LiMEaide v2.0.1 releases: remotely dump RAM of a Linux client
LiMEaide LiMEaide is a python application designed to remotely dump RAM on a Linux client and create a volatility profile for later analysis on your localhost. I hope that this...
Category: Forensics
logdissect: CLI utility and Python API for analyzing log files and other data
logdissect Logdissect is a CLI utility and Python library for analyzing log files and other data. It can parse, merge, filter, and export data (to log files, or JSON). Installing...
whapa v1.58 releases: WhatsApp Parser Toolset
Whatsapp Parser Toolset Updated: May 2022 WhatsApp Messenger Version 2.21.9.14 Whapa is a set of graphical forensic tools to analyze WhatsApp from Android and soon iOS devices. All the tools...
modDetective: investigate recent system activity tool
modDetective modDetective is a small Python tool that chronologizes files based on modification time in order to investigate recent system activity. This can be used in red team engagements and...
CDQR v20191226 releases: Cold Disk Quick Response tool
What is CDQR? The CDQR tool uses Plaso to parse disk images with specific parsers and create easy to analyze custom reports. The parsers were chosen based on triaging best...
Xplico: network traffic monitoring tools
Xplico Xplico is a Network Forensic Analysis Tool (NFAT). The goal of Xplico is extracted from internet traffic to capture the data of the application contained. For example, from a...
Real-time detection of high-risk attacks leveraging Kerberos and SMB
Real-time detection of high-risk attacks leveraging Kerberos and SMB This is a real-time detection tool for detecting an attack against Active Directory. The tools are the improved version of the...
heralding v1.0.7 releases: Credentials catching honeypot
Heralding Sometimes you just want a simple honeypot that collects credentials, nothing more. Heralding is that honeypot! Currently, the following protocols are supported: ftp, telnet, ssh, http, https, pop3, pop3s,...
dfirtrack v2.5 releases: The Incident Response Tracking Application
DFIRTrack DFIRTrack (Digital Forensics and Incident Response Tracking application) is an open-source web application mainly based on Django using a PostgreSQL database backend. In contrast to other great incident response tools, which are...
streamalert v3.5 releases: Serverless, Realtime Data Analysis Framework
StreamAlert is a serverless, real-time data analysis framework which empowers you to ingest, analyze, and alert on data from any environment, using datasources and alerting logic you define. Benefits As...
LogESP: Open Source Security Information and Event Management system
LogESP LogESP is a SIEM (Security Information and Event Management system) written in Python Django. It features a web frontend and handles log management and forensics, risk management, and asset...
pcap_ioc: Python library to extract potential IOCs from a pcap file
pcap-ioc Python tool to extract potential IOCs from a pcap file using pyshark List of IOCs extracted : IP addresses from IP packets Domains and IP addresses from DNS requests Domains,...
cowrie v2.5 releases: Cowrie SSH/Telnet Honeypot
What is Cowrie Cowrie is a medium interaction SSH and Telnet honeypot designed to log brute force attacks and the shell interaction performed by the attacker. Cowrie is developed by Michel...
Root The Box: A Game of Hackers (CTF Scoreboard & Game Manager)
>_ Root the Box Root the Box is a real-time capture the flag (CTF) scoring engine for computer wargames where hackers can practice and learn. The application can be easily...
psad: Intrusion Detection and Log Analysis with iptables
psad – Intrusion Detection with iptables Logs Introduction The Port Scan Attack Detector psad is a lightweight system daemon written in is designed to work with Linux iptables/ip6tabfirewallalld firewalling code to detect...
