Linux

LiME is a Linux Memory Extractor tool for acquiring volatile memory from Linux and Linux-based devices, including Android, with features like full memory captures and minimal process footprint.

Procmon for Linux is a reimagining of the classic Procmon tool from Windows, allowing Linux developers to trace syscall activity efficiently.

An endpoint monitoring tool for Linux and macOS that reports file, socket, and process events to Zeek.

pcapfex is a forensic tool that extracts files from packet capture data by analyzing network traffic and identifying embedded file content.

Sysmon for Linux is a tool that monitors and logs system activity with advanced filtering to identify malicious activity.

edb is a powerful debugger for Linux binaries, enhancing reverse engineering efforts with a user-friendly interface and extensible plugins.

OCyara performs OCR on images and PDF files to extract text content and scan it against Yara rules for malware detection.

Buildah is a command-line tool for building and managing container images in OCI and Docker formats without requiring a running daemon.

High interaction honeypot solution for Linux systems with data control and integrity features.

Sysdig is a universal system visibility tool that provides deep monitoring and analysis capabilities for traditional systems and containerized environments through system call tracing and network activity monitoring.

CyLR is a Live Response Collection tool for quickly and securely collecting forensic artifacts from hosts with NTFS file systems.

PhoneyC is a client-side honeypot that emulates vulnerable web browsers to detect and analyze malicious web content and browser-based exploits.

POFR is a Linux forensic data collection system that captures process execution, file access, and network activity for incident response and compliance analysis.

A tool for creating compact Linux memory dumps compatible with popular debugging tools.

OpenCanary is a multi-protocol network honeypot with low resource requirements and alerting capabilities.

A discontinued disk imaging utility originally developed by Intel that used block map files for efficient disk image copying operations.

An open-source penetration testing framework for social engineering with custom attack vectors.

DenyHosts is a script to block SSH server attacks by automatically preventing attackers after failed login attempts.

A Docker MultiStage build implementation that integrates CVE scanning into Alpine Linux container builds using Docker 17.05's build-time vulnerability assessment capabilities.

BunkerWeb is a next-generation and open-source Web Application Firewall (WAF) with seamless integration and user-friendly customization options.

Linux-based operating system intentionally vulnerable for cybersecurity practice.

A bash script that analyzes executable files to check security properties like PIE, RELRO, canaries, ASLR, and Fortify Source protections.

A comprehensive cheat sheet for Windows and Linux terminals and command lines, covering essential commands and syntax for various tasks.

CVE Ape is an open source tool that creates a local CVE database from the National Vulnerability Database for offline vulnerability searching by package name, vendor, or OS components.