86 tools and resources
Kunai is a Linux-based system monitoring tool that provides real-time monitoring and threat hunting capabilities.
A next-generation file integrity monitoring and change detection system
A comprehensive Linux log analysis tool that streamlines the investigation of security incidents by extracting and organizing critical details from supported log files.
A collection of YARA rules for Windows, Linux, and Other threats.
An article in Phrack Magazine discussing the creation of shellcode for StrongARM/Linux architecture.
Scripts to automate the process of enumerating a Linux system through a Local File Inclusion (LFI) vulnerability.
A comprehensive guide to hardening OpenLDAP on Linux using AppArmor and systemd, providing a defense in depth approach to securing LDAP deployments.
Linux privilege escalation auditing tool for detecting security deficiencies in Linux kernels.
Modular Threat Hunting Tool & Framework
Drltrace is a dynamic API calls tracer for Windows and Linux applications.
The best security training environment for Developers and AppSec Professionals.
Open source application for retrieving passwords stored on a local computer with support for various software and platforms.
An anti-forensic Linux Kernel Module kill-switch for USB ports.
Instructions for setting up SIREN, including downloading Linux dependencies, cloning the repository, setting up virtual environment, installing pip requirements, running SIREN, setting up Snort on Pi, and MySQL setup.
A comprehensive guide for using Docker with detailed information on prerequisites, installation, containers, images, networks, and more.
A cheatsheet for understanding privilege escalation with examples, not for enumeration using Linux Commands.
Makes output from the tcpdump program easier to read and parse.
A forensics tool for tracking USB device artifacts on Linux machines.
Easy-to-use live forensics toolbox for Linux endpoints with various capabilities such as process inspection, memory analysis, and YARA scanning.
A tool to dump login passwords from Linux desktop users, leveraging cleartext credentials in memory.
GNU/Linux Wireless distribution for security testing with XFCE desktop environment.
gVisor is an application kernel that provides isolation for running sandboxed containers.
Porting GNU/Linux userland tools to the bionic/Linux userland of Android to provide access to the audit stream for Android applications with minimal overhead.
Comprehensive guide for Iptables configuration and firewall rules.
A tool for privilege escalation within Linux environments by targeting vulnerabilities in SUDO usage.
Python tool for remote memory acquisition
A comprehensive guide for hardening GNU/Linux systems with practical step-by-step instructions.
Libnids is an implementation of an E-component of Network Intrusion Detection System that emulates the IP stack of Linux 2.0.x and offers IP defragmentation, TCP stream assembly, and TCP port scan detection.
A portable volatile memory acquisition tool for Linux.
Linux Exploit Suggester; suggests possible exploits based on the Linux operating system release number.
A utility for recovering deleted files from ext3 or ext4 partitions.
Toolkit for building custom minimal, immutable Linux distributions with secure defaults.
A series of vulnerable virtual machine images with documentation to teach Linux, Apache, PHP, MySQL security.
A local privilege escalation vulnerability in the Linux kernel known for its catchy name and potential damages.
Tool for deleting logs on Linux/Windows servers.
Next-generation Linux exploit suggester with improved features for finding privilege escalation vulnerabilities.
A bash script for automating Linux swap analysis for post-exploitation or forensics purposes.
Cilium is a networking, observability, and security solution with an eBPF-based dataplane.
A wrapper around jNetPcap for packet capturing with Clojure, available for Linux and Windows.
HoneyDrive is the premier honeypot Linux distro with over 10 pre-installed honeypot software packages and numerous analysis tools.
A daemon for blocking USB keystroke injection devices on Linux systems
OpenRASP directly integrates its protection engine into the application server by instrumentation, providing context-aware protection and detailed stack trace logging.
Cutting-edge technology for developing security applications within the Linux kernel.
A KDE Plasma 4 widget that displays real-time traffic information for active network connections on Linux computers.
A combination of honeypot, monitoring tool, and alerting system for detecting insecure configurations.
Set up your own IPsec VPN server in just a few minutes with IPsec/L2TP, Cisco IPsec, and IKEv2.
LinEnum is a tool for Linux enumeration that provides detailed system information and performs various checks and tasks.
An alternative to the auditd daemon with goals of safety, speed, JSON output, and pluggable pipelines connecting to the Linux kernel via netlink.
A comprehensive auditd configuration for Linux systems following best practices.
A simple IOC scanner bash script for Linux/Unix/OSX systems
A website for information on Linux and BSD distributions.
Taxii2 server for interacting with taxii services.
A guide on basic Linux privilege escalation techniques including enumeration, data analysis, exploit customization, and trial and error.
LiME is a Linux Memory Extractor tool for acquiring volatile memory from Linux and Linux-based devices, including Android, with features like full memory captures and minimal process footprint.
Procmon for Linux is a reimagining of the classic Procmon tool from Windows, allowing Linux developers to trace syscall activity efficiently.
An endpoint monitoring tool for Linux and macOS that reports file, socket, and process events to Zeek.
Sysmon for Linux is a tool that monitors and logs system activity with advanced filtering to identify malicious activity.
edb is a powerful debugger for Linux binaries, enhancing reverse engineering efforts with a user-friendly interface and extensible plugins.
High interaction honeypot solution for Linux systems with data control and integrity features.
CyLR is a Live Response Collection tool for quickly and securely collecting forensic artifacts from hosts with NTFS file systems.
Collects and organizes Linux OS data for detailed analysis and incident response.
A tool for creating compact Linux memory dumps compatible with popular debugging tools.
OpenCanary is a multi-protocol network honeypot with low resource requirements and alerting capabilities.
An open-source penetration testing framework for social engineering with custom attack vectors.
DenyHosts is a script to block SSH server attacks by automatically preventing attackers after failed login attempts.
BunkerWeb is a next-generation and open-source Web Application Firewall (WAF) with seamless integration and user-friendly customization options.
Linux-based operating system intentionally vulnerable for cybersecurity practice.
A comprehensive cheat sheet for Windows and Linux terminals and command lines, covering essential commands and syntax for various tasks.
A tool to locally check for signs of a rootkit with various checks and tests.
A library and tools for accessing and analyzing Linux Logical Volume Manager (LVM) volume system format.
A comprehensive cheat sheet for accessing Windows systems from Linux hosts using smbclient and rpcclient tools, covering password management, user and group enumeration, and more.
A javascript malware analysis tool with backend code execution.
A collection of utilities for working with USB devices on Linux
Uploader honeypot designed to look like poor website security.
A workshop offering resources for local privilege escalation on Windows and Linux systems.
A Cross-Platform Forensic Framework for Google Chrome that allows investigation of history, downloads, bookmarks, cookies, and provides a full report.
Semi-tethered jailbreak for iPhone 5s to iPhone X, running iOS 12.0 and up, using the 'checkm8' bootrom exploit.
CredStash is a tool for managing and securely storing credentials.
Falco is a cloud native runtime security tool for Linux operating systems that detects and alerts on abnormal behavior and potential security threats in real-time.
A simpler version of a honeypot that looks for connections from external parties and performs a specific action, usually blacklisting.
Vulnerability scanner for Linux/FreeBSD, written in Go, agent-less, informs users of vulnerabilities related to the system and affected servers.
Guidance on securing NFS in Red Hat Enterprise Linux 7
An evolving how-to guide for securing a Linux server with detailed steps and explanations.
Honeypot for Telnet service with configurable settings.
Python tool for remotely or locally dumping RAM of a Linux client for digital forensics analysis.
OpenSnitch is a GNU/Linux application firewall with interactive outbound connections filtering and system-wide domain blocking capabilities.
