DejaVu

LSE toolsLSE toolsDejaVu (307)DejaVu (307)

Tool and Usage

Project details

License
GPLv3
Author
Bhadreshkumar Patel
Latest release
15.0
Latest release date

Project health

60
This score is calculated by different factors, like project age, last release date, etc.

Why this tool?

DejaVu is an open source deception framework which can be used to deploy and administer decoys or canaries across a network infrastructure. Defenders can use deception as a technique to learn quickly about possible attackers on the network and take actions.

How it works

The decoys use popular services and protocols like FTP, HTTP, SMB, SSH, and others. Upon access of a service, they can trigger an alert. The decoys can be deployed, configured, and managed with a web interface.

Background information

There are several commercial solutions for this type of software, yet the open source options are limited. The README.md file states that the project is open source. During our review, there was no code available on the GitHub repository, only a virtual disk image. The GPLv3 license was added upon our request for the license.

Usage and audience

DejaVu is commonly used for security monitoring or threat discovery. Target users for this tool are network administrators, security professionals, and system administrators.

Features

  • Web interface

Tool review and remarks

The review and analysis of this project resulted in the following remarks for this security tool:

Strengths

  • + The source code of this software is available

Weaknesses

  • - No releases on GitHub available

History and highlights

  • Demo at Black Hat USA 2018 Arsenal
  • Demo at DEF CON 26 Demo Labs

Author and Maintainers

DejaVu is under development by Bhadreshkumar Patel.

Installation

Supported operating systems

DejaVu is known to work on Linux.

DejaVu alternatives

Similar tools to DejaVu:

100

Suricata

Network threat detection engine that acts as intrusion detection (IDS), inline intrusion prevention (IPS), and network security monitoring (NSM)

64

Sweet Security

Sweet Security is a set of scripts to setup and install Bro IDS, Elasticsearch, Logstash, Kibana, and Critical Stack on any device.

100

Zeek

Zeek is a network security monitoring tool (NSM) and helps with monitoring. It can also play an active rol in performing forensics and incident response.

All DejaVu alternatives

This tool page was updated at . Found an improvement? Help the community by submitting an update.

Related tool information

Definitions

Canary
A canary in the field of information security is a hardware or software solution that is deployed as a decoy within the network. Upon access of a canary, an alert or event will be sent to a predefined location like an email address or application.

The name canary refers to the caged canaries that were in coal mines. Miners would take them with them as an early warning signal against dangerous gases like carbon monoxide. If the canary suddenly died, the miners would know about the presence of the gas and exit the tunnels.

Related topics