122 tools and resources
A reverse engineering framework with a focus on usability and code cleanliness
A Python library for working with network protocols
A tool for bruteforcing subdomains of a given domain
Automated blind-xss search for Burp Suite
A tool to declutter URL lists for crawling and pentesting
VMCloak is a tool for creating and preparing Virtual Machines for Cuckoo Sandbox.
A conference featuring talks and workshops on various Python-related topics.
NFStream is a multiplatform Python framework for network flow data analysis with a focus on speed and flexibility.
IronBee is an open source project building a universal web application security sensor.
Dynamic binary analysis library with various analysis and emulation capabilities.
Tool for parsing Android logs events and protobuf data
A Scriptable Android Debugger for reverse engineers and developers.
YLS Language Server for YARA Language with comprehensive features and Python 3.8 support.
RegRippy is a modern Python 3 alternative to RegRipper for extracting data from Windows registry hives.
mac_apt is a versatile DFIR tool for processing Mac and iOS images, offering extensive artifact extraction capabilities and cross-platform support.
Django based web application for network traffic analysis with protocol handling capabilities.
Modular Threat Hunting Tool & Framework
A low-interaction honeypot that uses Dionaea as its core, providing a simple and easy-to-use interface for setting up and managing honeypots.
A configurable DNS honeypot with SQLite logging and Docker support.
A Bluetooth 5 and 4.x sniffer using TI CC1352/CC26x2 hardware with advanced features and Python-based host-side software.
Unfurl is a URL analysis tool that extracts and visualizes data from URLs, breaking them down into components and presenting the information visually.
Unofficial Python API for searching, browsing, and downloading Android apps from Google Play.
Incident response framework focused on remote live forensics
A semi-automatic tool to generate YARA rules from virus samples.
Python framework for building and utilizing interfaces to transfer data between frameworks with a focus on Command and Control frameworks.
A free book providing design and implementation guidelines for writing secure programs in various languages.
Open source application for retrieving passwords stored on a local computer with support for various software and platforms.
ISF (Industrial Exploitation Framework) - An exploitation framework for industrial systems with various ICS protocol clients and exploit modules.
A tool for signature analysis of RTF files to detect potentially unique parts and malicious documents.
Modular honeypot based on Python with support for Siemens S7 protocol.
Metta is an information security preparedness tool for adversarial simulation.
A tool for scraping CTF writeups from ctftime.org and organizing them for easy access.
Instructions for setting up SIREN, including downloading Linux dependencies, cloning the repository, setting up virtual environment, installing pip requirements, running SIREN, setting up Snort on Pi, and MySQL setup.
Python script to parse the NTFS USN Change Journal.
An IOC tracker written in Python that queries Google Custom Search Engines for various cybersecurity indicators and monitors domain status using Google Safe Browsing APIs.
RTA provides a framework of scripts for blue teams to test detection capabilities against malicious tradecraft, modeled after MITRE ATT&CK.
Easy-to-use live forensics toolbox for Linux endpoints with various capabilities such as process inspection, memory analysis, and YARA scanning.
A suite of secret scanners built in Rust for performance.
A Python script to check system compliance against CIS Benchmarks with customizable options.
Fast, smart, effective port scanner with extensive extendability and adaptive learning.
A program to extract IOCs from text files using regular expressions
Python tool for remote memory acquisition
Pacu is an open-source AWS exploitation framework for offensive security testing against cloud environments.
A Python-based tool for detecting XSS vulnerabilities
Python module for fast packet parsing with TCP/IP protocol definitions.
A Python web application honeypot that provides simple statistics for the Glastopf.
Modular framework for pentesting Modbus protocol with diagnostic and offensive features.
SMTP Honeypot with custom modules for different modes of operation.
A cybersecurity tool for managing data points and cyber threat indicators with a focus on neo4j data traversal.
A Python-based honeypot service for SSH, FTP, and Telnet connections
Standalone SIGMA-based detection tool for EVTX, Auditd, Sysmon for Linux, XML or JSONL/NDJSON Logs.
KLara is a distributed system written in Python that helps Threat Intelligence researchers hunt for new malware using Yara.
Malscan is a tool to scan process memory for YARA matches and execute Python scripts.
Script to check for artifacts with the same name between repositories to prevent Dependency Confusion Attacks.
CTF toolkit for rapid exploit development and prototyping.
Threat hunting tool leveraging Windows events for identifying outliers and suspicious behavior.
A Security Information and Event Management (SIEM) system with a focus on security and minimalism.
A set of commands for exploit developers and reverse-engineers to enhance GDB functionality.
Parse YARA rules into a dictionary representation.
Distributed low interaction honeypot with Agent/Master design supporting various protocol handlers.
An exploitation framework for industrial security with modules for controlling PLCs and scanning devices.
Docker security audit tool with custom audit profiles and JSON report generation based on CIS Docker 1.6 Benchmark.
An open source honeypot for NoSQL databases with support for Redis and additional features for detecting attackers and logging attack incidents.
A scalable python framework for security research and development teams.
iOSForensic is a Python tool for forensic analysis on iOS devices, extracting files, logs, SQLite3 databases, and .plist files into XML.
A robust Python implementation of TAXII Services with a friendly pythonic API.
Python-based client for IBM XForce Exchange with an improved version available.
Python script to parse macOS MRU plist files into human-friendly format
A Python script for creating a cohesive and up-to-date penetration testing framework.
House: A runtime mobile application analysis toolkit with a Web GUI, powered by Frida, written in Python.
Proof-of-concept implementation of TAXII services for developers and non-developers.
A tool for fixing acquired .evt Windows Event Log files in digital forensics.
Yaramod is a library for parsing YARA rules into AST and building new YARA rulesets with C++ programming interface.
SHIVA: Spam Honeypot with Intelligent Virtual Analyzer for capturing and analyzing spam data.
CyBot is a free and open source threat intelligence chat bot with a community-driven plugin framework.
Interactive computational environment for code execution, text, and media combination.
An open-source intelligence collection, research, and artifact management tool inspired by SpiderFoot, Harpoon, and DataSploit.
Ebowla is a tool for generating payloads in Python, GO, and PowerShell with support for Reflective DLLs.
A modular malware collection and processing framework with support for various threat intelligence feeds.
A native Python cross-version decompiler and fragment decompiler.
OCyara performs OCR on image files and scans them for matches to Yara rules, supporting Debian-based Linux distros.
A pure Python parser for Windows Event Log files with access to File and Chunk headers, record templates, and event entries.
Collect various intelligence sources for hosts in CSV format.
A tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container, aiding in digital forensic triage.
Modern, asynchronous, multiplayer & multiserver C2/post-exploitation framework with Python 3 and .NETs DLR.
A low interaction Python honeypot designed to mimic various services and ports to attract attackers and log access attempts.
OpenCanary is a multi-protocol network honeypot with low resource requirements and alerting capabilities.
Python wrapper for the Libemu library for analyzing shellcode.
A cybersecurity incident management platform for tracking and reporting incidents with agility and speed.
Open source Python library for NTFS analysis
Python-based extension for integrating a Yara scanner into Burp Suite for on-demand website scans based on custom rules.
Collection of Python scripts for automating tasks and enhancing IDA Pro functionality
GrokEVT is a tool for reading Windows event log files and converting them to a human-readable format.
Python-based web server framework for setting up fake web servers and services with precise data responses.
A module-based AWS response tool for incident response in AWS environments.
Honeypot tool with bug-catching capabilities and support for multiple protocols.
Honeypot for analyzing data with customizable services and logging capabilities.
Interactive incremental disassembler with data/control flow analysis capabilities.
An open-source Python software for creating honeypots and honeynets securely.
Converts OpenIOC v1.0 XML files into STIX Indicators, generating STIX v1.2 and CybOX v2.1 content.
An observation camera honeypot for proof-of-concept purposes
A low to medium interaction honeypot with a variety of plugins for cybersecurity monitoring.
Tool for exploiting Sixnet RTUs to gain root level access with little effort.
A full-featured reconnaissance framework for web-based reconnaissance with a modular design.
Open source penetration testing tool for detecting and exploiting command injection vulnerabilities.
Repository for IBM SOAR Apps source-code and development resources.
A modular and script-friendly multithread bruteforcer for managing task parameters in Python scripts.
hpfeeds is a lightweight authenticated publish-subscribe protocol with Python 3 compatible broker and client.
A Cross-Platform Forensic Framework for Google Chrome that allows investigation of history, downloads, bookmarks, cookies, and provides a full report.
Python package for fanging and defanging indicators of compromise in text.
A library to access and parse Windows XML Event Log (EVTX) format, useful for digital forensics and incident response.
A simpler version of a honeypot that looks for connections from external parties and performs a specific action, usually blacklisting.
TIH is an intelligence tool that helps you search for IOCs across multiple security feeds and APIs.
jimi is an orchestration automation tool for multi-team collaboration and automation in IT/Security operations, Development, and CI/CD pipelines.
A Python library to interface with a cuckoo-modified instance.
Pure Python implementation of Microsoft RDP protocol with various tools and support for different security layers.
Python library for building Docker images with advanced features.
OSXCollector is a forensic evidence collection & analysis toolkit for OSX.
Honeypot for Telnet service with configurable settings.
Python tool for monitoring user-select APIs in Android apps using Frida.
A comprehensive guide to Python 3 syntax, features, and resources in a single image.
