Swap digger swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics. It automates swap extraction and searches for Linux user credentials, web forms credentials, web forms emails, http basic authentication, Wifi SSID and keys, etc.
MalconfscanVolatility plugin for extracts configuration data of known malware
Ir RescueA Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.
HackdroidAndroid Apps, Roms and Platforms for Pentesting
ProwlerProwler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 200 controls covering CIS, ISO27001, GDPR, HIPAA, SOC2, ENS and other security frameworks.
MeerkatA collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.
RecuperabitA tool for forensic file system reconstruction.
wipedicksWipe files and drives securely with randoms ASCII dicks
bits parserExtract BITS jobs from QMGR queue and store them as CSV records
WiFi-ProjectPre-connection attacks, gaining access & post-connection attacks on WEP, WPA & WPA2. 🛰✔️
dcflddEnhanced version of dd for forensics and security
bootcode parserA boot record parser that identifies known good signatures for MBR, VBR and IPL.
macOS-triagemacOS triage is a python script to collect various macOS logs, artifacts, and other data.
ManTraNet-pytorchImplementation of the famous Image Manipulation\Forgery Detector "ManTraNet" in Pytorch
siemstressVery basic CLI SIEM (Security Information and Event Management system).
pyaff4The Python implementation of the AFF4 standard.
CTF-Script-And-Template-Thrift-Shop[180+ scripts] There are a few genuine gems in there. And a lot of spaghetti code. Most of these scripts were for solving CTF's. If you googles something for a CTF and landed here look at the scripts they're all fairly malleable. Sorry for the shitty naming conventions (not really). If you are a recruiter stop. I wont be able to rewrite half thi…
robot hacking manualRobot Hacking Manual (RHM). From robotics to cybersecurity. Papers, notes and writeups from a journey into robot cybersecurity.
LevelDBDumperDumps all of the Key/Value pairs from a LevelDB database
ForensicsToolsA list of free and open forensics analysis tools and other resources
toolsetUseful tools for CTF competitions
WELAWELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅(ウェラ)
dumproidAndroid process memory dump tool without ndk.
EventTranscriptParserPython based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)
sqbriteSQBrite is a data recovery tool for SQLite databases
Vol3xpVolatility Explorer Suit
PSTraceTrace ScriptBlock execution for powershell v2
DFIR-O365RCPowerShell module for Office 365 and Azure log collection
memscrimperCode for the DIMVA 2018 paper: "MemScrimper: Time- and Space-Efficient Storage of Malware Sandbox Memory Dumps"
ad-privileged-auditProvides various Windows Server Active Directory (AD) security-focused reports.
Imm2VirtualThis is a GUI (for Windows 64 bit) for a procedure to virtualize your EWF(E01), DD (raw), AFF disk image file without converting it, directly with VirtualBox, forensically proof.
ingest-fileIngestors extract the contents of mixed unstructured documents into structured (followthemoney) data.
uacUAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.
btrfscueRecover files from damaged BTRFS filesystems
yara-forensicsSet of Yara rules for finding files using magics headers
CDIRCDIR (Cyber Defense Institute Incident Response) Collector - live collection tool based on oss tool/library
MindMaps#ThreatHunting #DFIR #Malware #Detection Mind Maps
dnslogMinimalistic DNS logging tool
INDXRipperCarve file metadata from NTFS index ($I30) attributes
MantOSLIFARS Networking Security GNU/Linux distro