🌏 Somo

A human-friendly alternative to netstat or ss for socket monitoring with the ability to scan for malicious IP addresses.

⬇️ Installation:

Debian:

If you use a Debian OS go to releases and download the latest .deb release.

From crates.io:

1. Install cargo:

You can install cargo from the crates.io website.

2. Install the somo crate:

cargo install somo

🏃‍♀️ Running somo:

To run somo just type:

somo

Using sudo:

It can often be beneficial to run it in sudo mode since many PIDs will remain hidden otherwise. If sudo somo doesn't work, try running it using the full path:

# you can find out the path by running: "where somo"
sudo /path/to/somo
# or directly like this
sudo $(where somo)

Problems with this: it's unconvenient and ENV variables can't be accessed! Better solution: Add it to the $PATH variable (like this).

⚙️ Features:

1. Pretty and easily readable table:

2. Filtering:

You can filter by remote port, local port, IP, protocol, client program, PID and connection status. Check the flag descriptions below.

3. Process killing:

With the -k flag you can choose to kill a process after inspecting the connections using an interactive selection option.

4. Checking for malicious IPs using AbuseIPDB.com:

To automatically check if any of the remote IPs you are connected to are malicious you can specify an API key for the AbuseIPDB API as an environment variable:

export ABUSEIPDB_API_KEY={your-api-key} # not session persistent

Adding the -c flag will then check for malicious IPs and notify you in the table:

🚩 Flags: