• Home
  • Become a Hacker
    • Get Started
    • Hacker Mindset
    • Roadmap
    • Simple Setup – Hacker 101
    • Types of Hackers
    • Recommended Courses
  • Boot People Offline
  • Courses
    • All Hacking Courses
    • Cyber Security School
  • CTF
    • Beginners to Advanced Guide
    • Create your own CTF box
    • Field and Resources Guide
    • Platforms & Wargames
    • Tools Used for Solving CTF
    • Writeups
  • Dark Web
    • Beginners Guide
    • Darknet Markets
    • Darkweb 101 (Anonymity Guide)
    • Dark Web OSINT Tools
    • Hacking Forums
    • Latest News
    • Onion Links
  • Hacker Gadgets
  • Hacking Books
  • Tools Directory
Menu
  • Home
  • Become a Hacker
    • Get Started
    • Hacker Mindset
    • Roadmap
    • Simple Setup – Hacker 101
    • Types of Hackers
    • Recommended Courses
  • Boot People Offline
  • Courses
    • All Hacking Courses
    • Cyber Security School
  • CTF
    • Beginners to Advanced Guide
    • Create your own CTF box
    • Field and Resources Guide
    • Platforms & Wargames
    • Tools Used for Solving CTF
    • Writeups
  • Dark Web
    • Beginners Guide
    • Darknet Markets
    • Darkweb 101 (Anonymity Guide)
    • Dark Web OSINT Tools
    • Hacking Forums
    • Latest News
    • Onion Links
  • Hacker Gadgets
  • Hacking Books
  • Tools Directory
Search
Close
  • Home
  • 2022
  • April
  • 13
  • Melody – A Transparent Internet Sensor Built For Threat Intelligence

Melody – A Transparent Internet Sensor Built For Threat Intelligence

April 13, 2022 Comments Off on Melody – A Transparent Internet Sensor Built For Threat Intelligence
Melody - A Transparent Internet Sensor Built For Threat Intelligence cybersecurity ethical hacking hack android hack app hack wordpress hacker news hacking hacking tools for windows keylogger kit kitploit password brute force penetration testing pentest pentest android pentest linux pentest toolkit pentest tools spy tool kit spyware tools

Melody

Monitor the Internet’s background noise

Melody is a transparent internet sensor built for threat intelligence and supported by a detection rule framework which allows you to tag packets of interest for further analysis and threat monitoring.

Features

Here are some key features of Melody :

  • Transparent capture
  • Write detection rules and tag specific packets to analyze them at scale
  • Mock vulnerable websites using the builtin HTTP/S server
  • Supports the main internet protocols over IPv4 and IPv6
  • Handles log rotation for you : Melody is designed to run forever on the smallest VPS
  • Minimal configuration required
  • Standalone mode : configure Melody using only the CLI
  • Easily scalable :
    • Statically compiled binary
    • Up-to-date Docker image

Wishlist

Since I have to focus on other projects right now, I can’t put much time in Melody’s development.

There is a lot of rom for improvement though, so here are some features that I’d like to implement someday :

  • Dedicated helper program to create, test and manage rules -> Check Meloctl in cmd/meloctl
  • Centralized rules management
  • Per port mock application

Use cases

Internet facing sensor

  • Extract trends and patterns from Internet’s noise
  • Index malicious activity, exploitation attempts and targeted scanners
  • Monitor emerging threats exploitation
  • Keep an eye on specific threats

Stream analysis

  • Build a background noise profile to make targeted attacks stand out
  • Replay captures to tag malicious packets in a suspicious stream

Preview

Quickstart

Quickstart details.

TL;DR

Release

Get the latest release at https://github.com/bonjourmalware/melody/releases.

make install               # Set default outfacing interface
make cap # Set network capabilities to start Melody without elevated privileges
make certs # Make self signed certs for the HTTPS fileserver
make enable_all_rules # Enable the default rules
make service # Create a systemd service to restart the program automatically and launch it at startup

sudo systemctl stop melody # Stop the service while we're configuring it

Update the filter.bpf file to filter out unwanted packets.

sudo systemctl start melody     # Start Melody
sudo systemctl status melody # Check that Melody is running

The logs should start to pile up in /opt/melody/logs/melody.ndjson.

tail -f /opt/melody/logs/melody.ndjson # | jq

From source

git clone https://github.com/bonjourmalware/melody /opt/melody
cd /opt/melody
make build

Then continue with the steps from the release TL;DR.

Docker

make certs                           # Make self signed certs for the HTTPS fileserver
make enable_all_rules # Enable the default rules
mkdir -p /opt/melody/logs
cd /opt/melody/

docker pull bonjourmalware/melody:latest

MELODY_CLI="" # Put your CLI options here. Example : export MELODY_CLI="-s -i 'lo' -F 'dst port 5555' -o 'server.http.port: 5555'"

docker run
--net=host
-e "MELODY_CLI=$MELODY_CLI"
--mount type=bind,source="$(pwd)/filter.bpf",target=/app/filter.bpf,readonly
--mount type=bind,source="$(pwd)/config.yml",target=/app/config.yml,readonly
--mount type=bind,source="$(pwd)/var",target=/app/var,readonly
--mount type=bind,source="$(pwd)/rules",target=/app/rules,readonly
--mount type=bind,source="$(pwd)/logs",target=/app/logs/
bonjourmalware/melody

The logs should start to pile up in /opt/melody/logs/melody.ndjson.

Rules

Rule syntax details.

Example

CVE-2020-14882 Oracle Weblogic Server RCE:
layer: http
meta:
id: 3e1d86d8-fba6-4e15-8c74-941c3375fd3e
version: 1.0
author: BonjourMalware
status: stable
created: 2020/11/07
modified: 2020/20/07
description: "Checking or trying to exploit CVE-2020-14882"
references:
- "https://nvd.nist.gov/vuln/detail/CVE-2020-14882"
match:
http.uri:
startswith|any|nocase:
- "/console/css/"
- "/console/images"
contains|any|nocase:
- "console.portal"
- "consolejndi.portal?test_handle="
tags:
cve: "cve-2020-14882"
vendor: "oracle"
product: "weblogic"
impact: "rce"

Logs

Logs content details.

Example

Netcat TCP packet over IPv4 :

{
"tcp": {
"window": 512,
"seq": 1906765553,
"ack": 2514263732,
"data_offset": 8,
"flags": "PA",
"urgent": 0,
"payload": {
"content": "I made a discovery today. I found a computer.n",
"base64": "SSBtYWRlIGEgZGlzY292ZXJ5IHRvZGF5LiAgSSBmb3VuZCBhIGNvbXB1dGVyLgo=",
"truncated": false
}
},
"ip": {
"version": 4,
"ihl": 5,
"tos": 0,
"length": 99,
"id": 39114,
"fragbits": "DF",
"frag_offset": 0,
"ttl": 64,
"protocol": 6
},
"timestamp": "2020-11-16T15:50:01.277828+01:00",
"session": "bup9368o4skolf20rt8g",
"type": "tcp",
"src_ip": "127.0.0.1",
"dst_port": 1234,
"matches": {},
"inline_matches": [],
"embedded": {}
}
Download Melody

Post navigation

Golden GMSA: abusing Group Managed Service Accounts in Active Directory
SSOh-No: User enumeration and password spraying tool for testing Azure AD

Related Articles

Tracgram - Use Instagram Location Features To Track An Account

Tracgram – Use Instagram Location Features To Track An Account

- Hack Tools
March 22, 2023
CVE-Vulnerability-Information-Downloader - Downloads Information From NIST (CVSS), First.Org (EPSS), And CISA (Exploited Vulnerabilities) And Combines Them Into One List

CVE-Vulnerability-Information-Downloader – Downloads Information From NIST (CVSS), First.Org (EPSS), And CISA (Exploited Vulnerabilities) And Combines Them Into One List

- Hack Tools
March 22, 2023
SXDork - A Powerful Tool That Utilizes The Technique Of Google Dorking To Search For Specific Information On The Internet

SXDork – A Powerful Tool That Utilizes The Technique Of Google Dorking To Search For Specific Information On The Internet

- Hack Tools
March 21, 2023
hacker gadgets
hacker phone covers

Recent Posts

Tracgram - Use Instagram Location Features To Track An Account

Tracgram – Use Instagram Location Features To Track An Account

March 22, 2023
CVE-Vulnerability-Information-Downloader - Downloads Information From NIST (CVSS), First.Org (EPSS), And CISA (Exploited Vulnerabilities) And Combines Them Into One List

CVE-Vulnerability-Information-Downloader – Downloads Information From NIST (CVSS), First.Org (EPSS), And CISA (Exploited Vulnerabilities) And Combines Them Into One List

March 22, 2023
SXDork - A Powerful Tool That Utilizes The Technique Of Google Dorking To Search For Specific Information On The Internet

SXDork – A Powerful Tool That Utilizes The Technique Of Google Dorking To Search For Specific Information On The Internet

March 21, 2023
Invoke-PSObfuscation - An In-Depth Approach To Obfuscating The Individual Components Of A PowerShell Payload Whether You'Re On Windows Or Kali Linux

Invoke-PSObfuscation – An In-Depth Approach To Obfuscating The Individual Components Of A PowerShell Payload Whether You’Re On Windows Or Kali Linux

March 21, 2023
IpGeo - Tool To Extract IP Addresses From Captured Network Traffic File

IpGeo – Tool To Extract IP Addresses From Captured Network Traffic File

March 21, 2023
APKHunt - Comprehensive Static Code Analysis Tool For Android Apps That Is Based On The OWASP MASVS Framework

APKHunt – Comprehensive Static Code Analysis Tool For Android Apps That Is Based On The OWASP MASVS Framework

March 21, 2023

Social Media Hacking

SocialPath – Track users across Social Media Platforms

SocialPath – Track users across Social Media Platforms

- Social Media Hacking
October 16, 2019October 16, 2019

SocialPath is a django application for gathering social media intelligence on specific username. It checks for Twitter, Instagram, Facebook, Reddit...

SocialScan – Check Email Address and Username Availability on Online Platforms

SocialScan – Check Email Address and Username Availability on Online Platforms

June 17, 2019
Shellphish – Phishing Tool For 18 Social Media Apps

Shellphish – Phishing Tool For 18 Social Media Apps

June 10, 2019July 27, 2019
WhatsApp Hacking using QRLJacking

WhatsApp Hacking using QRLJacking

May 2, 2019May 19, 2019
How to Hack any Facebook Account with Z-Shadow

How to Hack any Facebook Account with Z-Shadow

April 26, 2019June 29, 2020
hacker buffs

About Us

Haxf4rall is a collective, a good starting point and provides a variety of quality material for cyber security professionals.

Join Our Community!

Please wait...
Get the latest News and Hacking Tools delivered to your inbox.
Don't Worry ! You will not be spammed

Active Members

Submit a Tool

Hackers Handbook 2018


Grab your copy here

ABOUT US

Haxf4rall is a collective, a good starting point and provides a variety of quality material for cyber security professionals.

Our primary focus revolves around the latest tools released in the Infosec community and provide a platform for developers to showcase their skillset and current projects.

COMPANY
  • Contact Us
  • Disclaimer
  • Hacker Gadgets
  • LANC Remastered
  • PCPS IP Puller
  • Privacy Policy
  • Sitemap
  • Submit your Tool
Menu
  • Contact Us
  • Disclaimer
  • Hacker Gadgets
  • LANC Remastered
  • PCPS IP Puller
  • Privacy Policy
  • Sitemap
  • Submit your Tool
Live Chat
RESOURCES
  • Attack Process
  • Become a Hacker
  • Career Pathways
  • Dark Web
  • Hacking Books
  • Practice Your Skills
  • Recommended Courses
  • Simple Setup – Hacker 101
Menu
  • Attack Process
  • Become a Hacker
  • Career Pathways
  • Dark Web
  • Hacking Books
  • Practice Your Skills
  • Recommended Courses
  • Simple Setup – Hacker 101
Get Started
TOOLBOX
  • Anonymity
  • Bruteforce
  • DoS – Denial of Service
  • Information Gathering
  • Phishing
  • SQL Injection
  • Vulnerability Scanners
  • Wifi Hacking
Menu
  • Anonymity
  • Bruteforce
  • DoS – Denial of Service
  • Information Gathering
  • Phishing
  • SQL Injection
  • Vulnerability Scanners
  • Wifi Hacking
Tools Directory

2014 – 2020 | Haxf4rall.com               Stay Connected:

Facebook Twitter Google-plus Wordpress
Please wait...

Join Our Community

Subscribe now and get your free HACKERS HANDBOOK

Don't Worry ! You will not be spammed
SIGN UP FOR NEWSLETTER NOW