OSXAuditor: free Mac OS X computer forensics tool
OS X Auditor OS X Auditor is a free Mac OS X computer forensics tool. OS X Auditor parses and hashes the following artifacts on the running system or a...
Category: Forensics
socksmon: Monitor arbitrary TCP traffic using your HTTP interception proxy of choice
socksmon Monitor arbitrary TCP traffic using your HTTP interception proxy of choice What is socksmon? socksmon is a SOCKSv4 server based on Twisted, that tunnels incoming TCP traffic through an...
ssh-honeypot: Fake sshd that logs ip addresses, usernames, and passwords.
SSH Honeypot This program listens for incoming ssh connections and logs the ip address, username, and password used. This was written to gather rudimentary intelligence on brute force attacks. Installation...
SSMA – Simple Static Malware Analyzer
SSMA SSMA is a simple malware analyzer written in Python 3. Features: Analyze PE file’s header and sections (number of sections, entropy of sections/PE file, suspicious section names, suspicious flags...
WINspect: Powershell-based Windows Security Auditing Toolbox
WINspect is part of a larger project for auditing different areas of Windows environments. It focuses on enumerating different parts of a Windows machine to identify security weaknesses and point...
bulk-extractor: computer forensics tool
bulk_extractor is a program that extracts functions such as e-mail addresses, credit card numbers, URLs, and other types of information from digital evidence files. It is a useful forensic survey tool...
[Forensics] NorkNork: Powershell Empire Persistence finder
NorkNork – Tool for identifying Empire persistence payloads This script was designed to identify Powershell Empire persistence payloads on Windows systems. It currently supports checks for these persistence methods: Scheduled...
MARA_Framework: Mobile Application Reverse engineering and Analysis Framework
MARA_Framework MARA is a Mobile Application Reverse engineering and Analysis Framework. It is a tool that puts together commonly used mobile application reverse engineering and analysis tools, to assist in...
TCPDUMP 4.9.3 release: Fix buffer overflow/overread vulnerabilities
TCPDUMP can be the network to send the packet “header” completely intercepted to provide analysis. It supports filtering for network layers, protocols, hosts, networks, or ports, and provides logical statements...
CapTipper: Malicious HTTP traffic explorer
CapTipper is a python tool to analyze, explore and revive HTTP malicious traffic. CapTipper sets up a web server that acts exactly as the server in the PCAP file, and...
wetland: A high interaction SSH honeypot
Wetland Wetland is a high interaction SSH honeypot,designed to log brute force attacks.What’s more, wetland will log shell、scp、sftp、exec-command、direct-forward、reverse-forward interation performded by the attacker. Wetland is based on python ssh module paramiko....
swap_digger: automate Linux swap analysis
swap_digger swap_digger is a bash script used to automate Linux swap analysis for post-exploitation or forensic purpose. It automates swap extraction and searches for Linux user credentials, Web form credentials,...
Salamandra: Spy Microphone Detection Tool
Salamandra Spy Microphone Detection Tool Salamandra is a tool to detect and locate spy microphones in closed environments. It find microphones based on the strength of the signal sent by the microphone...
Quincy: Detecting Host-Based Code Injection Attacks in Memory Dumps
General Quincy is a memory forensic tool that detects Host-Based Code Injection Attacks (HBCIAs) in memory dumps. This is the prototpye implementation of Quincy referenced in the paper “Quincy: Detecting...
WMI_Forensics: find evidence in WMI repositories
WMI_Forensics This repository contains scripts used to find evidence in WMI repositories, specifically OBJECTS.DATA files located at: C:\WINDOWS\system32\wbem\Repository\OBJECTS.DATA C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Download CCM_RUA_Finder.py CCM_RUA_finder.py extracts SCCM software metering RecentlyUsedApplication logs from OBJECTS.DATA...
