[New Tool] Haka v0.2 Protocols and Policies Analyzer Released

Haka is an open source security oriented language which allows to describe protocols and apply security policies on (live) captured traffic. Licensed under Mozilla Public License v2.0

The scope of Haka language is twofold. First of all, it allows to write security rules in order to filter/alter/drop unwanted packets and log and report malicious activities. Second, Haka features a grammar enabling to specify network protocols and their underlying state machine.

The overall goal of Haka is to abstract low-level stuff like memory management and packet reassembly to non developer experts and to provide an easy way to analyze quickly new network protocols.

Features

Packet filtering policy improved: Define your own security rules to alter/drop/inject packets based on combination of protocol fields (ip, tcp, udp, icmp, dns and http).
Packet capture: Use various sources of traffic for packet filtering, including: pcap file, pcap live traffic, netfilter queue iptable rules.
Protocol grammar new: Protocol parsing is simple, describe the messages in Haka and let the engine do the parsing.
Protocol state machine new: Quickly and easily describe protocol state machines directly in Haka. Describe your states and transitions and let the internal Haka engine follow them.
Log & alert: Log and report malicious activities in syslog using an idmef-like format.
Integrated debugger: Back-trace, insert breakpoints and inspect Lua code. Haka is endowed with a gdb-like debugger which is helpful to detect errors in Lua security rules.
Modular, extensible: Haka has a modular design which allows easy customisation. The internal and external APIs are well documented and allow anyone to easily add new protocols, capture methods, logging sinks…