CIRCL explores new engineering solutions to improve CSIRT operations and to predict and better react on current and future threats.
Early Detection Network
CIRCL HoneyBot services consist of the distributed operation and exploitation of CIRCL HoneyBots. These services are part of a research project with the aim to improve security on Internet. A CIRCL HoneyBot is a low-interaction honeypot running on an embedded device, that is deployed in the premises of CIRCL partners. The HoneyBot listens to unused IP addresses specified by the partner. The HoneyBot sensor located in an unused network space of the partner (from one IP address to multiple IP addresses). The unused network space has no production network traffic and the traffic reaching such network space can be called background noise. This background noise contains malicious opportunistic attacks along with other traffic like backscatter traffic due to DDoS or misconfigurations.
An interactive map of the network attacks targeting IP addresses in Luxembourg is using the information collected from the early detection network.
potiron is a front-end software deployed for our partners to access their HoneyBot data. The software is developed and maintained by CIRCL and an access is given to the partners of the HoneyBot services.
CIRCLean - USB key sanitizer
This project aims to be used by people regularly receiving USB keys from untrusted sources. While they don’t know if the files are malicious, they are still interested to see the content of the files, without having to open the original and potentially malicious files.
For more information, CIRCLean, the USB key sanitizer including software and hardware requirements.
Panopticon - A System for a Network of Trusted Proxy Servers
Panopticon is a server application which acts as a stack of proxy servers from which the user can quickly select different exit points (parent proxies). Trusted partners are welcome to use this service as long as they can collaborate by adding a proxy on their side.
AIL framework - Framework for Analysis of Information Leaks
AIL framework is a modular framework to analyse potential information leak from unstructured data source like pastes from Pastebin or similar services. AIL framework is flexible and can be extended to support other functionalities to mine sensitive information.
CIRCL regularly contributes to free software and open source software and with a special interest in software used to improve cybersecurity. Feel free to visit CIRCL github account.
BGP Ranking is a free software to calculate the security ranking of Internet Service Provider (ASN).
CIRCL operates the main public instance of BGP Ranking. In complement, the BGP Ranking software back-end is available as free software. BGP Ranking API free software are also available like the whois-like bgpranking-API, Python API to access BGP Ranking - doc or even the BGP Ranking visualisation using Hilbert map.
pcapdj is a pcap file dispatcher for processing very large set of pcap files. A use case with Suricata NIDS is included.
urlquery Python API
cve-search is a free software to import CVE (Common Vulnerabilities and Exposures) and CPE (Common Platform Enumeration) in a local database for indexing, searching and processing locally vulnerability information.
lnf-tools is a set of Perl, Python libraries and C code to analyze and process large set of Netflow records.
traceroute-circl is an extended traceroute software to support the activities of CSIRT operators.
CSIRT teams often have to handle incidents based on IP addresses received, this is where traceroute-circl tries to improve the tedious task of abuse determination and collection.