ThreatIngestor An extendable tool to extract and aggregate IOCs from threat feeds. Integrates out-of-the-box with ThreatKB and MISP, and can fit seamlessly into any existing workflow with SQS, Beanstalk, and custom plugins. ThreatIngestor can be configured to...
fingerprint all the things! A script for extracting network metadata and fingerprints such as JA3 and HASSH from packet capture files (pcap) or live network traffic. The main use-case is for monitoring honeypots,...
Beagle Beagle is an incident response and digital forensics tool which transforms data sources and logs into graphs. Supported data sources include FireEye HX Triages, Windows EVTX files, SysMon logs,...
IntelMQ is a solution for IT security teams (CERTs, CSIRTs, abuse departments,…) for collecting and processing security feeds (such as log files) using a message queuing protocol. It’s a community-driven...
ExtAnalysis Browser Extension Analysis Framework With ExtAnalysis you can : Download & Analyze Extensions From: Chrome Web Store Firefox Addons Analyze Installed Extensions of: Google Chrome Mozilla Firefox Opera Browser...
ir-rescue ir-rescue is composed of two sister scripts that collect a myriad of forensic data from 32-bit and 64-bit Windows systems (ir-rescue-win) and from Unix systems (ir-rescue-nix). The scripts respect the order of volatility and artifacts that...
THRecon THRecon -Threat Hunting Reconnaissance Toolkit- A collection of PowerShell modules designed for artifact gathering and reconnaissance of Windows-based endpoints. Use cases include incident response triage, threat hunting, baseline monitoring,...
AD ACL Scanner A tool completely is written in PowerShell. A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in...
Logparser Logparser provides a toolkit and benchmarks for automated log parsing, which is a crucial step towards structured log analytics. By applying logparser, users can automatically learn event templates from...
ee-outliers ee-outliers is a framework to detect outliers in events stored in an Elasticsearch cluster. The framework was developed for the purpose of detecting anomalies in security events, however, it...
AutoTimeliner Automagically extract forensic timeline from volatile memory dumps. How it works AutoTimeline automates this workflow: Identify the correct volatility profile for the memory image. Runs the timeliner plugin against volatile memory dump...
Office365 Log Analysis Framework (OLAF) OLAF is a collection of tools, scripts, and analysis techniques dealing with O365 Investigations. This repo include OLAF – DashboardsThis folder contains Elastic dashboard(s) that...
Forensics / Information Gathering / Network PenTest
by do son · Published May 9, 2019 · Last modified January 12, 2021
netsniff-ng is a free, performant Linux network analyzer and networking toolkit. If you will, the Swiss army knife for network packets. The gain of performance is reached by built-in zero-copy...
PSWinReporting PSWinReporting is a little PowerShell module that solves the problem of monitoring and reading Windows Events. It allows you to set up monitoring of Domain Controllers (and from 2.X any other servers) for events that...
What is Logging Made Easy (LME)? Logging Made Easy is a self-install tutorial for small organizations to gain a basic level of centralized security logging for Windows clients and provide...
Support Securityonline.info site. Thanks!
