---

  What is netmoth?

Netmoth is a lightweight, fast, simple and complete solution for traffic analysis and intrusion detection.

⚠️  Current major version is zero (v0.x.x) to accommodate rapid development and fast iteration while getting early feedback from users. Please keep in mind that netmoth is still under active development and therefore full backward compatibility is not guaranteed before reaching v1.0.0.

🏆  Features

• Monitors traffic on all interfaces
• Minimal configuration
• PCAP
• AF_PACKET
• PF_RING
• eBPF
• Zero copy packet processing
• Automatic TCP stream reassembly
• Berkeley Packet Filter
• Check IP on blocklist
• Checking botnet on blocklist
• Checking certificate on blocklist
• Checking tracker on blocklist
• Web-interface
• Rules
• Agents

📚  Documentation

... coming soon ...

🏁  Installation

Simple agent installation

mkdir netmoth
cd ./netmoth
curl -L https://raw.githubusercontent.com/netmoth/netmoth/main/config_example.yml > config.yml
curl -L https://github.com/netmoth/netmoth/releases/latest/download/netmoth_agent_Linux_x86_64 > netmoth_agent
sudo chmod u+x netmoth_agent

if necessary, make changes to the config.yml file, then run the agent

./netmoth_agent

👑  Community

... coming soon ...

👍  Contribute

We would for you to get involved with netmoth development! If you want to say thank you and/or support the active development of netmoth:

1. Add a GitHub Star to the project.
2. Tweet about the project on your Twitter.
3. Write a review or tutorial on Medium, Dev.to or personal blog.

You can learn more about how you can contribute to this project in the contribution guide.

🚨  Security

... coming soon ...