Known-good.net

Point-in-time network flow captures, with a crowdsourcing backend, desktop application, and buckets of potential.

Comment

Inspiration

I have worked in CyberSecurity for 15 years. One of the successes I saw was the rise of virustotal.com. This was a free service offered to the public, and was eventually purchased by Google.

What it does

The SaaS allows users to take a full packet capture on their machine, and then upload the metadata via API to known-good.net. This allows them to come back at a later time and confirm whether the traffic they see if what they expect. Examples of unknown offshore traffic, data exfiltration or potentially malicious flows.

How we built it

I used bolt.new to build the entire project.

Challenges we ran into

Packet captures from the browser are very basic, and highly limited. I was forced to develop a desktop client to support the full packet capture. This was easy to do with bolt.new, creating an electron app. Also, that app requires kernel level access to perform full packet capture.

Accomplishments that we're proud of

I'm quite pleased with the architecture of the application, the detail and design decisions that went into the crowdsourcing database.

What we learned

I learned that pulling together an executable for the desktop is not as simple as it would seem!

What's next for Known-good.net

More work on the desktop app user experience (right now it requires a project build) but ideally it would be a portable app.

Built With

  • frontend:-react
  • netsh
  • node.js-backend:-supabase
  • postgresql-capture:-tcpdump-(unix)
  • tailwind-css-desktop:-electron
  • typescript
Share this project:

Updates