www.secrepo.com
Open in
urlscan Pro
66.33.221.139
Public Scan
URL:
http://www.secrepo.com/
Submission: On January 24 via manual from PH — Scanned from DE
Submission: On January 24 via manual from PH — Scanned from DE
Form analysis 0 forms found in the DOM
Text Content
Security Repo
* Home
* About
* Contact
* Data
* Created
* Network
* System
* Malware
* Other
* File
*
* 3rd Party
* Other
* Network
* Malware
* System
* File
* Password
* Threat Feeds
* Misc
SECREPO.COM - SAMPLES OF SECURITY RELATED DATA
Finding samples of various types of Security related can be a giant pain. This
is my attempt to keep a somewhat curated list of Security related data I've
found, created, or was pointed to. If you perform any kind of analysis with any
of this data please let me know and I'd be happy to link it from here or host it
here. Hopefully by looking at others research and analysis it will inspire
people to add-on, improve, and create new ideas.
All data generated and hosted by Security Repo is done so under the following
license (exceptions noted where applicable).
Security Repo by Mike Sconzo is licensed under a Creative Commons Attribution
4.0 International License
Q: How do you give without having to do anything?
A: Simply visit this site.
I've decided that I'm going to start posting the logs from this site to the
site. It's a great way to open source some data, and after a few discussions I
don't think any privacy will be violated. If I receive a lot of backlash about
this decision perhaps I'll reverse it, but until further notice web logs for
this domain will be available here.
--------------------------------------------------------------------------------
Data
Created
* Network
* MACCDC2012 - Generated with Bro from the 2012 dataset
A nice dataset that has everything from scanning/recon through
explotation as well as some c99 shell traffic. Roughly 22694356 total
connections.
* conn.log.gz (524MB)
* dhcp.log.gz (1MB) - Description for dhcp dataset and analysis on jupyter
notebook
* dns.log.gz (7MB) - Description for dhcp dataset and analysis on jupyter
notebook
* files.log.gz (49MB) - Description for files dataset and analysis on
jupyter notebook
* ftp.log.gz (1MB) - Description for ftp dataset and analysis on jupyter
notebook
* http.log.gz (54MB) - Description for http dataset and analysis on jupyter
notebook
* notice.log.gz (1MB) - Description for notice dataset and analysis on
jupyter notebook
* signatures.log.gz (1MB) - Description for signatures dataset and analysis
on jupyter notebook
* smtp.log.gz (1MB) - Description for smtp dataset and analysis on jupyter
notebook
* ssh.log.gz (1MB) - Description for ssh dataset and analysis on jupyter
notebook
* ssl.log.gz (2MB) - Description for ssl dataset and analysis on jupyter
notebook
* tunnel.log.gz (1MB) - Description for tunnel dataset and analysis on
jupyter notebook
* weird.log.gz (2MB) - Description for weird dataset and analysis on
jupyter notebook
Snort logs
* maccdc2012_fast_alert.7z Snort Fast Alert format logs (10MB)
* maccdc2012_full_alert.7z Snort Full Alert format logs (24MB)
* Bro logs generated from various Threatglass samples
Exploit kits and benign traffic, unlabled data. 6663 samples available.
* Part 1 (64MB) - Description for Part 1 dataset and analysis on jupyter
notebook
* Part 2 (41MB) - Description for Part 2 dataset and analysis on jupyter
notebook
* Part 3 (61MB) - Description for Part 3 dataset and analysis on jupyter
notebook
* Snort logs generated from various Threatglass samples
Exploit kits and benign traffic, unlabled data. 6663 samples available.
* tg_snort_fast.7z Snort Fast Alert format logs (5MB)
* tg_snort_full.7z Snort Full Alert format logs (9MB)
* Gameover Zeus DGA sample 31000 DGA domains from Dec 2014
* Domain Transfer Data Old domain transefer data from several registrars,
JSON format. (8MB)
* Modbus and DNP3 logs ICS logs generated w/Bro from various PCAPs (1MB)
* Malware
* Static information about Zeus binaries - Static information (JSON) of about
~8k samples from ZeuS Tracker
* Description for Zeus Binaries dataset and analysis on jupyter notebook
* Static information about APT1 binaries - Static information (JSON) of APT1
samples from VirusShare
* Description for VirusShare Dataset and analysis on jupyter notebook
* Static information about Op Cleaver binaries - Static information of Op
Cleaver related binaries.
* Description for OPCleaver Dataset and analysis on jupyter notebook
* System
* Web Logs from Security Repo - these logs are generated by you the
community, and me updating this site.
* Squid Access Log - combined from several sources (24MB compressed, ~200MB
uncompresed)
* auth.log - approx 86k lines, and mostly failed SSH login attempts
* Honeypot data - Data from various honeypots (Amun and Glastopf) used for
various BSides presentations posted below. Approx 994k entries, JSON
format.
* Analysis of the honeypot data for BSidesDFW 2014 - IPython Notebook.
* Other
* Security Data Analysis Labs
* Connection Log - (522MB compressed, 3GB uncompressed) ~22million flow
events
3rd Party
* Other
* Digital Corpora - Disk images, network traffic, and malware, oh my!
[License Info: This material is based upon work supported by the National
Science Foundation under Grant No. 0919593]
* Verizon VERIS Database - Raw VERIS (filtered) data. [License Info: Creative
Commons Attribution-ShareAlike 4.0 International Public License]
* The Swedish Defence Research Agency Information Warfare Lab PCAP and
various log sources [License Info: Unknown]
* Black-Market Archives A scraped archive of Dark Net Markets [License Info:
Unknown]
* Protected Repository for the Defense of Infrastructure Against Cyber
Threats Lots of data (restricted use) [License Info: License]
* Comprehensive, Multi-Source Cyber-Security Events Auth, DNS, process, and
flow data. [License Info: Public Domain]
* Cyber Security Science Multiple datasets from LANL. [License Info: Public
Domain]
* Open Source Enterprise Network Security Solution Network traffic and
malicious endpoint data. [License Info: Unknown]
* Australian Defence Force Academy Linux (ADFA-LD) and Windows (ADFA-WD)
Datasets HIDS data [License Info: Free for academic research only]
* CCSS - Digital Certs Used by Malare - A listing of certificate serial
numbers that have been used by malware [License Info: Unknown]
* SherLock Dataset - Smartphone dataset with software and hardware sensor
information surrounding mobile malware [License Info: 3 year full access,
listed on site]
* payloads - A collection of web attack payloads. [License Info: Unknown]
* AZSecure Intelligence and Security Informatics Data Sets - various data
sets around mostly web data [License Info: Citing]
* security-datasets - A collection of resources for security data [License
Info: Various]
* Mordor Gates - Pre-recorded security events generate by simulated
adversarial techniques. [License Info: GPLv3]
* "What is this panel again?" - Screenshots of various malware control
panels. [License Info: Unknown]
* Awesome Misinformation - A curated list of awesome misinformation. [License
Info: MIT]
* Sweetie data - a collection of honeypot data (network and files). [License
Info: MIT]
* Network
* KDD Cup 1999 Data - Network connection data [License Info: Unknown]
* NETRESEC - Publicly available PCAP files - loads of great PCAP files
[License Info: Unknown]
* Internet-Wide Scan Data Repository - Various types of scan data [License
Info: Unknown]
* Detecting Malicious URLs - Mirror - URLS/features/labels [License Info:
Unknown]
* hackertarget 500K HTTP Headers - HTTP Headers [License Info: Unknown]
* Threatglass - PCAPs that contain various exploit kits as well as some legit
traffic mixed in. [License Info: Unknown]
* pcapr - Searchable repository of PCAPs, look for various phrases to pull
out the Security related ones (eg. exploit, xss, etc...) [License Info:
TOS]
* OpenDNS public domain lists - various domain lists [License Info: Public
Domain]
* MIT 1999 DARPA Intrusion Detection Evaluation Data Set - Labeled attack and
nont attack data (PCAP and system logs) [License Info: Unknown]
* MIT 1998 DARPA Intrusion Detection Evaluation Data Set - Network and file
system data [License Info: Unknown]
* DDS legit and DGA labeled domains - DDS Blog [License Info: Unknown]
* Honeypot Data - DDS Blog [License Info: Unknown]
* Honeypot Data with GeoIP info - DDS Blog [License Info: Unknown]
* DGA Domains - updated frequently [License Info: License]
* Malware URLs - updated daily list of domains and URLs associated with
malware [License Info: Disclaimer posted in link]
* UDP Scan data - provided by Rapid7 [License Info: Unknown]
* Continously updated IP block list - Created by Packetmail (?) [License
Info: no for-sale or paywall use]
* Common Crawl - "open repository of web crawl data that can be accessed and
analyzed by anyone" [License Info: Open]
* Malware Traffic Analysis - a site with labled exploit kits and phishing
emails. [License Info: Unknown]
* Simple Web Traces - Cloud Storage, DDoS, DNSSEC, and may more types of
PCAPs. [License Info: Various]
* SiLK - LBNL-05 Anonymized enterprise packet header traces. [License Info:
Unknown]
* DGA Archive Multiple DGA data sets generated by the actual algorithm vs.
captured network traffic. [License Info: CC BY-NC-SA 3.0]
* Information Security Centre of Excellence (ISCX) Data related to Botnets
and Android Botnets. [License Info: Unknown]
* CSIC 2010 HTTP Dataset Labeled (normal, anomalous) HTTP data in CSV format.
[License Info: Unknown]
* VAST Challenge 2012 IDS logs generated by IEEE [License Info: Unknown]
* University of Victoria Botnet Dataset Malicious and benign traffic from
LBNL and Ericsson (merged publically available data)[License Info: Unknown]
* UCSD Network Telescope Dataset on the Sipscan Public and restricted
datasets of various malware and other network traffic. [License Info:
Available on dataset page]
* UNSW-NB15 This data set has nine families of attacks, namely, Fuzzers,
Analysis, Backdoors, DoS, Exploits, Generic, Reconnaissance, Shellcode and
Worms. (CSV data) [License Info: Unknown]
* Stratosphere IPS Public Datasets PCAPs, Samples, etc... [License Info:
Unknown]
* Awesome Industrial Control System Security - Has links to SCADA PCAPs and
other SCADA related resources [License Info: Apache License 2.0 (site),
Data: various]
* Cisco Umbrella Popularity List - Top 1 million most daily popular domains
[License Info: Unknown]
* Alexa Top 1 Million - The static 1 million most popular sites by Alexa
[License Info: Unknown]
* Using machine learning to detect malicious URLs - Cade and labeled URL
data. [License Info: Unknown]
* Majestic Million Domains - Top million domains with the most referring
subnets. [License Info: Attribution 3.0 Unported (CC BY 3.0)]
* IoT device captures IoT Device PCAP by Aalto University Research [License
Info: Listed on site]
* Project Bluesmote - Syrian Bluecoat Proxy Logs [License Info: Public
Domain]
* Data for a Black Hat 2017 Handout - Various types of data (network, host,
etc...) for different use cases (e.g. Remote Exploitation, Spear Phishing,
Ransomware, WebShell) [License Info: Apache 2]
* Aktion Open Source Exploit Detection Tool - Variety of different kinds of
data centered around exploit detection [License Info: Apache 2]
* Atkion V2 Open Source Exploit Detection Tool - Variety of different kinds
of data centered around exploit detection [License Info: Apache 2]
* 2017-SUEE-data-set - PCAP files that show various HTTP attack (slowloris,
slowhttptest, slowloris-ng) [License Info: Unknown]
* UCI ML Repository - Website Phishing Data Set A collection of Phishing
Websites as well as legitimate ones. [License Info: Listed on site]
* 2007 TREC Public SPAM Corpus - SPAM Corpus [License Info: Listed on site]
* ML Driven Web Application Firewall - Machine learning driven web
application firewall to detect malicious queries with high accuracy (URL
data) [License Info: Unknown]
* West Point NSA Data Sets - Snort IDS, DNS Service, and Web Server logs.
[License Info: Unknown]
* Phish-IRIS - A small scale multi-class phishing web page screenshots
archive [License Info: Listed on site]
* DGArchive - Samples of DGA domains from various types of malware. [License
Info: Contact for access/info]
* Netlab360 DGA Domains - Samples of DGA domains from various types of
malware. License Info: Unknown]
* Quantcast Top Sites - Most popular sites on the Internet according to
Quantcast. [License Info: Unknown]
* DomCop Top 1M - Top One Million sites according to DomCop. [License Info:
Unknown]
* Blackweb Domains - A project that aims to categorize as many domains as
possible, also provies a whitelist. [License Info: Unknown]
* Charles University SIS Access Log Dataset - The package contains an
anonymized server log collected on a live installation of a student
information system run by Charles University between May and November 2018
[License Info: Creative Commons Attribution 4.0 International]
* Malware
* The Malware Capture Facility Project - Published long-runs of malware
including network information. Make sure to check out the Labeled CTU-13
Dataset [License Info: Unknown]
* PANDA Malware Analysis - Execution traces and PCAPs from Moyix's PANDA
setup [License Info: Unknown]
* Op Cleaver PANDA Analysis - rrlogs, PCAPs, movies and reports from Op
Cleaver malware [License Info: Unknown]
* kaggle Malware Classification - Unlabled malware, but there are solutions
to label it! [License Info: Unknown]
* PlugX Chronicles Various PlugX samples and links to information about PlugX
[License Info: Unknown]
* Labeled VirusShare data by @_delta_zero - VirusShare data that has been
consitently labeled (7zip download) [License Info: Unknown]
* lynx Project Samples - Benign samples that behave like malware (lynx
Project) [License Info: Unknown]
* VirusSign - Free and Paid account access to several million malware samples
[License Info: Unknown]
* Open Malware - Searchable malware repo with free downloads of samples
[License Info: Unknown]
* Malware DB by Malekal - A list of malicious files, complete with sample
link and some AV results [License Info: Unknown]
* Drebin Dataset - Android malware, must submit proof of who you are for
access. [License Info: Listed on site]
* EMBER Dataset - Features and labels from 1.1 million benign/malicious PE
files with trained model. [License Info: AGPL-3.0]
* MalwareTrainingSets - JSON describing several intrusion sets/threat actors
[License Info: Listed on GitHub]
* Malware-Feed - An ongoing and updated archive of files that we collect
which are associated with specific public malicious threat reports.[License
Info: MIT]
* Malware Sample Sources - A Collection of Malware Sample Repositories
[License Info: Unknown]
* Blue Hexagon Open Dataset for Malware AnalysiS - A dataset containing
timestamped malware samples and well-curated family information for
research purposes. [License Info: Unknown]
* System
* DDS Dataset Collection - Honeypot related data [License Info: Unknown]
* Website Classification [License Info: Public Domain, info on site]
* ECML/PKDD 2010 Discovery Challenge Data Set - Web classification data
[License Info: Unknown]
* PANDA rrlogs - share and download rrlogs from the PANDA dynamic analysis
platform [License Info: Unknown]
* Threat Research Private - Encrypted data collected from SSH honeypots
[License Info: Unknown]
* Threat Research - Data collected from SSH honeypots (fork of the original
Andrew Morris collection)[License Info: Unknown]
* Sample logs and scripts for Alienvault - Various log types (SSH, Cisco,
Sonicwall, etc..) [License Info: Unknown]
* #nginx IRC channel logs - Bot logs [License Info: Unknown]
* Public Security Log Sharing Site - misc. system logs, NIDS logs, and web
proxy logs [License Info: Public, site source (details at top of page)]
* CERT Insider Threat Tools - "These datasets provide both synthetic
background data and data from synthetic malicious actors" [License Info:
Unknown]
* ADFA IDS Datasets - The datasets cover both Linux and Windows; they are
designed for evaluation by system call based HIDS. [License Info: Listed on
site]
* Workshop on AI and Security - Anonomized Windows Audit Logs. [License Info:
Apache 2.0]
* Threat Research - Honeypot data [License Info: Unknown]
* EVTX Attack Samples - Windows events samples associated to specific attack
and post-exploitation techniques"> [License Info: Unknown]
* File
* contagio malware dump - A resource for files/data regarding targeted
attacks [License Info: Unknown]
* VirusShare.com - Because Sharing is Caring [Login Required] - Huge
collection of downloadable/torrentable malware files for various
architectures [License Info: Unknown]
* Vx Heaven - sorted by AV set of virus samples (available via BitTorrent)
[License Info: Unknown]
* TechHelpList SPAM List - Samples of SPAM messages and associated threat
that was delivered in addition to other rich information [License Info:
Unknown]
* MalShare - A community driven public malware repository. [License Info:
TOS]
* URLhaus - Daily malware batches. [License Info: CC-0]
* MALWAREbazzar - Daily malware batches. [License Info: CC-0]
* Password
* Yahoo! Password Frequency Corpus - This dataset includes sanitized password
frequency lists collected from Yahoo in May 2011. [License Info: CC-0]
* Threat Feeds
* ISP Abuse Email Feed - Feed showing IOCs from various Abuse reports (other
feeds also on the site) [License Info: Unknown]
* VXvault - List of URLs and MD5s that are malicious [License Info: Unknown]
* AlienVault OTX - Build your own threat feed from community contributors,
complete with API [License Info: Legal Info]
* Tracker - Malware hashes and their associated campaigns [License Info:
About]
* Malware Domain List - Labeled malicious domains and IPs [License Info:
Unknown]
* Clean MX Phishing DB - URLs and IPs associated with phishing emails, also
targets are listed where determined [License Info: Unknown]
* Clean MX Virus DB - Labeled URLs and IPs associated with various types of
malware [License Info: Unknown]
* TechHelpList MalTLQR Upatre and Dyreza Tracker - IPs and hashes for Upatre
and Dyreza families [License Info: Unknown]
* CyberCrime Tracker - Labled URLs and IPs for various malware families
[License Info: Unknown]
* CyberCrime ZbotScan - List of hashes associated with various Zbot variants
[License Info: Unknown]
* abuse.ch trackers - Trackers for ransomeware, ZeuS, SSL Blacklist, SpyEye,
Palevo, and Feodo [License Info: Unknown]
* Unit 42 Indicators - Indicators from the Unit 42 reports [License Info:
Unknown]
* Threat Feeds - Threat feed aggregator [License Info: Various]
* C2IntelFeeds - Automatically created C2 feeds, currently VPNs and various
C2. [License Info: Unknown]
--------------------------------------------------------------------------------
Contact
If you dig the site, have data, need data, or whatever, find me on Twitter or
GitHub.
--------------------------------------------------------------------------------
Misc
Various things that I needed to stick someplace.
* BSidesDFW 2014 Presentation with Roxy - Honeypot Howto
* BSidesAustin 2015 Presentation with Roxy - Honeypot Howto
Security Repo - Last updated: Sun Jan 23 18:15:01 PST 2022