Linux

Easy-to-use live forensics toolbox for Linux endpoints with various capabilities such as process inspection, memory analysis, and YARA scanning.

A decentralized network panic button that triggers emergency system shutdowns across networked machines via UDP broadcasts and HTTP to prevent cold boot attacks.

A tool to dump login passwords from Linux desktop users, leveraging cleartext credentials in memory.

GNU/Linux Wireless distribution for security testing with XFCE desktop environment.

gVisor is a Go-based application kernel that provides enhanced container isolation by implementing Linux system calls and limiting host kernel exposure through its runsc OCI runtime.

SIFT is a digital forensics toolkit that provides installation management, task execution, and machine image building capabilities for forensic investigations on Ubuntu systems.

Porting GNU/Linux userland tools to the bionic/Linux userland of Android to provide access to the audit stream for Android applications with minimal overhead.

Comprehensive guide for Iptables configuration and firewall rules.

A tool for privilege escalation within Linux environments by targeting vulnerabilities in SUDO usage.

Margarita Shotgun is a Python tool that enables remote memory acquisition from target systems through command line interface, supporting Linux distributions and other operating systems via Docker containers.

A comprehensive guide providing step-by-step instructions for hardening GNU/Linux systems using industry standards like CIS, STIG, NIST, and PCI-DSS.

Libnids is an implementation of an E-component of Network Intrusion Detection System that emulates the IP stack of Linux 2.0.x and offers IP defragmentation, TCP stream assembly, and TCP port scan detection.

A portable Rust-based tool for acquiring volatile memory from Linux systems without requiring prior knowledge of the target OS distribution or kernel.

Linux Exploit Suggester; suggests possible exploits based on the Linux operating system release number.

A utility for recovering deleted files from ext3 or ext4 partitions.

LinuxKit is a toolkit for building custom minimal, immutable Linux distributions with secure defaults for running containerized applications like Docker and Kubernetes.

A series of vulnerable virtual machine images with documentation to teach Linux, Apache, PHP, MySQL security.

A read-only FUSE driver that enables Linux systems to mount and access Apple File System (APFS) volumes, including encrypted and fusion drives.

A command-line tool that secures shell command history by clearing sensitive commands, displaying command summaries, and providing stash functionality for presentations across multiple shell environments.

A local privilege escalation vulnerability in the Linux kernel known for its catchy name and potential damages.

Tool for deleting logs on Linux/Windows servers.

ELFcrypt encrypts ELF binaries with obfuscation and anti-debugging features to protect against reverse engineering.

A Linux exploit suggestion tool that identifies potential privilege escalation vulnerabilities by analyzing kernel versions and matching them against a database of known exploits.

A bash script for automating Linux swap analysis for post-exploitation or forensics purposes.