Python
Explore 237 curated tools and resources
Search by name, description, or purpose... (⌘+K)
PINNED
Promoted • 4 toolsCommercial
Data Protection
Commercial
Network Security
Commercial
Consulting
Commercial
Vulnerability Management
Want your tool featured here?
Get maximum visibility with pinned placement
LATEST ADDITIONS
An open-source incident response case management tool that provides visualization, threat intelligence lookups, and security framework mapping in a unified workspace.
An open-source incident response case management tool that provides visualization, threat intelligence lookups, and security framework mapping in a unified workspace.
A Python script that scans file systems to identify hardcoded credentials, API keys, and other sensitive secrets using configurable regex patterns.
A Python script that scans file systems to identify hardcoded credentials, API keys, and other sensitive secrets using configurable regex patterns.
A low-interaction honeypot that simulates network services to detect and monitor potential intrusion attempts on internal networks.
A low-interaction honeypot that simulates network services to detect and monitor potential intrusion attempts on internal networks.
An AI-powered wrapper for ffuf that automatically suggests relevant file extensions for web fuzzing based on target URL analysis and response headers.
An AI-powered wrapper for ffuf that automatically suggests relevant file extensions for web fuzzing based on target URL analysis and response headers.
A reverse engineering framework with a focus on usability and code cleanliness
A reverse engineering framework with a focus on usability and code cleanliness
A Python library for working with network protocols
A Python-based tool that automates the identification and exploitation of file inclusion and directory traversal vulnerabilities in web applications.
A Python-based tool that automates the identification and exploitation of file inclusion and directory traversal vulnerabilities in web applications.
A Python tool that tests multiple AWS S3 buckets for security misconfigurations including directory listing and upload permissions.
A Python tool that tests multiple AWS S3 buckets for security misconfigurations including directory listing and upload permissions.
BlackWidow is a Python-based web application scanner that combines OSINT gathering with automated fuzzing to identify OWASP vulnerabilities in target websites.
BlackWidow is a Python-based web application scanner that combines OSINT gathering with automated fuzzing to identify OWASP vulnerabilities in target websites.
A Python API client for BuiltWith that enables programmatic access to website technology profiling and reconnaissance data.
A Python API client for BuiltWith that enables programmatic access to website technology profiling and reconnaissance data.
A tool for bruteforcing subdomains of a given domain
Femida is a Python automation tool that integrates with Burp Suite to detect blind XSS vulnerabilities in web applications through HTTP request analysis.
Femida is a Python automation tool that integrates with Burp Suite to detect blind XSS vulnerabilities in web applications through HTTP request analysis.
A pre-commit security tool that scans source code repositories to detect and prevent secrets like API keys, passwords, and credentials from being committed to version control systems.
A pre-commit security tool that scans source code repositories to detect and prevent secrets like API keys, passwords, and credentials from being committed to version control systems.
A tool to declutter URL lists for crawling and pentesting
A Python library that simplifies testing and exploiting race conditions in web applications using concurrent HTTP requests.
A Python library that simplifies testing and exploiting race conditions in web applications using concurrent HTTP requests.
A command line utility for searching and downloading exploits from multiple exploit databases including Exploit-DB and Packet Storm.
A command line utility for searching and downloading exploits from multiple exploit databases including Exploit-DB and Packet Storm.
TrailScraper is a command-line tool for extracting information from AWS CloudTrail logs and generating IAM policies based on actual API usage patterns.
TrailScraper is a command-line tool for extracting information from AWS CloudTrail logs and generating IAM policies based on actual API usage patterns.
VMCloak is a tool for creating and preparing Virtual Machines for Cuckoo Sandbox.
VMCloak is a tool for creating and preparing Virtual Machines for Cuckoo Sandbox.
A conference featuring talks and workshops on various Python-related topics.
A conference featuring talks and workshops on various Python-related topics.
NFStream is a multiplatform Python framework for network flow data analysis with a focus on speed and flexibility.
NFStream is a multiplatform Python framework for network flow data analysis with a focus on speed and flexibility.
A Python module for orchestrating remote forensic data acquisition and analysis from Linux instances using Amazon SSM.
A Python module for orchestrating remote forensic data acquisition and analysis from Linux instances using Amazon SSM.
IronBee is an open source web application security sensor framework that provides detection and prevention capabilities for web application vulnerabilities.
IronBee is an open source web application security sensor framework that provides detection and prevention capabilities for web application vulnerabilities.
Dynamic binary analysis library with various analysis and emulation capabilities.
Dynamic binary analysis library with various analysis and emulation capabilities.
A Python tool that mines URLs from web archives to assist security researchers in discovering potential attack surfaces for bug hunting and vulnerability assessment.
A Python tool that mines URLs from web archives to assist security researchers in discovering potential attack surfaces for bug hunting and vulnerability assessment.
A Python-based tool for external attack surface discovery and reconnaissance across large-scale networks, focusing on IP address and subdomain enumeration.
A Python-based tool for external attack surface discovery and reconnaissance across large-scale networks, focusing on IP address and subdomain enumeration.
Access Undenied on AWS analyzes CloudTrail AccessDenied events to explain access denial reasons and provide least-privilege remediation suggestions.
Access Undenied on AWS analyzes CloudTrail AccessDenied events to explain access denial reasons and provide least-privilege remediation suggestions.
mkCTF is a framework for creating and managing jeopardy-style CTF challenges with configurable structure and automated deployment capabilities.
mkCTF is a framework for creating and managing jeopardy-style CTF challenges with configurable structure and automated deployment capabilities.
ALEAPP is a Python-based forensic tool for parsing Android logs, events, and protobuf data with both CLI and GUI interfaces.
ALEAPP is a Python-based forensic tool for parsing Android logs, events, and protobuf data with both CLI and GUI interfaces.
A command-line tool that shows configuration history and changes of AWS resources using AWS Config service.
A command-line tool that shows configuration history and changes of AWS resources using AWS Config service.
A Scriptable Android Debugger for reverse engineers and developers.
YLS Language Server for YARA Language with comprehensive features and Python 3.8 support.
YLS Language Server for YARA Language with comprehensive features and Python 3.8 support.
RegRippy is a modern Python 3 alternative to RegRipper for extracting data from Windows registry hives.
mac_apt is a versatile DFIR tool for processing Mac and iOS images, offering extensive artifact extraction capabilities and cross-platform support.
mac_apt is a versatile DFIR tool for processing Mac and iOS images, offering extensive artifact extraction capabilities and cross-platform support.
Django based web application for network traffic analysis with protocol handling capabilities.
Django based web application for network traffic analysis with protocol handling capabilities.
An IDAPython script that generates YARA rules for basic blocks of the current function in IDA Pro, with automatic masking of relocation bytes and optional validation against file segments.
An IDAPython script that generates YARA rules for basic blocks of the current function in IDA Pro, with automatic masking of relocation bytes and optional validation against file segments.
A Python script that inventories and lists main AWS account resources to provide visibility into cloud infrastructure components that may impact billing or security.
A Python script that inventories and lists main AWS account resources to provide visibility into cloud infrastructure components that may impact billing or security.
PyBOF is a Python library that enables in-memory loading and execution of Beacon Object Files (BOFs) with support for argument passing and function targeting.
PyBOF is a Python library that enables in-memory loading and execution of Beacon Object Files (BOFs) with support for argument passing and function targeting.
aws-gate is a tool that enables secure connections to AWS EC2 instances through AWS Systems Manager Session Manager without requiring SSH keys or direct network access.
aws-gate is a tool that enables secure connections to AWS EC2 instances through AWS Systems Manager Session Manager without requiring SSH keys or direct network access.
AMDH is a Python3 Android security tool that automates mobile device hardening through malware detection, privacy protection, CIS benchmark compliance, and application security analysis.
AMDH is a Python3 Android security tool that automates mobile device hardening through malware detection, privacy protection, CIS benchmark compliance, and application security analysis.
Modular Threat Hunting Tool & Framework
A low-interaction honeypot that uses Dionaea as its core, providing a simple and easy-to-use interface for setting up and managing honeypots.
A Bluetooth 5 and 4.x sniffer using TI CC1352/CC26x2 hardware with advanced features and Python-based host-side software.
A Python-based red team toolkit that leverages AWS boto3 SDK to perform offensive operations including credential extraction and file exfiltration from EC2 instances.
A Python-based red team toolkit that leverages AWS boto3 SDK to perform offensive operations including credential extraction and file exfiltration from EC2 instances.
A Python library that provides an interface to query ThreatCrowd's API for threat intelligence data including email, IP, domain, and antivirus reports with built-in caching capabilities.
A Python library that provides an interface to query ThreatCrowd's API for threat intelligence data including email, IP, domain, and antivirus reports with built-in caching capabilities.
Unfurl is a URL analysis tool that extracts and visualizes data from URLs, breaking them down into components and presenting the information visually.
GridPot is a honeypot framework that combines GridLAB-D, Conpot, and libiec61850 to simulate industrial control systems and detect attacks on power grid infrastructure.
An unofficial Python API that enables programmatic searching, browsing, and downloading of Android apps from Google Play Store.
An unofficial Python API that enables programmatic searching, browsing, and downloading of Android apps from Google Play Store.
Incident response framework focused on remote live forensics
Incident response framework focused on remote live forensics
A semi-automatic tool to generate YARA rules from virus samples.
A semi-automatic tool to generate YARA rules from virus samples.
A Python framework for building custom Command and Control interfaces that implements Cobalt Strike's External C2 specification for data transfer between frameworks.
A Python framework for building custom Command and Control interfaces that implements Cobalt Strike's External C2 specification for data transfer between frameworks.
angr is a Python-based binary analysis framework that provides disassembly, symbolic execution, and program analysis capabilities for cross-platform binary examination.
angr is a Python-based binary analysis framework that provides disassembly, symbolic execution, and program analysis capabilities for cross-platform binary examination.
A free book providing design and implementation guidelines for writing secure programs in various languages.
A free book providing design and implementation guidelines for writing secure programs in various languages.
A post-exploitation framework for attacking AWS infrastructure, enabling attacks on EC2 instances without SSH keypairs and extraction of AWS secrets and parameters.
A post-exploitation framework for attacking AWS infrastructure, enabling attacks on EC2 instances without SSH keypairs and extraction of AWS secrets and parameters.
A Python tool that uses AWS Cloud Control API to enumerate and catalog AWS resources across specified accounts and regions, outputting results in JSON format.
A Python tool that uses AWS Cloud Control API to enumerate and catalog AWS resources across specified accounts and regions, outputting results in JSON format.
Open source application for retrieving passwords stored on a local computer with support for various software and platforms.
Open source application for retrieving passwords stored on a local computer with support for various software and platforms.
ISF (Industrial Exploitation Framework) - An exploitation framework for industrial systems with various ICS protocol clients and exploit modules.
ISF (Industrial Exploitation Framework) - An exploitation framework for industrial systems with various ICS protocol clients and exploit modules.
A Python library that simplifies format string vulnerability exploitation by providing tools for payload generation, memory manipulation, and automated parameter detection.
A Python library that simplifies format string vulnerability exploitation by providing tools for payload generation, memory manipulation, and automated parameter detection.
Watchmen is a framework that centralizes AWS Config rule lambda functions into a single account for streamlined compliance management and automation.
Watchmen is a framework that centralizes AWS Config rule lambda functions into a single account for streamlined compliance management and automation.
A tool for signature analysis of RTF files to detect potentially unique parts and malicious documents.
A tool for signature analysis of RTF files to detect potentially unique parts and malicious documents.
Modular honeypot based on Python with support for Siemens S7 protocol.
ZAT is a Python package that processes and analyzes Zeek network security data using machine learning libraries like Pandas, scikit-learn, Kafka, and Spark.
ZAT is a Python package that processes and analyzes Zeek network security data using machine learning libraries like Pandas, scikit-learn, Kafka, and Spark.
A web-based tool that scrapes and organizes CTF writeups from ctftime.org with prioritization features and a local database for easy access.
A web-based tool that scrapes and organizes CTF writeups from ctftime.org with prioritization features and a local database for easy access.
Instructions for setting up SIREN, including downloading Linux dependencies, cloning the repository, setting up virtual environment, installing pip requirements, running SIREN, setting up Snort on Pi, and MySQL setup.
A Python-based command-line tool that scans websites for CORS misconfigurations by analyzing HTTP response headers to identify potential security vulnerabilities.
A Python-based command-line tool that scans websites for CORS misconfigurations by analyzing HTTP response headers to identify potential security vulnerabilities.
Ghidra is an NSA-developed software reverse engineering framework that provides disassembly, decompilation, and analysis tools for examining compiled code across multiple platforms and processor architectures.
Ghidra is an NSA-developed software reverse engineering framework that provides disassembly, decompilation, and analysis tools for examining compiled code across multiple platforms and processor architectures.
Python script to parse the NTFS USN Change Journal.
An IOC tracker written in Python that queries Google Custom Search Engines for various cybersecurity indicators and monitors domain status using Google Safe Browsing APIs.
An IOC tracker written in Python that queries Google Custom Search Engines for various cybersecurity indicators and monitors domain status using Google Safe Browsing APIs.
A tool that removes Exif metadata from images stored in AWS S3 buckets to protect privacy and eliminate sensitive embedded information.
A tool that removes Exif metadata from images stored in AWS S3 buckets to protect privacy and eliminate sensitive embedded information.
A multi-account AWS security tool that identifies misconfigurations, provides real-time reporting, and performs automated remediation to establish secure cloud guardrails.
A multi-account AWS security tool that identifies misconfigurations, provides real-time reporting, and performs automated remediation to establish secure cloud guardrails.
An open-source dynamic analysis framework that intercepts and monitors API calls in Android applications using the Android Substrate framework.
An open-source dynamic analysis framework that intercepts and monitors API calls in Android applications using the Android Substrate framework.
TANNER is a remote data analysis service that evaluates HTTP requests and generates responses for SNARE honeypots while emulating application vulnerabilities.
Binwalk is a firmware analysis tool that enables reverse engineering and extraction of embedded file systems and archives from firmware images.
Binwalk is a firmware analysis tool that enables reverse engineering and extraction of embedded file systems and archives from firmware images.
A Python-based framework that generates evidence of MITRE ATT&CK tactics to help blue teams test their detection capabilities against simulated malicious activities.
A Python-based framework that generates evidence of MITRE ATT&CK tactics to help blue teams test their detection capabilities against simulated malicious activities.
PyIOCe is a Python-based OpenIOC editor that enables security professionals to create, edit, and manage Indicators of Compromise for threat intelligence and incident response operations.
PyIOCe is a Python-based OpenIOC editor that enables security professionals to create, edit, and manage Indicators of Compromise for threat intelligence and incident response operations.
Easy-to-use live forensics toolbox for Linux endpoints with various capabilities such as process inspection, memory analysis, and YARA scanning.
Easy-to-use live forensics toolbox for Linux endpoints with various capabilities such as process inspection, memory analysis, and YARA scanning.
A decentralized network panic button that triggers emergency system shutdowns across networked machines via UDP broadcasts and HTTP to prevent cold boot attacks.
A decentralized network panic button that triggers emergency system shutdowns across networked machines via UDP broadcasts and HTTP to prevent cold boot attacks.
NightShade is a Django-based capture the flag framework that enables organizations to create and manage cybersecurity competitions with support for multiple contest formats and multi-tenant architecture.
NightShade is a Django-based capture the flag framework that enables organizations to create and manage cybersecurity competitions with support for multiple contest formats and multi-tenant architecture.
ElectricEye is a multi-cloud Python CLI tool that performs security posture management and attack surface monitoring across cloud service providers and SaaS platforms with over 1000 security checks mapped to 20+ compliance frameworks.
ElectricEye is a multi-cloud Python CLI tool that performs security posture management and attack surface monitoring across cloud service providers and SaaS platforms with over 1000 security checks mapped to 20+ compliance frameworks.
A suite of secret scanners built in Rust for performance.
A standalone Python script that audits system configurations against CIS Hardening Benchmarks to assess compliance readiness without requiring installation or dependencies.
A standalone Python script that audits system configurations against CIS Hardening Benchmarks to assess compliance readiness without requiring installation or dependencies.
Fast, smart, effective port scanner with extensive extendability and adaptive learning.
Fast, smart, effective port scanner with extensive extendability and adaptive learning.
A program to extract IOCs from text files using regular expressions
A program to extract IOCs from text files using regular expressions
PLASMA is an interactive disassembler that generates readable assembly code with colored syntax for reverse engineering binary files across multiple architectures and formats.
PLASMA is an interactive disassembler that generates readable assembly code with colored syntax for reverse engineering binary files across multiple architectures and formats.
Margarita Shotgun is a Python tool that enables remote memory acquisition from target systems through command line interface, supporting Linux distributions and other operating systems via Docker containers.
Margarita Shotgun is a Python tool that enables remote memory acquisition from target systems through command line interface, supporting Linux distributions and other operating systems via Docker containers.
A reverse engineering tool that extracts and organizes Samsung ODIN3 protocol messages from USB packet captures into human-readable files.
A reverse engineering tool that extracts and organizes Samsung ODIN3 protocol messages from USB packet captures into human-readable files.
A command-line tool that visually displays YARA rule matches, regex matches, and hex patterns in binary data with colored output and configurable context bytes.
A command-line tool that visually displays YARA rule matches, regex matches, and hex patterns in binary data with colored output and configurable context bytes.
Pacu is an open-source AWS exploitation framework designed for offensive security testing against cloud environments through modular attack capabilities.
Pacu is an open-source AWS exploitation framework designed for offensive security testing against cloud environments through modular attack capabilities.
A Python-based tool for detecting XSS vulnerabilities
Python module for fast packet parsing with TCP/IP protocol definitions.
Repokid automatically removes unused service permissions from AWS IAM role inline policies using Access Advisor data to implement least privilege access.
A Python web application that provides statistical analysis and visualization for Glastopf honeypot data by connecting to the honeypot's SQLite database.
Modular framework for pentesting Modbus protocol with diagnostic and offensive features.
Modular framework for pentesting Modbus protocol with diagnostic and offensive features.
A neo4j-based data management platform with command-line interface for analyzing cyber threat indicators and other data points through graph database traversal.
A neo4j-based data management platform with command-line interface for analyzing cyber threat indicators and other data points through graph database traversal.
A Python 3 tool for analyzing XOR-encrypted data that can guess key lengths and decrypt XOR ciphers based on character frequency analysis.
A Python 3 tool for analyzing XOR-encrypted data that can guess key lengths and decrypt XOR ciphers based on character frequency analysis.
Standalone SIGMA-based detection tool for EVTX, Auditd, Sysmon for Linux, XML or JSONL/NDJSON Logs.
Standalone SIGMA-based detection tool for EVTX, Auditd, Sysmon for Linux, XML or JSONL/NDJSON Logs.
A utility that attempts to decrypt data from weak RSA public keys and recover private keys using multiple integer factorization algorithms.
A utility that attempts to decrypt data from weak RSA public keys and recover private keys using multiple integer factorization algorithms.
PyIntelOwl is a Python SDK and CLI client for interacting with IntelOwl's threat intelligence API to submit files and observables for automated security analysis.
PyIntelOwl is a Python SDK and CLI client for interacting with IntelOwl's threat intelligence API to submit files and observables for automated security analysis.
KLara is a distributed system written in Python that helps Threat Intelligence researchers hunt for new malware using Yara.
KLara is a distributed system written in Python that helps Threat Intelligence researchers hunt for new malware using Yara.
A command-line tool that analyzes SPF and DMARC records to identify domains vulnerable to email spoofing attacks.
A command-line tool that analyzes SPF and DMARC records to identify domains vulnerable to email spoofing attacks.
Clinv is a command line DevSecOps asset inventory tool for tracking and managing digital assets across organizational infrastructure.
Clinv is a command line DevSecOps asset inventory tool for tracking and managing digital assets across organizational infrastructure.
Malscan is a tool to scan process memory for YARA matches and execute Python scripts.
Malscan is a tool to scan process memory for YARA matches and execute Python scripts.
A Python tool that analyzes AWS CloudTrail data to summarize IAM principal activities, API calls, regions, IP addresses, and user agents with configurable timeframes and visualization options.
A Python tool that analyzes AWS CloudTrail data to summarize IAM principal activities, API calls, regions, IP addresses, and user agents with configurable timeframes and visualization options.
A Python script that scans Nexus Repository Manager for artifacts with identical names across repositories to identify dependency confusion attack vulnerabilities.
A Python script that scans Nexus Repository Manager for artifacts with identical names across repositories to identify dependency confusion attack vulnerabilities.
A Windows Registry hive extraction library that provides C API access for reading and writing registry binary files with XML export capabilities.
A Windows Registry hive extraction library that provides C API access for reading and writing registry binary files with XML export capabilities.
An educational project that teaches data analysis techniques for cybersecurity applications using Python tools like IPython, Pandas, and Scikit Learn through practical exercises and realistic scenarios.
An educational project that teaches data analysis techniques for cybersecurity applications using Python tools like IPython, Pandas, and Scikit Learn through practical exercises and realistic scenarios.
GuardDog is a CLI tool that identifies malicious PyPI and npm packages using heuristics-based analysis of source code and metadata.
GuardDog is a CLI tool that identifies malicious PyPI and npm packages using heuristics-based analysis of source code and metadata.
A modular Python tool that obfuscates Android applications by manipulating decompiled smali code, resources, and manifest files without requiring source code access.
A modular Python tool that obfuscates Android applications by manipulating decompiled smali code, resources, and manifest files without requiring source code access.
Pwntools is a Python CTF framework and exploit development library that provides tools for rapid prototyping and development of exploits and CTF challenge solutions.
Threat hunting tool leveraging Windows events for identifying outliers and suspicious behavior.
Threat hunting tool leveraging Windows events for identifying outliers and suspicious behavior.
A Python-based forensic tool for extracting and analyzing browser artifacts from Firefox, Iceweasel, and Seamonkey browsers on Unix and Windows systems.
A Python-based forensic tool for extracting and analyzing browser artifacts from Firefox, Iceweasel, and Seamonkey browsers on Unix and Windows systems.
A Security Information and Event Management (SIEM) system with a focus on security and minimalism.
A Python-based network hacking toolkit that implements various attack and reconnaissance techniques for educational purposes and network security learning.
A Python-based network hacking toolkit that implements various attack and reconnaissance techniques for educational purposes and network security learning.
A command-line tool that discovers and catalogs all AWS resources across an account using botocore, outputting results in JSON format.
A command-line tool that discovers and catalogs all AWS resources across an account using botocore, outputting results in JSON format.
A set of commands for exploit developers and reverse-engineers to enhance GDB functionality.
A set of commands for exploit developers and reverse-engineers to enhance GDB functionality.
Parse YARA rules into a dictionary representation.
Distributed low interaction honeypot with Agent/Master design supporting various protocol handlers.
Distributed low interaction honeypot with Agent/Master design supporting various protocol handlers.
A digital forensics tool that extracts and analyzes Windows AppCompat and AmCache registry data for enterprise-scale forensic investigations.
A digital forensics tool that extracts and analyzes Windows AppCompat and AmCache registry data for enterprise-scale forensic investigations.
An exploitation framework for industrial security with modules for controlling PLCs and scanning devices.
An exploitation framework for industrial security with modules for controlling PLCs and scanning devices.
A Python-based Docker security audit tool that performs CIS benchmark assessments with customizable profiles and JSON reporting capabilities.
A Python-based Docker security audit tool that performs CIS benchmark assessments with customizable profiles and JSON reporting capabilities.
A honeypot specifically designed to detect and capture Log4Shell vulnerability exploitation attempts with payload analysis and flexible logging capabilities.
BleachBit is an open-source system cleaning utility that removes temporary files and system artifacts to free disk space and protect user privacy.
BleachBit is an open-source system cleaning utility that removes temporary files and system artifacts to free disk space and protect user privacy.
nyx is a threat intelligence artifact distribution system that facilitates the sharing of threat intelligence indicators from various sources to defensive security systems with configurable criticality levels.
nyx is a threat intelligence artifact distribution system that facilitates the sharing of threat intelligence indicators from various sources to defensive security systems with configurable criticality levels.
PEDA is a Python extension for GDB that enhances debugging with colorized displays and specialized commands for exploit development and binary security analysis.
PEDA is a Python extension for GDB that enhances debugging with colorized displays and specialized commands for exploit development and binary security analysis.
An open source honeypot for NoSQL databases with support for Redis and additional features for detecting attackers and logging attack incidents.
An open source honeypot for NoSQL databases with support for Redis and additional features for detecting attackers and logging attack incidents.
FeatherDuster is a cryptanalysis tool that automatically identifies and exploits weaknesses in cryptographic systems by analyzing ciphertext files.
FeatherDuster is a cryptanalysis tool that automatically identifies and exploits weaknesses in cryptographic systems by analyzing ciphertext files.
A scalable python framework for security research and development teams.
iOSForensic is a Python tool for forensic analysis on iOS devices, extracting files, logs, SQLite3 databases, and .plist files into XML.
iOSForensic is a Python tool for forensic analysis on iOS devices, extracting files, logs, SQLite3 databases, and .plist files into XML.
AfterGlow Cloud is a Django-based web application that allows users to upload data and generate graph visualizations through a browser interface.
AfterGlow Cloud is a Django-based web application that allows users to upload data and generate graph visualizations through a browser interface.
ChopShop is a MITRE framework that helps analysts create pynids-based decoders and detectors for identifying APT tradecraft in network traffic.
ChopShop is a MITRE framework that helps analysts create pynids-based decoders and detectors for identifying APT tradecraft in network traffic.
A robust Python implementation of TAXII Services with a friendly pythonic API.
A robust Python implementation of TAXII Services with a friendly pythonic API.
Python-based client for IBM XForce Exchange with an improved version available.
Python-based client for IBM XForce Exchange with an improved version available.
Python script to parse macOS MRU plist files into human-friendly format
Python script to parse macOS MRU plist files into human-friendly format
A Python script that performs security testing attacks against AWS Cognito services including account creation, user enumeration, and privilege escalation vulnerabilities.
A Python script that performs security testing attacks against AWS Cognito services including account creation, user enumeration, and privilege escalation vulnerabilities.
A Python script for creating a cohesive and up-to-date penetration testing framework.
A Python script for creating a cohesive and up-to-date penetration testing framework.
ssh-audit is a Python-based tool for auditing SSH server and client configurations to identify security weaknesses and ensure compliance with best practices.
ssh-audit is a Python-based tool for auditing SSH server and client configurations to identify security weaknesses and ensure compliance with best practices.
House: A runtime mobile application analysis toolkit with a Web GUI, powered by Frida, written in Python.
House: A runtime mobile application analysis toolkit with a Web GUI, powered by Frida, written in Python.
YETI is a proof-of-concept TAXII implementation that supports Inbox, Poll, and Discovery services for automated cyber threat intelligence indicator exchange.
YETI is a proof-of-concept TAXII implementation that supports Inbox, Poll, and Discovery services for automated cyber threat intelligence indicator exchange.
A tool for fixing acquired .evt Windows Event Log files in digital forensics.
A tool for fixing acquired .evt Windows Event Log files in digital forensics.
Yaramod is a library for parsing YARA rules into AST and building new YARA rulesets with C++ programming interface.
Yaramod is a library for parsing YARA rules into AST and building new YARA rulesets with C++ programming interface.
A network-triggered emergency tool that overwrites LUKS encryption headers with random data to prevent forced decryption in high-risk situations.
A network-triggered emergency tool that overwrites LUKS encryption headers with random data to prevent forced decryption in high-risk situations.
NoSQLMap is an open source Python tool that automates NoSQL injection attacks and exploits configuration weaknesses in NoSQL databases to disclose or clone data.
NoSQLMap is an open source Python tool that automates NoSQL injection attacks and exploits configuration weaknesses in NoSQL databases to disclose or clone data.
Strelka is a real-time, container-based file scanning system that performs file extraction and metadata collection at enterprise scale for threat hunting, detection, and incident response.
Strelka is a real-time, container-based file scanning system that performs file extraction and metadata collection at enterprise scale for threat hunting, detection, and incident response.
SHIVA: Spam Honeypot with Intelligent Virtual Analyzer for capturing and analyzing spam data.
SHIVA: Spam Honeypot with Intelligent Virtual Analyzer for capturing and analyzing spam data.
CyBot is a free and open source threat intelligence chat bot with a community-driven plugin framework.
CyBot is a free and open source threat intelligence chat bot with a community-driven plugin framework.
pcapfex is a forensic tool that extracts files from packet capture data by analyzing network traffic and identifying embedded file content.
pcapfex is a forensic tool that extracts files from packet capture data by analyzing network traffic and identifying embedded file content.
ROPgadget is a cross-platform command-line tool that searches for ROP gadgets in binary files across multiple architectures to facilitate exploit development and ROP chain construction.
ROPgadget is a cross-platform command-line tool that searches for ROP gadgets in binary files across multiple architectures to facilitate exploit development and ROP chain construction.
A Python library and command line tool that creates interactive visualizations for log data analysis with zoom and navigation capabilities.
A Python library and command line tool that creates interactive visualizations for log data analysis with zoom and navigation capabilities.
Interactive computational environment for code execution, text, and media combination.
Interactive computational environment for code execution, text, and media combination.
An interactive command line application for Open Source Intelligence collection and artifact management that enables investigation of IP addresses, domains, email addresses, file hashes, and other digital artifacts.
An interactive command line application for Open Source Intelligence collection and artifact management that enables investigation of IP addresses, domains, email addresses, file hashes, and other digital artifacts.
Ebowla is a tool for generating payloads in Python, GO, and PowerShell with support for Reflective DLLs.
Ebowla is a tool for generating payloads in Python, GO, and PowerShell with support for Reflective DLLs.
A modular malware collection and processing framework with support for various threat intelligence feeds.
A modular malware collection and processing framework with support for various threat intelligence feeds.
A native Python cross-version decompiler and fragment decompiler.
OCyara performs OCR on images and PDF files to extract text content and scan it against Yara rules for malware detection.
OCyara performs OCR on images and PDF files to extract text content and scan it against Yara rules for malware detection.
A pure Python parser for Windows Event Log (.evtx) files that enables cross-platform forensic analysis of Windows system events.
A pure Python parser for Windows Event Log (.evtx) files that enables cross-platform forensic analysis of Windows system events.
Collect various intelligence sources for hosts in CSV format.
A tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container, aiding in digital forensic triage.
A tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container, aiding in digital forensic triage.
A Flask-based honeypot that simulates Outlook Web App (OWA) environments to attract and analyze malicious activities targeting OWA systems.
AWS IR is a Python command line utility for automated incident response and mitigation of instance and key compromises in Amazon Web Services environments.
AWS IR is a Python command line utility for automated incident response and mitigation of instance and key compromises in Amazon Web Services environments.
A dependency security scanner that identifies potential supply chain vulnerabilities by checking for available package namespace registrations across Python, JavaScript, PHP, and Maven repositories.
A dependency security scanner that identifies potential supply chain vulnerabilities by checking for available package namespace registrations across Python, JavaScript, PHP, and Maven repositories.
SILENTTRINITY is a Python-based, asynchronous C2 framework that uses .NET scripting languages for post-exploitation activities without relying on PowerShell.
SILENTTRINITY is a Python-based, asynchronous C2 framework that uses .NET scripting languages for post-exploitation activities without relying on PowerShell.
PhoneyC is a client-side honeypot that emulates vulnerable web browsers to detect and analyze malicious web content and browser-based exploits.
PhoneyC is a client-side honeypot that emulates vulnerable web browsers to detect and analyze malicious web content and browser-based exploits.
A command-line tool that parses Google Protobuf encoded data without schema definitions and displays the content in a readable, colored format.
A command-line tool that parses Google Protobuf encoded data without schema definitions and displays the content in a readable, colored format.
Pupy is an open-source, cross-platform C2 framework that provides remote access and control capabilities for compromised systems across Windows, Linux, OSX, and Android platforms.
Pupy is an open-source, cross-platform C2 framework that provides remote access and control capabilities for compromised systems across Windows, Linux, OSX, and Android platforms.
A low interaction Python honeypot designed to mimic various services and ports to attract attackers and log access attempts.
A low interaction Python honeypot designed to mimic various services and ports to attract attackers and log access attempts.
OpenCanary is a multi-protocol network honeypot with low resource requirements and alerting capabilities.
OpenCanary is a multi-protocol network honeypot with low resource requirements and alerting capabilities.
A Python wrapper for the Libemu library that enables shellcode analysis and malicious code examination through programmatic interfaces.
A Python wrapper for the Libemu library that enables shellcode analysis and malicious code examination through programmatic interfaces.
FIR is a Python-based cybersecurity incident management platform designed for CSIRTs, CERTs, and SOCs to create, track, and report security incidents.
FIR is a Python-based cybersecurity incident management platform designed for CSIRTs, CERTs, and SOCs to create, track, and report security incidents.
Open source Python library for NTFS analysis
A collection of CTF write-ups demonstrating the use of pwntools for solving binary exploitation challenges across various cybersecurity competitions.
A collection of CTF write-ups demonstrating the use of pwntools for solving binary exploitation challenges across various cybersecurity competitions.
Hale is a modular botnet command and control monitoring tool that tracks C&C server communications across multiple protocols with web-based analysis interface and collaborative research capabilities.
Hale is a modular botnet command and control monitoring tool that tracks C&C server communications across multiple protocols with web-based analysis interface and collaborative research capabilities.
Repository containing MITRE ATT&CK and CAPEC threat intelligence datasets formatted in STIX 2.0 standard for cybersecurity analysis and threat intelligence sharing.
Repository containing MITRE ATT&CK and CAPEC threat intelligence datasets formatted in STIX 2.0 standard for cybersecurity analysis and threat intelligence sharing.
A Python-based Burp Suite extension that integrates Yara scanning capabilities for detecting patterns and signatures in web application traffic using custom Yara rules.
A Python-based Burp Suite extension that integrates Yara scanning capabilities for detecting patterns and signatures in web application traffic using custom Yara rules.
IRIS-SOAR is a Python-based modular SOAR platform that automates security incident response workflows and integrates with DFIR-IRIS for enhanced digital forensics operations.
IRIS-SOAR is a Python-based modular SOAR platform that automates security incident response workflows and integrates with DFIR-IRIS for enhanced digital forensics operations.
An open source cloud-native security data lake platform for AWS that normalizes security logs into structured data with Detection-as-Code capabilities and vendor-neutral storage using open standards.
An open source cloud-native security data lake platform for AWS that normalizes security logs into structured data with Detection-as-Code capabilities and vendor-neutral storage using open standards.
A Python library for handling TAXII v1.x messages and services to enable automated threat intelligence sharing and indicator exchange.
A Python library for handling TAXII v1.x messages and services to enable automated threat intelligence sharing and indicator exchange.
A collection of Python scripts that automate tasks and extend IDA Pro disassembler functionality for reverse engineering workflows.
A collection of Python scripts that automate tasks and extend IDA Pro disassembler functionality for reverse engineering workflows.
GrokEVT is a tool for reading Windows event log files and converting them to a human-readable format.
A Python command line tool that scans directories for AWS credentials in files, designed for CI/CD integration to prevent credential exposure in builds.
A Python command line tool that scans directories for AWS credentials in files, designed for CI/CD integration to prevent credential exposure in builds.
Python-based web server framework for setting up fake web servers and services with precise data responses.
Python-based web server framework for setting up fake web servers and services with precise data responses.
StringSifter is a machine learning tool that automatically ranks strings extracted from malware samples based on their relevance for analysis.
StringSifter is a machine learning tool that automatically ranks strings extracted from malware samples based on their relevance for analysis.
SkyWrapper analyzes temporary token behaviors in AWS accounts to detect suspicious activities and generates Excel reports with findings summaries.
SkyWrapper analyzes temporary token behaviors in AWS accounts to detect suspicious activities and generates Excel reports with findings summaries.
A Python-based modular incident response tool for AWS environments that enables automated security actions across EC2, IAM, VPC, and other AWS resources.
A Python-based modular incident response tool for AWS environments that enables automated security actions across EC2, IAM, VPC, and other AWS resources.
A tool that checks if domains are present in Alexa or Cisco top one million domain lists for reputation assessment and threat analysis.
A tool that checks if domains are present in Alexa or Cisco top one million domain lists for reputation assessment and threat analysis.
A command-line interface tool for managing container image security analysis, vulnerability scanning, and policy enforcement through the Anchore Engine REST API.
A command-line interface tool for managing container image security analysis, vulnerability scanning, and policy enforcement through the Anchore Engine REST API.
Honeypot for analyzing data with customizable services and logging capabilities.
Honeypot for analyzing data with customizable services and logging capabilities.
Developer documentation providing REST API and SDK resources for ThreatConnect platform integration across Python, Java, and JavaScript environments.
Interactive incremental disassembler with data/control flow analysis capabilities.
Interactive incremental disassembler with data/control flow analysis capabilities.
An open-source Python software for creating honeypots and honeynets securely.
An open-source Python software for creating honeypots and honeynets securely.
DroidBox is a dynamic analysis framework for Android applications that monitors runtime behavior, network activity, file operations, and security events while generating behavioral visualizations.
DroidBox is a dynamic analysis framework for Android applications that monitors runtime behavior, network activity, file operations, and security events while generating behavioral visualizations.
Converts OpenIOC v1.0 XML files into STIX Indicators, generating STIX v1.2 and CybOX v2.1 content.
Converts OpenIOC v1.0 XML files into STIX Indicators, generating STIX v1.2 and CybOX v2.1 content.
A collection of Python scripts for conducting penetration testing activities against Amazon Web Services (AWS) environments.
A collection of Python scripts for conducting penetration testing activities against Amazon Web Services (AWS) environments.
An observation camera honeypot for proof-of-concept purposes
A Python utility that identifies and exploits domains vulnerable to AWS name server takeover attacks by detecting misconfigured DNS settings.
Principal Mapper is a Python tool that models AWS IAM configurations as directed graphs to identify privilege escalation risks and alternative attack paths in AWS environments.
Principal Mapper is a Python tool that models AWS IAM configurations as directed graphs to identify privilege escalation risks and alternative attack paths in AWS environments.
A low to medium interaction honeypot with a variety of plugins for cybersecurity monitoring.
A Python telnet honeypot that emulates shell environments to capture and analyze IoT malware and botnet binaries through automated detection mechanisms.
A Python telnet honeypot that emulates shell environments to capture and analyze IoT malware and botnet binaries through automated detection mechanisms.
Python exploitation tool for gaining root access to Sixnet RTUs in SCADA networks by exploiting application-level vulnerabilities.
Python exploitation tool for gaining root access to Sixnet RTUs in SCADA networks by exploiting application-level vulnerabilities.
A deliberately vulnerable web application written in under 100 lines of Python code for educational purposes and web security testing.
A deliberately vulnerable web application written in under 100 lines of Python code for educational purposes and web security testing.
A full-featured reconnaissance framework for web-based reconnaissance with a modular design.
A full-featured reconnaissance framework for web-based reconnaissance with a modular design.
Open source penetration testing tool for detecting and exploiting command injection vulnerabilities.
Open source penetration testing tool for detecting and exploiting command injection vulnerabilities.
A honeypot that simulates an exposed networked printer using PJL protocol to capture and log attacker interactions through a virtual filesystem.
Repository for IBM SOAR Apps source-code and development resources.
Repository for IBM SOAR Apps source-code and development resources.
A modular and script-friendly multithread bruteforcer for managing task parameters in Python scripts.
A modular and script-friendly multithread bruteforcer for managing task parameters in Python scripts.
hpfeeds is a lightweight authenticated publish-subscribe protocol with Python 3 compatible broker and client.
drozer is an open source Android security testing framework that identifies vulnerabilities in mobile apps and devices through Android Runtime and IPC endpoint interaction.
drozer is an open source Android security testing framework that identifies vulnerabilities in mobile apps and devices through Android Runtime and IPC endpoint interaction.
A portable forensic tool that detects encrypted containers like Truecrypt and Veracrypt by analyzing file headers, block cipher patterns, and entropy without external dependencies.
A portable forensic tool that detects encrypted containers like Truecrypt and Veracrypt by analyzing file headers, block cipher patterns, and entropy without external dependencies.
A Python utility that calculates RSA cryptographic parameters and generates OpenSSL-compatible private keys from prime numbers or modulus/exponent pairs.
A Python utility that calculates RSA cryptographic parameters and generates OpenSSL-compatible private keys from prime numbers or modulus/exponent pairs.
A Cross-Platform Forensic Framework for Google Chrome that allows investigation of history, downloads, bookmarks, cookies, and provides a full report.
A Cross-Platform Forensic Framework for Google Chrome that allows investigation of history, downloads, bookmarks, cookies, and provides a full report.
A command-line tool for analyzing Cowrie honeypot log files over time, generating statistics and visualizations from local or remote log data.
A security testing framework for assessing container environment security across AWS and GCP cloud platforms.
A security testing framework for assessing container environment security across AWS and GCP cloud platforms.
Python package for fanging and defanging indicators of compromise in text.
Python package for fanging and defanging indicators of compromise in text.
A library to access and parse Windows XML Event Log (EVTX) format, useful for digital forensics and incident response.
A library to access and parse Windows XML Event Log (EVTX) format, useful for digital forensics and incident response.
TrailBlazer analyzes AWS CloudTrail logging behavior by systematically testing API calls across services to determine what gets logged and how it appears in CloudTrail.
TrailBlazer analyzes AWS CloudTrail logging behavior by systematically testing API calls across services to determine what gets logged and how it appears in CloudTrail.
A simpler version of a honeypot that looks for connections from external parties and performs a specific action, usually blacklisting.
An open source tool that generates YARA rules from installed software on running operating systems for efficient software identification in digital forensic investigations.
An open source tool that generates YARA rules from installed software on running operating systems for efficient software identification in digital forensic investigations.
TIH is an intelligence tool that helps you search for IOCs across multiple security feeds and APIs.
TIH is an intelligence tool that helps you search for IOCs across multiple security feeds and APIs.
JIMI is a flow-based orchestration automation platform that combines low-code and no-code capabilities for multi-team collaboration across IT, security, and development operations.
JIMI is a flow-based orchestration automation platform that combines low-code and no-code capabilities for multi-team collaboration across IT, security, and development operations.
A Python library to interface with a cuckoo-modified instance.
A Python library to interface with a cuckoo-modified instance.
Docker Explorer is a forensic tool that enables investigators to explore and analyze offline Docker container filesystems by reconstructing layered filesystem structures.
Docker Explorer is a forensic tool that enables investigators to explore and analyze offline Docker container filesystems by reconstructing layered filesystem structures.
Pure Python implementation of Microsoft RDP protocol with various tools and support for different security layers.
Pure Python implementation of Microsoft RDP protocol with various tools and support for different security layers.
InsecureBankv2 is an intentionally vulnerable Android application with a Python back-end server designed for educational purposes in mobile security testing and Android vulnerability research.
InsecureBankv2 is an intentionally vulnerable Android application with a Python back-end server designed for educational purposes in mobile security testing and Android vulnerability research.
Atomic Reactor is a Python library and CLI tool for building Docker images with advanced features including Git integration, registry operations, and build system integration.
Atomic Reactor is a Python library and CLI tool for building Docker images with advanced features including Git integration, registry operations, and build system integration.
MockSSH is a testing tool that emulates operating systems behind SSH servers to enable automation testing without requiring access to real servers.
MockSSH is a testing tool that emulates operating systems behind SSH servers to enable automation testing without requiring access to real servers.
OSXCollector is a forensic evidence collection & analysis toolkit for OSX.
OSXCollector is a forensic evidence collection & analysis toolkit for OSX.
CloudTracker analyzes CloudTrail logs against IAM policies to identify over-privileged AWS users and roles by comparing actual permission usage with granted permissions.
CloudTracker analyzes CloudTrail logs against IAM policies to identify over-privileged AWS users and roles by comparing actual permission usage with granted permissions.
Python tool for monitoring user-select APIs in Android apps using Frida.
Python tool for monitoring user-select APIs in Android apps using Frida.
A Python script that detects and removes Thinkst Canary Tokens from files using signature-based detection methods.
A Python script that detects and removes Thinkst Canary Tokens from files using signature-based detection methods.
PinCTF is a Python wrapper tool that uses Intel's Pin framework to instrument binaries and count instructions for reverse engineering analysis.
PinCTF is a Python wrapper tool that uses Intel's Pin framework to instrument binaries and count instructions for reverse engineering analysis.
A comprehensive guide to Python 3 syntax, features, and resources in a single image.
A comprehensive guide to Python 3 syntax, features, and resources in a single image.
DumpsterDiver analyzes large datasets to detect hardcoded secrets, keys, and passwords using entropy calculations and customizable search rules.
DumpsterDiver analyzes large datasets to detect hardcoded secrets, keys, and passwords using entropy calculations and customizable search rules.
