idiom / IRScripts Licence: other
Incident Response Scripts
Programming Languages python 139335 projects - #7 most used programming language
Projects that are alternatives of or similar to IRScripts Docker-Templates Docker configurations for TheHive, Cortex and 3rd party tools
Stars : ✭ 71 (+144.83%)
Mutual labels: dfir
WELA WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅(ウェラ)
Stars : ✭ 442 (+1424.14%)
Mutual labels: dfir
catalyst Catalyst is an open source SOAR system that helps to automate alert handling and incident response processes
Stars : ✭ 91 (+213.79%)
Mutual labels: dfir
PSTrace Trace ScriptBlock execution for powershell v2
Stars : ✭ 38 (+31.03%)
Mutual labels: dfir
EventTranscriptParser Python based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)
Stars : ✭ 22 (-24.14%)
Mutual labels: dfir
smram parse System Management RAM analysis tool
Stars : ✭ 50 (+72.41%)
Mutual labels: dfir
iTunes Backup Reader Python 3 Script to parse out iTunes backups
Stars : ✭ 108 (+272.41%)
Mutual labels: dfir
artifactcollector 🚨 The artifactcollector is a customizable agent to collect forensic artifacts on any Windows, macOS or Linux system
Stars : ✭ 140 (+382.76%)
Mutual labels: dfir
DDTTX DDTTX Tabletop Trainings
Stars : ✭ 22 (-24.14%)
Mutual labels: dfir
LevelDBDumper Dumps all of the Key/Value pairs from a LevelDB database
Stars : ✭ 23 (-20.69%)
Mutual labels: dfir
Evilize Parses Windows event logs files based on SANS Poster
Stars : ✭ 24 (-17.24%)
Mutual labels: dfir
MemProcFS-Analyzer MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR
Stars : ✭ 89 (+206.9%)
Mutual labels: dfir
yara-validator Validates yara rules and tries to repair the broken ones.
Stars : ✭ 37 (+27.59%)
Mutual labels: dfir
DFIR-O365RC PowerShell module for Office 365 and Azure log collection
Stars : ✭ 158 (+444.83%)
Mutual labels: dfir
calamity A script to assist in processing forensic RAM captures for malware triage
Stars : ✭ 24 (-17.24%)
Mutual labels: dfir
ad-privileged-audit Provides various Windows Server Active Directory (AD) security-focused reports.
Stars : ✭ 42 (+44.83%)
Mutual labels: dfir
pftriage Python tool and library to help analyze files during malware triage and analysis.
Stars : ✭ 77 (+165.52%)
Mutual labels: dfir
ir scripts incident response scripts
Stars : ✭ 17 (-41.38%)
Mutual labels: dfir
DFIRRegex A repo to centralize some of the regular expressions I've found useful over the course of my DFIR career.
Stars : ✭ 33 (+13.79%)
Mutual labels: dfir
Get-NetworkConnection Edited version of Lee Christensen's Get-NetworkConnection which includes timestamp for each network connection
Stars : ✭ 34 (+17.24%)
Mutual labels: dfir
IRScripts
Collection of Incident Response scripts.
Scripts
bhistory.py - Parse Firefox or Chrome browser history.
ipquery.py - Query VT for information on the IP.
ipinfo.py - Get information about an ip address.
gsbcheck.py - Query Google SafeBrowse for URL
fglookup.py - Check FortiGuard Rep or Blacklist
dridex-xml.py - Extract compressed Dridex document from xml file.
alienspy-decrypt - Extract AlienSpy Properties (config.xml) or the packed jar file.
hawkeye-decrypt.ps1 - Configuration decryptor for Hawkeye/GolRoted Key Logger.
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at
[email protected] .