nf2csv

Port Scan Attack Detector

Install

All systems
curl cmd.cat/nf2csv.sh
Debian Debian
apt-get install psad
Ubuntu
apt-get install psad
Alpine
apk add psad
image/svg+xml Kali Linux
apt-get install psad
Fedora
dnf install psad
Windows (WSL2)
sudo apt-get update sudo apt-get install psad
Raspbian
apt-get install psad
Docker
docker run cmd.cat/nf2csv nf2csv powered by Commando

psad

Port Scan Attack Detector

PSAD is a collection of four lightweight system daemons (in Perl and C) designed to work with iptables to detect port scans. It features: * a set of highly configurable danger thresholds (with sensible defaults provided); * verbose alert messages that include the source, destination, scanned port range, beginning and end times, TCP flags, and corresponding Nmap options; * reverse DNS information; * alerts via email; * automatic blocking of offending IP addresses via dynamic firewall configuration. When combined with fwsnort and the iptables string match extension, PSAD is capable of detecting many attacks described in the Snort rule set that involve application layer data.