Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
No description
15245 commits 387 branches 195 tags 255 MiB
Find a file
Arne Welzel 5659cf18f8 MIME: Cap nested MIME analysis depth to 100 
OSS-Fuzz managed to produce a MIME multipart message construction with
thousands of nested entities (or that's what Zeek makes out of it anyhow).
Prevent such deep analysis by capping at a nesting depth of 100,
preventing unnecessary resource usage. A new weird named exceeded_mime_max_depth
is reported when this limit is reached.

This change reduces the runtime of the OSS-Fuzz reproducer from ~45 seconds
to ~2.5 seconds.

The test PCAP was produced from a Python script using the email package
and sending the rendered version via POST to a HTTP server.

Closes #208

(cherry picked from commit 4e5849fe82c6097df5d25cd1a74d69ab4fa50f46)
2024-01-19 08:22:19 -07:00
.github/workflows Merge remote-tracking branch 'origin/topic/timw/pre-commit-python-version' 2023-08-16 10:01:42 -07:00
auxil Merge remote-tracking branch 'origin/topic/bbannier/bump-spicy-1.8' into release/6.0 2024-01-12 13:33:29 -07:00
ci ci: Remove ZEEK_CI_DISABLE_SCRIPT_PROFILING logic 2024-01-18 14:09:51 -08:00
cmake@9de9d01bbd Update cmake submodule [nomail] 2024-01-12 12:00:05 -07:00
doc@a260820a6d Update docs submodule 2024-01-17 23:01:01 -07:00
docker CI: Add more logging during docker builds 2024-01-18 14:09:51 -08:00
man Use the same rules as cmake submodule to reformat Zeek 2023-05-09 08:31:43 -07:00
scripts MIME: Cap nested MIME analysis depth to 100 2024-01-19 08:22:19 -07:00
src MIME: Cap nested MIME analysis depth to 100 2024-01-19 08:22:19 -07:00
testing MIME: Cap nested MIME analysis depth to 100 2024-01-19 08:22:19 -07:00
.cirrus.yml CI: Remove unused openssl30_config 2024-01-18 14:09:51 -08:00
.clang-format Add pre-commit config. 2021-11-09 07:20:18 +01:00
.clang-tidy Disable annoying bugprone-easily-swappable-parameters clang-tidy check [skip ci] 2022-10-07 16:15:47 -07:00
.cmake-format.json Use the same rules as cmake submodule to reformat Zeek 2023-05-09 08:31:43 -07:00
.dockerignore Add .dockerignore to suppress btest artifacts 2021-09-24 17:04:26 -07:00
.git-blame-ignore-revs GH-1781: Add .git-blame-ignore-revs file 2021-11-02 16:06:36 -07:00
.gitattributes GH-1497: Support CRLF line-endings in Zeek scripts and signature files 2021-04-08 20:32:30 -07:00
.gitignore Cirrus configuration for Windows builds 2022-11-09 18:16:13 +02:00
.gitmodules Move Spicy submodule a layer up. 2023-05-16 12:09:12 +02:00
.pre-commit-config.yaml Merge remote-tracking branch 'origin/topic/timw/pre-commit-python-version' 2023-08-16 10:01:42 -07:00
.style.yapf Format Python scripts with yapf. 2021-11-24 23:13:24 +01:00
.update-changes.cfg Add script to update external test repo commit pointers 2019-04-05 17:09:01 -07:00
CHANGES Merge remote-tracking branch 'origin/topic/christian/release-6.0-ci-updates' into release/6.0 2024-01-18 16:25:26 -07:00
CMakeLists.txt Merge branch 'topic/bbannier/issue-3177' 2024-01-19 08:19:54 -07:00
configure Integrate the Spicy plugin into Zeek proper. 2023-05-16 10:17:45 +02:00
COPYING Update COPYING to 2023 2023-01-03 12:10:03 -07:00
COPYING-3rdparty Rename COPYING.3rdparty to COPYING-3rdparty 2023-01-03 12:10:03 -07:00
hilti-cxx-include-dirs.in Move Spicy submodule a layer up. 2023-05-16 12:09:12 +02:00
INSTALL Update documentation to include "Book of Zeek" revisions 2021-02-01 15:54:36 -08:00
Makefile Add zeek -V/--build-info 2023-02-13 12:23:29 +01:00
NEWS Update NEWS for 6.0.3 2024-01-18 15:06:14 -07:00
README Add tooling section to README 2023-01-27 13:03:52 -07:00
README.md Update link to slack in README.md 2023-06-05 14:18:38 +02:00
spicy-path.in Move Spicy submodule a layer up. 2023-05-16 12:09:12 +02:00
VERSION Merge remote-tracking branch 'origin/topic/christian/release-6.0-ci-updates' into release/6.0 2024-01-18 16:25:26 -07:00
zeek-config-paths.h.in Add license header to zeek-config*.h and zeek-version.h 2023-05-17 15:02:15 +02:00
zeek-config.h.in Add license header to zeek-config*.h and zeek-version.h 2023-05-17 15:02:15 +02:00
zeek-config.in Integrate the Spicy plugin into Zeek proper. 2023-05-16 10:17:45 +02:00
zeek-path-dev.bat.in Modify Windows test cmd file to actually run tests 2023-04-26 09:17:52 -07:00
zeek-path-dev.in Add template file and cmake call for zeek-path setup on Windows 2023-04-25 15:15:04 -07:00
zeek-version.h.in Add license header to zeek-config*.h and zeek-version.h 2023-05-17 15:02:15 +02:00
zkg-config.in cmake: Fixup BRO_PLUGIN_INSTALL_PATH references 2023-04-24 12:15:37 +02:00

README.md

Zeek Logo

The Zeek Network Security Monitor

A powerful framework for network traffic analysis and security monitoring.

Key FeaturesDocumentationGetting StartedDevelopmentLicense

Follow us on Twitter at @zeekurity.

Coverage Status Build Status

Slack Discourse

Key Features

  • In-depth Analysis Zeek ships with analyzers for many protocols, enabling high-level semantic analysis at the application layer.

  • Adaptable and Flexible Zeek's domain-specific scripting language enables site-specific monitoring policies and means that it is not restricted to any particular detection approach.

  • Efficient Zeek targets high-performance networks and is used operationally at a variety of large sites.

  • Highly Stateful Zeek keeps extensive application-layer state about the network it monitors and provides a high-level archive of a network's activity.

Getting Started

The best place to find information about getting started with Zeek is our web site www.zeek.org, specifically the documentation section there. On the web site you can also find downloads for stable releases, tutorials on getting Zeek set up, and many other useful resources.

You can find release notes in NEWS, and a complete record of all changes in CHANGES.

To work with the most recent code from the development branch of Zeek, clone the master git repository:

git clone --recursive https://github.com/zeek/zeek

With all dependencies in place, build and install:

./configure && make && sudo make install

Write your first Zeek script:

# File "hello.zeek"

event zeek_init()
    {
    print "Hello World!";
    }

And run it:

zeek hello.zeek

For learning more about the Zeek scripting language, try.zeek.org is a great resource.

Development

Zeek is developed on GitHub by its community. We welcome contributions. Working on an open source project like Zeek can be an incredibly rewarding experience and, packet by packet, makes the Internet a little safer. Today, as a result of countless contributions, Zeek is used operationally around the world by major companies and educational and scientific institutions alike for securing their cyber infrastructure.

If you're interested in getting involved, we collect feature requests and issues on GitHub here and you might find these to be a good place to get started. More information on Zeek's development can be found here, and information about its community and mailing lists (which are fairly active) can be found here.

License

Zeek comes with a BSD license, allowing for free use with virtually no restrictions. You can find it here.

Tooling

We use the following tooling to help discover issues to fix, amongst a number of others.