available blacklists containing malicious and/or generally suspicious trails, along with static trails compiled from various AV reports and custom user defined lists, where trail can be anything from domain name e.g. zvpprsensinaix.com for Banjori malware, URL e.g. http//109.162.38.120/harsh02.exe for known malicious executable, IP address e.g. 185.130.5.231 for known attacker or HTTP User-Agent header value e.g. sqlmap for automatic SQL injection and database takeover tool. Also, it uses optional advanced heuristic mechanisms that can help in discovery of unknown threats e.g. new malware.



Checkout these related ports:
  • Zzuf - Transparent application input fuzzer
  • Zlint - X.509 certificate linter
  • Zeronet - Decentralized websites using Bitcoin crypto and BitTorrent network
  • Zenmap - GUI frontend for the Nmap scanning utility
  • Zeek - System for detecting network intruders in real-time
  • Zaproxy - The OWASP zed attack proxy
  • Yubioath-desktop - GUI for displaying OATH codes with a Yubikey
  • Yubikey-personalization-gui - Graphical YubiKey personalization tool
  • Yubikey-manager-qt - Cross-platform application for configuring any YubiKey
  • Yubikey-agent - Seamless ssh-agent for YubiKeys
  • Yubico-piv-tool - Yubico PIV tool
  • Ylva - Command line password manager and file encryption program
  • Ykpers - Library and tool for personalization of Yubico's YubiKey
  • Ykclient - Yubico C client library
  • Yersinia - Layer 2 vulnerability scanner (switches, spanning tree, 802.1q ...)