dismember: scan the memory of all processes
Dismember Dismember is a command-line toolkit for Linux that can be used to scan the memory of all processes (or particular ones) for common secrets and custom regular expressions, among...
Category: Forensics
shomon: Shodan Monitoring integration for TheHive
shomon ShoMon is a Shodan alert feeder for TheHive written in GoLang. With version 2.0, it is more powerful than ever! Functionalities Can be used as Webhook OR Stream listener...
systeminformer: monitor system resources, debug software and detect malware
systeminformer A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware. Brought to you by Winsider Seminars & Solutions, Inc. Features A detailed overview...
RPCMon v1.2 releases: RPC Monitor tool based on Event Tracing for Windows
RPCMon A GUI tool for scanning RPC communication through Event Tracing for Windows (ETW). The tool was published as part of research on RPC communication between the host and a...
laurel v0.5.3 releases: Transform Linux Audit logs for SIEM usage
Linux Audit – Usable, Robust, Easy Logging LAUREL is an event post-processing plugin for auditd(8) to improve its usability in modern security monitoring setups. Logs produced by the Linux Audit subsystem and auditd(8)...
dumpscan: extract and dump secrets from kernel and Windows Minidump formats
dumpscan Dumpscan is a command-line tool designed to extract and dump secrets from kernel and Windows Minidump formats. Kernel-dump parsing is provided by volatility3. Features x509 Public and Private key (PKCS #8/PKCS...
Microsoft 365 Extractor Suite: complete and reliable acquisition of the Microsoft 365 Unified Audit Log
Microsoft 365 Extractor Suite This suite of scripts contains two different scripts that can be used to acquire the Microsoft 365 Unified Audit Log Read the accompanying blog post here....
Sealighter: Easy ETW Tracing for Security Research
Sealighter – Easy ETW Tracing for Security Research Sealighter leverages the feature-rich Krabs ETW Library to enable detailed filtering and triage of ETW and WPP Providers and Events. You can subscribe and...
Hunt-Sleeping-Beacons: identify beacons
Hunt-Sleeping-Beacons The idea of this project is to identify beacons which are unpacked at runtime or running in the context of another process. To do so, I make use of...
goreplay: open-source network monitoring tool
goreplay GoReplay is an open-source network monitoring tool which can record your live traffic and use it for shadowing, load testing, monitoring, and detailed analysis. As your application grows, the...
PacketStreamer: high-performance remote packet capture and collection tool
PacketStreamer Deepfence PacketStreamer is a high-performance remote packet capture and collection tool. It is used by Deepfence’s ThreatStryker security observability platform to gather network traffic on demand from cloud workloads for forensic...
hollows_hunter v0.3.8 releases: Recognizes and dumps a variety of potentially malicious implants
hollows_hunter Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches). It is an application based on PE-sieve (a library version), so there...
LEAF: Linux Evidence Acquisition Framework
Linux Evidence Acquisition Framework (LEAF) Linux Evidence Acquisition Framework (LEAF) acquires artifacts and evidence from Linux EXT4 systems, accepting user input to customize the functionality of the tool for easier...
DDWPasteRecon: identify code leak, sensitive files, plaintext passwords, password hashes
DDWPasteRecon Pastesites are websites that allow users to share plain text through public posts called “pastes.” Once attackers compromise the external perimeter and gain access to the internal resources they...
Telegrip: provides acquistion and analysis for Telegram-related cases
Telegrip Telegrip is a GUI digital forensic tool that deals with Telegram-related cases. Telegrip provides several features: Telegrip acquires sparse images from Android devices containing the device information and all...
