Python

A Python utility that calculates RSA cryptographic parameters and generates OpenSSL-compatible private keys from prime numbers or modulus/exponent pairs.

A Cross-Platform Forensic Framework for Google Chrome that allows investigation of history, downloads, bookmarks, cookies, and provides a full report.

A command-line tool for analyzing Cowrie honeypot log files over time, generating statistics and visualizations from local or remote log data.

A security testing framework for assessing container environment security across AWS and GCP cloud platforms.

Python package for fanging and defanging indicators of compromise in text.

A library to access and parse Windows XML Event Log (EVTX) format, useful for digital forensics and incident response.

TrailBlazer analyzes AWS CloudTrail logging behavior by systematically testing API calls across services to determine what gets logged and how it appears in CloudTrail.

A simpler version of a honeypot that looks for connections from external parties and performs a specific action, usually blacklisting.

An open source tool that generates YARA rules from installed software on running operating systems for efficient software identification in digital forensic investigations.

TIH is an intelligence tool that helps you search for IOCs across multiple security feeds and APIs.

JIMI is a flow-based orchestration automation platform that combines low-code and no-code capabilities for multi-team collaboration across IT, security, and development operations.

A Python library to interface with a cuckoo-modified instance.

Docker Explorer is a forensic tool that enables investigators to explore and analyze offline Docker container filesystems by reconstructing layered filesystem structures.

Pure Python implementation of Microsoft RDP protocol with various tools and support for different security layers.

InsecureBankv2 is an intentionally vulnerable Android application with a Python back-end server designed for educational purposes in mobile security testing and Android vulnerability research.

Atomic Reactor is a Python library and CLI tool for building Docker images with advanced features including Git integration, registry operations, and build system integration.

MockSSH is a testing tool that emulates operating systems behind SSH servers to enable automation testing without requiring access to real servers.

OSXCollector is a forensic evidence collection & analysis toolkit for OSX.

CloudTracker analyzes CloudTrail logs against IAM policies to identify over-privileged AWS users and roles by comparing actual permission usage with granted permissions.

Honeypot for Telnet service with configurable settings.

Python tool for monitoring user-select APIs in Android apps using Frida.

A Python script that detects and removes Thinkst Canary Tokens from files using signature-based detection methods.

PinCTF is a Python wrapper tool that uses Intel's Pin framework to instrument binaries and count instructions for reverse engineering analysis.

A comprehensive guide to Python 3 syntax, features, and resources in a single image.