Sloth v3.2 releases: shows all open files and sockets in use
Sloth Sloth is a Mac application that displays all open files and sockets in use by all running applications on your system. This makes it easy to inspect which apps...
Category: Forensics
CyLR v2.2 releases: Live Response Collection
CyLR What is CyLR? The CyLR tool collects forensic artefacts from hosts with NTFS file systems quickly, securely and minimizes impact to the host. The main features are: Quick collection...
mXtract v1.1 releases: Memory Extractor & Analyzer
mXtract An open source Linux based tool that analyzes and dumps memory. It is developed as an offensive penetration testing tool, which is used to scan memory for private keys,...
awslog v0.1.6 releases: Show the history and changes between configuration versions of AWS resources
awslog Show the history and changes between configuration versions of AWS resources Uses AWS Config to fetch the configuration history of resources, only works on resources supported by AWS Config Changelog...
spamscope v2.8.1 release: Fast Advanced Spam Analysis Tool
SpamScope is an advanced spam analysis tool that uses Apache Storm with streamparse to process a stream of mails. It’s possible to analyze more than 5 millions of mails (without attachments post processors) for...
CDIR v1.3.6 releases: Cyber Defense Institute Incident Response
CDIR (Cyber Defense Institute Incident Response) Collector – live collection tool based on oss tool/library cdir-collector is a collection tool for first responders. it collects the following data on Windows....
DARKSURGEON: Windows packer project to empower incident response, digital forensics, malware analysis, and network defense
DARKSURGEON is a Windows packer project to empower incident response, digital forensics, malware analysis, and network defense. DARKSURGEON has three stated goals: Accelerate incident response, digital forensics, malware analysis, and...
django-admin-honeypot: A fake Django admin login screen page
django-admin-honeypot django-admin-honeypot is a fake Django admin login screen to log and notify admins of attempted unauthorized access. This app was inspired by a discussion in and around Paul McMillan’s security...
PcapViz: Visualize network topologies & collect graph statistics based on pcap files
PcapViz PcapViz visualizes network topologies and provides graph statistics based on pcap files. It should be possible to determine key topological nodes or data exfiltration attempts more easily. Features Draw...
nightHawkResponse: Incident Response Forensic Framework
nightHawk Response Custom built an application for asynchronus forensic data presentation on an Elasticsearch backend. This application is designed to ingest a Mandiant Redline “collections” file and give flexibility in...
joincap v0.10.2 releases: Merge multiple pcap files together
joincap Merge multiple pcap files together, gracefully. Why? I believe skipping corrupt packets is better than failing the entire merge job. When using tcpslice ormergecap sometimes pcapfix is needed to fix bad input pcap files....
linux explorer: live forensics toolbox for Linux endpoints
Linux Explorer Easy-to-use live forensics toolbox for Linux endpoints written in Python & Flask. Capabilities ps View full process list Inspect process memory map & fetch memory strings easily Dump...
chkrootkit v0.53 releases: detection rootkits & malware on Linux
Although the Linux system can be protected from the spread of most malware, it is not absolutely safe. If your data center erected a Linux server, especially the Web server,...
honeytrap: Advanced Honeypot framework
Honeytrap Honeytrap is a modular framework for running, monitoring and managing honeypots. Using Honeytrap you can use sensors, high interaction and low interaction honeypots together, while still using the same...
logtrail v0.1.31 releases: Kibana plugin to view, search & live tail log events
LogTrail – Log Viewer plugin for Kibana LogTrail is a plugin for Kibana to view, analyze, search and tail log events from multiple hosts in real-time with devops friendly interface...
