Free Cybersecurity Tools

A PowerShell script to interact with the MITRE ATT&CK Framework via its own API using the deprecated MediaWiki API.

A Python script for scanning data within an IDB using Yara

Accessing databases stored on a machine by the Chrome browser and dumping URLs found.

YARA-Endpoint is a client-server architecture tool that can be used for endpoint protection and incident response.

Python 3 tool for parsing Yara rules with ongoing development.

A library for generating random numbers and strings of various strengths, useful in security contexts.

cowrie2neo parses Cowrie honeypot logs and imports the data into Neo4j databases for graph-based analysis and visualization of honeypot interactions.

Apache Metron is a centralized tool for security monitoring and analysis that integrates various open-source big data technologies.

Python utility for testing the existence of domain names under different TLDs to find malicious subdomains.

A library of event-based analytics written in EQL to detect adversary behaviors identified in MITRE ATT&CK, providing detection rules for the Elastic Stack.

A low interaction honeypot to detect CVE-2018-2636 in Oracle Hospitality Applications.

A process scanning tool that detects and dumps malicious implants, shellcodes, hooks, and memory patches in running processes.

A Python utility that identifies and exploits domains vulnerable to AWS name server takeover attacks by detecting misconfigured DNS settings.

Investigate malicious logons by visualizing and analyzing Windows Active Directory event logs with LogonTracer.

A library for read-only access to QEMU Copy-On-Write (QCOW) image files, supporting multiple versions and compression formats for digital forensics analysis.

Automated Mac Forensic Triage Collector

A repository of Yara signatures under the GNU-GPLv2 license for the cybersecurity community.

Static security code scanner (SAST) for Node.js applications with Docker support and integrations with Slack.

A plugin for viewing, detecting weak configurations, and generating Content Security Policy headers.

RetDec is an LLVM-based decompiler that converts machine code from various architectures and file formats back into readable C-like source code for reverse engineering and malware analysis.

A community repository of custom AWS Config rules for evaluating AWS resource configurations against compliance and security standards.

NECOMA focuses on data collection, threat analysis, and developing new cyberdefense mechanisms to protect infrastructure and endpoints.

Assembler/disassembler for the dex format used by Dalvik, Android's Java VM implementation.

A lightweight web security auditing toolkit that simplifies security tasks and enhances productivity.