来自：http://www.secrepo.com

• Network
  • MACCDC2012 - Generated with Bro from the 2012 dataset
    • A nice dataset that has everything from scanning/recon through explotation as well as some c99 shell traffic. Roughly 22694356 total connections.
    • conn.log.gz (524MB)
    • dhcp.log.gz (1MB)
    • dns.log.gz (7MB)
    • files.log.gz (49MB)
    • ftp.log.gz (1MB)
    • http.log.gz (54MB)
    • notice.log.gz (1MB)
    • signatures.log.gz (1MB)
    • smtp.log.gz (1MB)
    • ssh.log.gz (1MB)
    • ssl.log.gz (2MB)
    • tunnel.log.gz (1MB)
    • weird.log.gz (2MB)
    • Snort logs
    • maccdc2012_fast_alert.7z Snort Fast Alert format logs (10MB)
    • maccdc2012_full_alert.7z Snort Full Alert format logs (24MB)
  • Bro logs generated from various Threatglass samples
    • Exploit kits and benign traffic, unlabled data. 6663 samples available.
    • Part 1 (64MB)
    • Part 2 (41MB)
    • Part 3 (61MB)
  • Snort logs generated from various Threatglass samples
    • Exploit kits and benign traffic, unlabled data. 6663 samples available.
    • tg_snort_fast.7z Snort Fast Alert format logs (5MB)
    • tg_snort_full.7z Snort Full Alert format logs (9MB)
  • Gameover Zeus DGA sample 31000 DGA domains from Dec 2014
  • Domain Transfer Data Old domain transefer data from several registrars, JSON format. (8MB)
  • Modbus and DNP3 logs ICS logs generated w/Bro from various PCAPs (1MB)
• Malware
  • Static information about Zeus binaries - Static information (JSON) of about ~8k samples from ZeuS Tracker
  • Static information about APT1 binaries - Static information (JSON) of APT1 samples from VirusShare
  • Static information about Op Cleaver binaries - Static information of Op Cleaver related binaries.
• System
  • Web Logs from Security Repo - these logs are generated by you the community, and me updating this site.
  • Squid Access Log - combined from several sources (24MB compressed, ~200MB uncompresed)
  • auth.log - approx 86k lines, and mostly failed SSH login attempts
  • Honeypot data - Data from various honeypots (Amun and Glastopf) used for various BSides presentations posted below. Approx 994k entries, JSON format.
    • Analysis of the honeypot data for BSidesDFW 2014 - IPython Notebook.
• Other
  • Security Data Analysis Labs
    • Connection Log - (522MB compressed, 3GB uncompressed) ~22million flow events

3rd Party

• Other
  • Digital Corpora - Disk images, network traffic, and malware, oh my! [License Info: This material is based upon work supported by the National Science Foundation under Grant No. 0919593]
  • Verizon VERIS Database - Raw VERIS (filtered) data. [License Info: Creative Commons Attribution-ShareAlike 4.0 International Public License]
  • The Swedish Defence Research Agency Information Warfare Lab PCAP and various log sources [License Info: Unknown]
  • Black-Market Archives A scraped archive of Dark Net Markets [License Info: Unknown]
  • Protected Repository for the Defense of Infrastructure Against Cyber Threats Lots of data (restricted use) [License Info: License]
  • Comprehensive, Multi-Source Cyber-Security Events Auth, DNS, process, and flow data. [License Info: Public Domain]
  • Cyber Security Science Multiple datasets from LANL. [License Info: Public Domain]
  • Open Source Enterprise Network Security Solution Network traffic and malicious endpoint data. [License Info: Unknown]
  • Australian Defence Force Academy Linux (ADFA-LD) and Windows (ADFA-WD) Datasets HIDS data [License Info: Free for academic research only]
  • CCSS - Digital Certs Used by Malare - A listing of certificate serial numbers that have been used by malware [License Info: Unknown]
  • SherLock Dataset - Smartphone dataset with software and hardware sensor information surrounding mobile malware [License Info: 3 year full access, listed on site]
  • payloads - A collection of web attack payloads. [License Info: Unknown]
• Network
  • KDD Cup 1999 Data - Network connection data [License Info: Unknown]
  • NETRESEC - Publicly available PCAP files - loads of great PCAP files [License Info: Unknown]
  • Internet-Wide Scan Data Repository - Various types of scan data [License Info: Unknown]
  • Detecting Malicious URLs - Mirror - URLS/features/labels [License Info: Unknown]
  • hackertarget 500K HTTP Headers - HTTP Headers [License Info: Unknown]
  • Threatglass - PCAPs that contain various exploit kits as well as some legit traffic mixed in. [License Info: Unknown]
  • pcapr - Searchable repository of PCAPs, look for various phrases to pull out the Security related ones (eg. exploit, xss, etc...) [License Info: TOS]
  • OpenDNS public domain lists - various domain lists [License Info: Public Domain]
  • MIT 1999 DARPA Intrusion Detection Evaluation Data Set - Labeled attack and nont attack data (PCAP and system logs) [License Info: Unknown]
  • MIT 1998 DARPA Intrusion Detection Evaluation Data Set - Network and file system data [License Info: Unknown]
  • DDS legit and DGA labeled domains - DDS Blog [License Info: Unknown]
  • Honeypot Data - DDS Blog [License Info: Unknown]
  • Honeypot Data with GeoIP info - DDS Blog [License Info: Unknown]
  • DGA Domains - updated frequently [License Info: License]
  • Malware URLs - updated daily list of domains and URLs associated with malware [License Info: Disclaimer posted in link]
  • UDP Scan data - provided by Rapid7 [License Info: Unknown]
  • Continously updated IP block list - Created by Packetmail (?) [License Info: no for-sale or paywall use]
  • Common Crawl - "open repository of web crawl data that can be accessed and analyzed by anyone" [License Info: Open]
  • Malware Traffic Analysis - a site with labled exploit kits and phishing emails. [License Info: Unknown]
  • Simple Web Traces - Cloud Storage, DDoS, DNSSEC, and may more types of PCAPs. [License Info: Various]
  • SiLK - LBNL-05 Anonymized enterprise packet header traces. [License Info: Unknown]
  • DGA Archive Multiple DGA data sets generated by the actual algorithm vs. captured network traffic. [License Info: CC BY-NC-SA 3.0]
  • Information Security Centre of Excellence (ISCX) Data related to Botnets and Android Botnets. [License Info: Unknown]
  • CSIC 2010 HTTP Dataset Labeled (normal, anomalous) HTTP data in CSV format. [License Info: Unknown]
  • VAST Challenge 2012 IDS logs generated by IEEE [License Info: Unknown]
  • University of Victoria Botnet Dataset Malicious and benign traffic from LBNL and Ericsson (merged publically available data)[License Info: UNKOWN]
  • UCSD Network Telescope Dataset on the Sipscan Public and restricted datasets of various malware and other network traffic. [License Info: Available on dataset page]
  • UNSW-NB15 This data set has nine families of attacks, namely, Fuzzers, Analysis, Backdoors, DoS, Exploits, Generic, Reconnaissance, Shellcode and Worms. (CSV data) [License Info: Unknown]
  • Stratosphere IPS Public Datasets PCAPs, Samples, etc... [License Info: Unknown]
  • Awesome Industrial Control System Security - Has links to SCADA PCAPs and other SCADA related resources [License Info: Apache License 2.0 (site), Data: various]
  • Cisco Umbrella Popularity List - Top 1 million most daily popular domains [License Info: Unknown]
  • Alexa Top 1 Million - The static 1 million most popular sites by Alexa [License Info: Unknown]
  • Using machine learning to detect malicious URLs - Cade and labeled URL data. [License Info: Unknown]
  • Majestic Million Domains - Top million domains with the most referring subnets. [License Info: Attribution 3.0 Unported (CC BY 3.0)]
  • IoT device captures IoT Device PCAP by Aalto University Research [License Info: Listed on site]
  • Project Bluesmote - Syrian Bluecoat Proxy Logs [License Info: Public Domain]