Report

Hide text CSV Data Package Print

Active projects and challenges as of 09.05.2025 20:27.

EffiShark

A minimal packet sniffer to help identify malicious outgoing traffic.


~ PITCH ~

https://github.com/effinger/effishark

~ README ~

🦈 EffiShark

A straightforward packet conversation capture tool

If you want to keep a log of which of your devices may have been involved in suspicious outbound activities, effishark will keep a very lean log of all conversions. Every minute it will track all outbound connections with the respective source MAC address, the destination IP and the PORT. This should be the minimal information needed to identify, from which device some suspicious activity started (e.g. lots of SMTP spamming, connecting to a blacklisted IP, etc.).

Motivation

Effinger.ch is a community-led coworking space in Bern, Switzerland. A few weeks ago our ISP swisscom.ch started to turn our network off without further warning. After calling them, they mentioned, that there was «malicious traffic» originating from our network. The only detail they would provide to us, was a few timestamps "Today at 08:03, 08:05 and 08:11" and they were referring to «Spamming». As this has happened a few times already now, we wanted to capture traffic in order to find out, from which device this traffic is originating. We are pretty sure, that the device's owner is not acting maliciously, but there might be some malware installed on a device.

After installing wireshark on a Raspberry Pi, we realized that we'd capture tons of data in a very short time, even if not capturing packet content with the -s flag. Analyzing this data also became quite slow, so we started looking for a lightweight way to capture only «conversations» with minimal private data associated.

Effishark uses PyShark to capture network traffic and periodically (60 seconds per default) store a list of all conversations seen during this time buffer. Only outbound traffic is recorded, and only the originating MAC address and the desination IP and port are saved. There's a simple way to query the data and periodically clean the conversation log.

Installation

We installed EffiShark on a Raspberry Pi 4 with a 32GB SD card, which should be sufficient to capture a few days worth of traffic.

  sudo apt-get install wireshark -y # Select YES to allow capturing by non-root users
  sudo useradd -G wireshark your-user
  pip install pyshark

Add the following line to your crontab with crontab -e

  # Run EffiShark on boot, interface: eth0, sqlite file: ~/shark.db, buffer: 60 seconds
  @reboot /path/to/effishark -i eth0 -f ~/shark.db -b 60

If you like, there is a systemd service template provided in effishark.service. You can install it like this:

  sudo cp ./effishark.service /etc/systemd/system/
  sudo systemctl daemon-reload
  sudo systemctl enable effishark
  sudo service effishark start

Running

  ./effishark --help

  usage: effishark [-h] [-f FILE] [-b BUFFER] [-i INTERFACE] [--after AFTER] [--before BEFORE] [--device DEVICE]

  options:
    -h, --help            show this help message and exit
    -f FILE, --file FILE  Path to the sqlite database file
    -b BUFFER, --buffer BUFFER
                          How many seconds of traffic to aggregate
    -i INTERFACE, --interface INTERFACE
                          Network interface (for Macs: 'en0')
    --after AFTER         Do not capture, only display conversations starting after 'yyyy-mm-dd hh:mm'
    --before BEFORE       Do not capture, only display conversations before 'yyyy-mm-dd hh:mm'
    --device DEVICE       Do not capture, only display conversations from 'mac:add:ress'
    --clean DAYS          Remove all conversations which are older than DAYS days

In order to query for all conversations during a certain timeframe:

  effishark -f ./shark.db --device ac:c9:06:13:72:9a --after "2023-02-18 12:00"--before "2023-02-18 12:01"

If you like to regularly delete old conversations (a good practice to minimize personal data storage), add the following cronjob

  # Run at midnight and clean effishark conversations older than 7 days
  0 0 * * * /path/to/effishark --clean 7

License

This project is licensed under the terms of the MIT license.

Caveats

  • We may miss a few packets during dumping to the database, not exactly sure how pyshark.sniff_continuously() is implemented
  • During our testing, pyshark.sniff_continuously() sometimes randomly got stuck and would not return further packages. We implemented a regular restart job

Proxeus

Create blockchain-ready workflows, own your data.


~ PITCH ~

Proxeus - Create blockchain-ready workflows, own your data. | Product Hunt

https://github.com/ProxeusApp/proxeus-core

~ README ~

Proxeus Core

Proxeus combines a powerful automation tool with a form builder, document generator and blockchain connection - enabling you to digitize, secure, and tap into the value of data flows. Access the full source code of available modules and extensions @ProxeusApp.

Screenshot of Proxeus workflow from the handbook

User Guides

Get help to make the most of the platform in the User Handbook.

To learn more about Smart Contracts using Solidity, see the documentation in the proxeus-contract.

For detailed information about token setup, check the XES-Payment project. Software architecture and other details are in the Developer Manual.

Installation

Proxeus is primarily a Web application, intended for access with a web browser. The Proxeus Association maintains a demo instances you can use to test the product, and can recommend a service provider to help you or your business get set up. There is also a prototype desktop application.

In addition to the developer guidelines below, several "one-click" deployment configurations are available for select cloud platforms:

Join the Discussions if you are interested in seeing additional providers on this list.

If you wish to build the project form the source code, follow the instructions in Build all.

Please read the Developer Manual to learn more about the Proxeus platform.

Infura and SparkPost

The Proxeus platform currently depends on Infura for blockchain services. Supported chains include:

  • ethereum: sepolia
  • ethereum: goerli
  • ethereum: mainnet
  • polygon: mumbai
  • polygon: mainnet

Create an account to get an API Keys. These keys need to be added to corresponding environment variables, or entered when deploying a "one-click" instance.

Proxeus works best with SparkPost for email integration.

Please note that the domain you set up on SparkPost MUST match the reply-to e-mail address that you configure in the next step in order to create accounts and receive e-mails on your instance.

If all goes well, Proxeus should be available at http://localhost:1323. The next step will be to configure your instance for the first time.

Contributing

As an open-source project, we welcome any kind of community involvement, whether that is by contributing code, reporting issues or engaging in insightful discussions. Especially, we are looking forward to receiving contributions for external workflow nodes.

See the Contributing Guide for further directions.

Security Issues

If you find a vulnerability that may affect live or testnet deployments please DO NOT file a public issue - send your report privately to [email protected]

License

Licensed under the GNU GENERAL PUBLIC LICENSE. You may read a copy of the License here.

Acknowledgements

Like so many projects, this effort has roots in many places. The list can be found in ACKNOWLEDGEMENTS.

Supported Chains

Ethereum

  • mainnet
  • sepolia
  • goerli

Polygon

  • mainnet
  • mumbai
Return Challenges Stages Categories