This is a central metadata index of all of the data available in IMPACT from our federation of Providers.
If you were hoping to find specific data, but didn't please contact us at Contact@ImpactCyberTrust.org and we will see if we can make it available to you.
Note: You must log in to request data.
Synthesized traffic presenting twelve potential insider threat scenarios, six true and six false positives. ... The Insider Threat Data Corpus consists o...
2013 NC Cyber Defense Competition ... These log files are packet captures from the 2013 National Collegiate Cyber Defense Competition (nccdc.org). CCDC i...
2015 NC Cyber Defense Competition ... These log files are packet captures from the 2015 National Collegiate Cyber Defense Competition (nccdc.org). CCDC i...
2017 NC Cyber Defense Competition ... These log files are packet captures from the 2017 National Collegiate Cyber Defense Competition (nccdc.org). CCDC i...
2011 NC Cyber Defense Competition ... These log files are packet captures from the 2011 National Collegiate Cyber Defense Competition (nccdc.org). CCDC i...
2012 NC Cyber Defense Competition ... These log files are packet captures from the 2012 National Collegiate Cyber Defense Competition (nccdc,org). CCDC i...
2016 NC Cyber Defense Competition ... These log files are packet captures from the 2016 National Collegiate Cyber Defense Competition (nccdc.org). CCDC i...
IPs for h-scans of the network telescope ... This dataset contains IP addresses that conduct horizontal scans of UCSD's network telescope. We use Bro's de...
This dataset provides information about geographical locations encoded in BGP Community attributes. ... This BGP Community Dictionary Dataset focuses on Loca...
A collection of router IP addresses geolocated to the city level. ... A collection of router interface IP addresses geolocated to the city level. 11,857 IP ...
Data for the Witty Worm outbreak ... Information useful for studying the spread of the Witty worm, as observed by the UCSD Network Telescope over ...
This dataset created in April 2017 contains information about geographic locations of interconnection facilities, and Autonomous Systems that have peering in...
US coastal network infrastructure map shapefile ... This data set is a shapefile for coastal network infrastructure in the US. This data set was used to con...
CAIDA's ranking of Autonomous Systems (AS) and organizations ... This interactive tool presents the BETA version of AS Rank, CAIDA's ranking of Autonomous Sy...
IPv4 address taxonomy for 24 addr blocks ... We infer utilization of the IPv4 address space and taxonomize //24 address blocks by analyzing and cross-correla...
Network Time Protocol (NTP) packet traces ... This dataset is comprised of NTP log data collected from the NTP server infrastructure at the Wisconsin. Each ...
Medical device network traffic collected from a Philips Healthcare Supplied Network (PSN). The data collection system consisted of a Fluke ProSim 8 patient ...
Web Cookies ... The cookies in this data set were gathered from crawls of the top 100K Alexa web sites conducted in November, 2013 and April, 2015. Due to pa...
Anonymized passive traces taken at a west coast OC48 peering link for a large ISP in 2002 and 2003 ... This dataset contains anonymized passive traffic trace...
Internet outage/attack/congestion event log ... This dataset contains details about the events detected by the BigBen internet-wide event monitoring system d...
Normal operation data was collected from a network of computers running OpenICE software. Medical devices included: one each to a Puritan-Bennet 840 ventilat...
Normal operation data was collected from a network of computers running OpenICE software. One MacOS computer was running an OpenICE supervisor with four Beag...
Two months of aggregated data from the U ... This dataset contains data from darkspace observations in the first six months of 2012. The data has ...
Information about UDP packets captured during the Sipscan event (Jan-Feb 2011) ... The sipscan release dataset contains detailed information about each UDP p...
A dataset of DNS traffic data collected during 10 separate days. ... Campus DNS network traffic consisting of more than 4000 active users (in peak load hours...
The data sets contain traffic in and out of the web server of the Student Union for Electrical Engineering (Fachbereichsvertretung Elektrotechnik) at Ulm Uni...
Acra is a database security suite for data-driven apps: database proxy with strong selective encryption, search through encrypted data, SQL injections preven...
ADFA IDS is an intrusion detection system dataset made publicly available in 2013, intended as representative of modern attack structure and methodology to r...
This collection contains labeled network traffic data in ARFF format. The original purpose was to train ransomware detection in the Aktaion IDS. ... Data was...
Reverse engineering, Malware and goodware analysis of Android applications ... and more (ninja !) ... Androguard is a full python tool to play with Android f...
A dataset containing both normal and malware infected android applications. ... This dataset contains 18,850 normal android application packages and 10,000 m...
We collected more than 10,854 samples (4,354 malware and 6,500 benign) from several sources. We have collected over six thousand benign apps from Googleplay ...
In this project, we focus on the Android platform and aim to systematize or characterize existing Android malware. ... This project has managed to collect mo...
The Android PRAGuard Dataset is a collection of obfuscated malware from Android devices. ... The dataset contains 10479 samples, obtained by obfuscating the ...
This project developed a systematic approach to generate diverse and comprehensive benchmark datasets for intrusion detection resulting in a dataset containi...
This is a corpus of auto-labeled cyber security domain text which was used for automatically extracting security-related entities using machine learning. Thi...
BoNeSi, the DDoS Botnet Simulator, is a Tool to simulate Botnet Traffic in a testbed environment on the wire. It is designed to study the effect of DDoS atta...
BriarIDS is an All-In-One home intrusion detection system (IDS) solution for the Raspberry PI. ... A simple yet effective IDS for the Raspberry PI. BriarIDS ...
Complete Mandiant Offensive VM (Commando VM), the first full Windows-based penetration testing virtual machine distribution. ... Born from our popular FLARE ...
16,800 clean and 11,960 malicious files for signature testing and research. ... Contagio is a collection of the latest malware samples, threats, observations...
A dictionary containing every wordlist, dictionary, and password database leak publicly accessible on the internet ... The format of the list is a standard t...
The datasets contains transactions made by credit cards in September 2013 by european cardholders. This dataset presents transactions that occurred in two da...
This dataset is composed of a selection of Windows API/System-Call trace files, intended for testing on classifiers treating with sequences. ... Malware call...
Cyber Threat Intelligence Repository expressed in STIX 2.0 ... The Cyber Threat Intelligence Repository of ATT CK and CAPEC catalogs expressed in STIX 2.0 JS...
Cuckoo Sandbox is an automated dynamic malware analysis system ... Cuckoo Sandbox is the leading open sourceautomated malware analysis system. You can throw ...
The Cyberprobe project is an open-source distributed architecture for real-time monitoring of networks against attack. ... The probe, cyberprobe has the foll...
The CyberVAN testbed provides a testing and experimentation environment to support cyber security research. ... CyberVAN provides the highest fidelity repres...
DreamMarket Dark Net Market is an online platform for exchanging illegal goods by cybercriminals. This dataset has information about products and sellers. .....
Darknet is an open source neural network framework written in C and CUDA. ... Darknet apply a single neural network to the full image. This network divides t...
Diffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious...
A free, community-sourced, machine-readable knowledge base of digital forensic artifacts that the world can use both as an information source and within othe...
dnstwist is a domain name permutation engine for detecting typo squatting, phishing and corporate espionage. ... dnstwist takes in your domain name as a seed...
A malware/botnet analysis framework written in Ruby. ... Dorothy2 is a framework created for suspicious binary analysis. Its main strengths are a very flexib...
A framework based on the Fiddler web debugger to study Exploit Kits, malvertising and malicious traffic in general. ...
Ether is a malware analysis framework which leverages hardware virtualization extensions (specifically Intel VT) to remain transparent to malicious software....
Expose is an Intrusion Detection System for PHP loosely based on the PHPIDS project (and using its ruleset for detecting potential threats). ... Expose allow...
Automatically extract obfuscated strings from malware. ... Rather than heavily protecting backdoors with hardcore packers, many malware authors evade heurist...
GEF - GDB Enhanced Features for exploit devs & reversers ... GEF is a set of commands for x86/64, ARM, MIPS, PowerPC and SPARC to assist exploit developers a...
Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and execute p...
Hale is a botnet command & control monitor/spy with a modular design to easily develop new modules that monitor new protocols used by C&C servers ... The mai...
Honeytrap is an extensible and opensource system for running, monitoring and managing honeypots. ... Features of HoneyTrap: Combine multiple services to one...
Extending and consolidating hosts files from several well-curated sources like adaway.org, mvps.org, malwaredomainlist.com, someonewhocares.org, and potentia...
eMews is a collection of PCAP data captured from an in-lab emulated network, using the CORE network emulator and the eMews framework developed to generate pa...
30 days of EMS logs in a large anonymized log file from an Energy Management System (EMS). ... The data in the file Event_Export_082217.csv includes 30 days ...
Multiple datasets containing cyber attacks against 2 laboratory scale industrial control systems; a gas pipeline and water storage tank. ... The data sets in...
This dataset is a collection of labeled RTU telemetry streams from a gas pipeline system in Mississippi State University's Critical Infrastructure Protection...
This dataset is split into three smaller datsets, which include measurements related to electric transmission system normal, disturbance, control, cyber atta...
This repository includes a series of PCAP captures generated for cybersecurity research purposes. Each capture set is provided as a release, namely: modbus T...
Infection Monkey is an open source Breach and Attack Simulation tool to evaluate the security posture of your network. ... The Infection Monkey is an attack ...
Infusion pump Control via OpenICE FROA App - Normal and Non-Normal State Data ... OpenIce FROA app with physical infusion pump Data captured from the loopba...
The Insider Threat Test Dataset is a collection of synthetic insider threat test datasets that provide both background and malicious actor synthetic data. .....
UDP scan and meassurement of public UDP services that could be used in relation to Amplified DDoS attacks. ... The dataset consists of 20 UDP Services and 21...
Justniffer is a network protocol analyzer that captures network traffic and produces logs in a customized way. ... Justniffer can emulate Apache web server l...
The Kharon dataset is a collection of Android malware totally reversed and documented. ... This collection gives as much as possible a representation of the ...
This dataset contains measurements of the latencies between a set of DNS servers. It was used as the basis for evaluating the Vivaldi network coordinate syst...
King Phisher is a tool for testing and promoting user awareness by simulating real world phishing attacks. ... King Phisher features an easy to use, yet very...
Kippo is a medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker....
IP Network Traffic Flows Labeled with 75 Apps ... The data presented here was collected in a network section from Universidad Del Cauca, Popayn, Colombia by...
The traces released here contain all incoming anonymous FTP connections (i.e. to port 21) to public FTP servers at the Lawrence Berkeley National Laboratory ...
Libnet provides a portable framework for low-level network packet construction. ... Libnet is an API to help with the construction and handling of network pa...
This dataset consists of system logs from a Linux Redhat 7.1 system deployed in a honeynet. ... The data has no sanitization or anonymization; the data is pr...
This dataset contains signatures generated from many Android APKs, and can be used separately from the detection engine. ... This dataset comes bundled with ...
MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, networ...
A public malware dataset generated by Cuckoo Sandbox based on Windows OS API ... The dataset contains malware samples from eight different families: 832 spyw...
A new dataset of 66,301 malware recordings collected over a two-year period using Malrec. ... Malrec, a malware sandbox system, uses PANDA's whole-system det...
Malicious traffic detection system ... Maltrail is a malicious traffic detection system, utilizing publicly available (black)lists containing malicious and/o...
A collection of malware samples caught by several honeypots. ... All of the malware samples contained in this repository have been collected by several honey...
Aim of the project is to provide an useful and classified dataset to researchers who want to investigate deeper in malware analysis by using Machine Learning...
This dataset was generated using the IDA disassembler tool. The task is to develop the best mechanism for classifying files in the test set into their respec...
Mozilla's real-time digital forensics and investigation platform. ... MIG is a platform to perform investigative surgery on remote endpoints. It enables inve...
MISP (core software) - Open Source Threat Intelligence Platform (formely known as Malware Information Sharing Platform) ... MISP is an open source software s...
Mobile Security Framework is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing framework capable of performing static analysis, d...
Modlishka is a powerful and flexible HTTP reverse proxy. ... Modlishka implements an entirely new and interesting approach of handling browser-based HTTP tra...
Moloch is a large scale, open source, indexed packet capture and search system. ... Moloch augments your current security infrastructure to store and index n...
Machine Learning based Intrusion Detection Systems are difficult to evaluate due to a shortage of datasets representing accurately network traffic and their ...
NetWorkPacketCapture is a tool used to capture network packet via Android VPN. ... NetWorkPacketCapture has the ability to: It can display every network conn...
Stop denial of service attacks, configurable allowable burst rate. ... Configurable Denial-Of-Service prevention for http services.
Normal state and failure mode data capture for Philips network medical devices. ... Normal state and failure mode data capture for Philips network devices. ...
Normal state, failure mode and attack simulation for medical laboratory camera system ... Microscope camera was powered via ethernet, connected over a local ...
Normal state, failure-mode and attack simulation of GE medical device monitoring network ... Normal state, failure-mode and attack simulation of GE medical d...
Normal state, failure-mode and attack simulation of Philips medical device monitoring network. ... Normal state, failure-mode and attack simulation of Philip...
OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It is also ...
OpenVAS is a full-featured vulnerability scanner. ... The capabilities of OpenVAS include unauthenticated testing, authenticated testing, various high level ...
OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real...
PcapPlusPlus is a multiplatform C++ library for capturing, parsing and crafting of network packets. It provides C++ wrappers for packet processing engines su...
PhishTank is a community site that houses user-submitted phishing data ... PhishTank is a collaborative clearing house for data and information about phishin...
PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application ... ...
OpenWrt package for copying network packets without IPtables. ... A package that sends copies of network packets from your OpenWrt router to another device o...
A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware. ... A detailed overview of system activity w...
Project Sonar is a security research project by Rapid7 that conducts internet-wide surveys across different services and protocols to gain insights into glob...
Psad is an Intrusion Detection and Log Analysis with iptables ... The Port Scan Attack Detector psad is a lightweight system daemon written in is designed to...
Exploit Development and Reverse Engineering with GDB Made Easy ... pwndbg is a GDB plug-in that improves debugging with GDB, with a focus on features needed ...
Pwned Passwords are 555,278,657 real world passwords previously exposed in data breaches. This exposure makes them unsuitable for ongoing use as they're at m...
pythem is a multi-purpose pentest framework written in Python. ... pythem can test multiple different types of attacks and phishing instances such as: ARP s...
These malware samples are uploaded by users or from Rampart Research themselves. These datasets maybe useful as a training datasets to validate anti-virus en...
Ransomware Tracker offers various types of blocklists that allows you to block Ransomware botnet C&C traffic. ... The update interval for the available block...
A tool for detecting regular expression denial-of-service vulnerabilities in Android apps. ... The tool requires a regular expression analyzer.Currently, the...
RegEx Denial of Service (ReDos) Scanner ... Helps find regular expressions susceptible to denial of service attacks.
Santa is a binary whitelisting/blacklisting system ... Santa consists of a kernel extension that monitors for executions, a userland daemon that makes execu...
This is a collection of malware datasets containing a mixed of virus and benign samples amounting to 2TB from SecureAge. ... Researchers will find this colle...
Security Onion is a Linux distro for intrusion detection, enterprise security monitoring, and log management. ... Security Onion is a free and open source Li...
A labeled dataset with billions of records covering a wide variety of low-privileged monitorable smartphone features collected from 50 volunteers over a few ...
Generic Android Deobfuscator. Simplify virtually executes an app to understand its behavior and then tries to optimize the code so that it behaves identicall...
The Software Assurance Reference Dataset (SARD) is a growing collection of over 170 000 programs with precisely located bugs. ... The programs are in C, C++,...
Sparta is a network infrastructure penetration testing tool ... SPARTA is a python GUI application which simplifies network infrastructure penetration testin...
This dataset consists of alert logs from the Enterasys Dragon NIDS 4.x intrusion detection system. ... Date range of data: 2006-2007, 590 days of continuous ...
SubFinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe ...
A catalog of malware used in the Syrian civil war. ... Each sample lists its respective MD5 hash, filename, links to any media sources or technical details w...
tcpdump is a tool for network monitoring and data acquisition. ... Tcpdump uses libpcap, a system-independent interface for user-level packet capture. The pr...
Python telnet honeypot for catching botnet binaries ... This project implements a python telnet server trying to act as a honeypot for IoT Malware which spre...
The Drebin dataset contains 5,560 applications from 179 different malware families. The samples have been collected in the period of August 2010 to October 2...
The Sleuth Kit (TSK) is a library and collection of command line digital forensics tools that allow you to investigate volume and file system data. The libra...
the VERIS Community Database aims to collect and disseminate data breach information for all publicly disclosed data breaches ... VERIS and its accompanying ...
A repository of LIVE malware for your own joy and pleasure. theZoo's objective is to offer a fast and easy way of retrieving malware samples and source code ...
Turbinia is an open-source framework for deploying, managing, and running distributed forensic workloads. ... Turbinia is intended to automate running of com...
The Ultimate Hosts Blacklist is a curated Unified Hosts file for protecting your computer or device against over several hundred thousand bad web sites ... T...
URLhaus offers an API to both, receive (download) and submit malware URLs from the URLhaus database. ... The URLhaus database dump is a simple CSV feed that ...
USBGuard is a software framework for implementing USB device authorization policies (what kind of USB devices are authorized) as well as method of use polici...
VirusShare is a collection of malware used for malware analysis and machine learning. ... The VirusShare dataset is a repository of malware samples to provid...
Volatility is an advanced memory forensics framework. ... The Volatility Framework is a completely open collection of tools,implemented in Python under the G...
Waidps is a wireless Auditing, Intrusion Detection & Prevention System ... WAIDPS is an open source wireless swissknife written in Python and work on Linux e...
A github repository that contains a collection of web attack payloads from various sources. ... Requests extracted from either packet captures or log files o...
Wireshark is the world's foremost and widely-used network protocol analyzer. ... Wireshark lets you see what's happening on your network at a microscopic lev...
A repository of over 35,000 phrases, patterns, and keywords commonly used by spammers and comment bots in usernames, email addresses, link text, and URIs. .....
Xplico is an open source network forensic analysis tool ... The goal of Xplico is extract from an internet traffic capture the applications data contained. F...
This dataset includes sanitized password frequency lists collected from Yahoo in May 2011. ... Each of the 51 .txt files represents one subset of all users' ...