Cyberprobe is a distributed architecture for real-time monitoring of networks against attack. The software consists of two components: cyberprobe, which collects data packets and forwards it over a network in standard streaming protocols; and cybermon, which receives the streamed packets, decodes the protocols, and interprets the information. Cyberprobe can optionally be configured to receive alerts from Snort. In this configuration, when an alert is received, the IP source address associated with the alert is dynamically targeted for a period of time. Collecting data and forwarding over the network to a central collection point allows for a much more "industrialized" approach to intrusion detection. The monitor, cybermon, is highly configurable using LUA, allowing you to do a great many things with captured data: summarize, hexdump, store, and respond with packet injections.
Bletchley is a real-world cryptanalysis framework. It was created to assist with the detection, analysis, and exploitation of cryptographic flaws and aims to help automate the tedious aspects of this analysis while leaving the security expert in control of the process. It features automated token encoding detection (36 encoding variants), passive ciphertext block length and repetition analysis, a script generator for efficient automation of HTTP requests, and a flexible, multithreaded padding oracle attack library with CBC-R support.
Upsilon is a distributed, flexible, and extensible system monitoring application. Being distributed means you run service checks on Upsilon nodes in your network where it makes sense, either on every server or on a management network, inside or outside the firewall. You can run checks on secure, hard to reach networks, and push those results to a central server. You can optionally execute "agentless" checks just by using SSH. Being flexible means that if you can script it, you can monitor it. Unlike most monitoring systems, the monitoring scripts are external to the main server, so you can use Upsilon to execute your monitoring scripts in an extremely robust way. Upsilon has been used to monitor many different things and is API-compatible with all nagios monitoring scripts. Being extensible means you can add monitoring checks to Upsilon at runtime without needing to restart the server. The upsilon-node and upsilon-web projects both have their own REST APIs.