HackingLZ

HackingLZ / gibson

Public

Network monitoring tool that maps process-to-network connections, identifies cloud providers, and detects beaconing activity. Zero-flag agent binary for deployment, aggregation server, offline ASN lookup.

beaconing network-monitoring osint red-team rust
13
1
100% credibility
Found Mar 03, 2026 at 13 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Rust
AI Summary

Gibson is a network monitoring tool that captures process-to-network connections, detects cloud providers and suspicious patterns like beaconing, and generates firewall rules and reports.

How It Works

1
🔍 Discover Gibson

You learn about Gibson, a helpful tool that watches what programs on your computer are chatting with online to spot anything unusual.

2
💻 Set it up simply

You grab Gibson and get it ready on your computer in just a couple of minutes.

3
👀 Start watching connections

You run Gibson to quietly record all the internet connections your programs are making over a short time.

4
🌟 See your network map

Gibson reveals a clear picture of every connection, highlighting cloud services, risky patterns, and beacon-like activity across your machines.

5
📊 Review smart reports

You get easy-to-read summaries with risk scores for programs, cloud breakdowns, and automatic safety rules to protect your setup.

6
🛡️ Set up ongoing guard

You place lightweight watchers on your computers or servers to keep collecting data and send it safely to a central spot.

Enjoy secure oversight

Now you have ongoing insights into your network, quick alerts on threats, and ready protection rules, keeping everything safe and simple.

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 13 to 13 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is gibson?

Gibson is a Rust-built github network monitoring tool that captures process-to-network connections across endpoints, identifies cloud providers like AWS or Azure, and flags beaconing patterns suggesting C2 activity. Drop a zero-flag agent binary on targets for stealthy collection with optional DNS resolution, compression, and AES-256 encryption before uploading to an aggregation server. Parse outputs into risk-scored summaries, firewall rules for iptables or Windows, and SQL exports—no heavy EDR required.

Why is it gaining traction?

Stands out with a compile-time configurable agent that runs argument-free, plus offline ASN lookups via local databases for air-gapped analysis. CLI commands like `cargo run collect --duration-seconds 300` or `parse --cloud-analysis report.json` deliver instant insights: beacon detection via timing jitter, high-entropy domains, and cross-machine IP sharing. Rust's speed and cross-platform support (Windows/Linux) make it lighter than Java-based github network analyzers.

Who should use this?

SecOps teams hunting insider threats or malware callbacks on endpoints. DevOps engineers baselining cloud traffic in hybrid environments, generating allow rules for legit AWS/GCP flows. Incident responders needing quick github network scanner dumps during IR, especially with the server's live /api/patterns endpoint for multi-host overviews.

Verdict

Promising early github network monitoring tool at 13 stars and 1.0% credibility—docs are solid with build examples and screenshots, but lacks tests and broad adoption. Grab it for personal audits or prototypes; production users should fork and harden first.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.