python-oletools oletools is a package of python tools to analyze Microsoft OLE2 files (also called Structured Storage, Compound File Binary Format, or Compound Document File Format), such as Microsoft Office documents or Outlook messages, mainly for...
ExtAnalysis Browser Extension Analysis Framework With ExtAnalysis you can : Download & Analyze Extensions From: Chrome Web Store Firefox Addons Analyze Installed Extensions of: Google Chrome Mozilla Firefox Opera Browser (Coming Soon) Upload and...
ir-rescue ir-rescue is composed of two sister scripts that collect a myriad of forensic data from 32-bit and 64-bit Windows systems (ir-rescue-win) and from Unix systems (ir-rescue-nix). The scripts respect the order of volatility and artifacts that are charged with the...
THRecon THRecon -Threat Hunting Reconnaissance Toolkit- A collection of PowerShell modules designed for artifact gathering and reconnaissance of Windows-based endpoints. Use cases include incident response triage, threat hunting, baseline monitoring, snapshot comparisons, and more....
AD ACL Scanner A tool completely is written in PowerShell. A tool with GUI used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory. Features It...
Logparser Logparser provides a toolkit and benchmarks for automated log parsing, which is a crucial step towards structured log analytics. By applying logparser, users can automatically learn event templates from unstructured logs and convert...
ee-outliers ee-outliers is a framework to detect outliers in events stored in an Elasticsearch cluster. The framework was developed for the purpose of detecting anomalies in security events, however, it could just as well...
AutoTimeliner Automagically extract forensic timeline from volatile memory dumps. How it works AutoTimeline automates this workflow: Identify the correct volatility profile for the memory image. Runs the timeliner plugin against volatile memory dump using volatility. Runs the mftparser volatility...
Office365 Log Analysis Framework (OLAF) OLAF is a collection of tools, scripts, and analysis techniques dealing with O365 Investigations. This repo include OLAF – DashboardsThis folder contains Elastic dashboard(s) that can be used for...
Forensics / Information Gathering / Network PenTest
by do son · Published May 9, 2019 · Last modified January 12, 2021
netsniff-ng is a free, performant Linux network analyzer and networking toolkit. If you will, the Swiss army knife for network packets. The gain of performance is reached by built-in zero-copy mechanisms, so that on...
PSWinReporting PSWinReporting is a little PowerShell module that solves the problem of monitoring and reading Windows Events. It allows you to set up monitoring of Domain Controllers (and from 2.X any other servers) for events that happen on them. By...
What is Logging Made Easy (LME)? Logging Made Easy is a self-install tutorial for small organizations to gain a basic level of centralized security logging for Windows clients and provide the functionality to detect...
LiMEaide LiMEaide is a python application designed to remotely dump RAM on a Linux client and create a volatility profile for later analysis on your localhost. I hope that this will simplify Linux digital...
logdissect Logdissect is a CLI utility and Python library for analyzing log files and other data. It can parse, merge, filter, and export data (to log files, or JSON). Installing sudo pip install logdissect...
Whatsapp Parser Toolset Updated: May 2022 WhatsApp Messenger Version 2.21.9.14 Whapa is a set of graphical forensic tools to analyze WhatsApp from Android and soon iOS devices. All the tools have been written in...
Secure Your Connection
