Python

Principal Mapper is a Python tool that models AWS IAM configurations as directed graphs to identify privilege escalation risks and alternative attack paths in AWS environments.

A low to medium interaction honeypot with a variety of plugins for cybersecurity monitoring.

A Python telnet honeypot that emulates shell environments to capture and analyze IoT malware and botnet binaries through automated detection mechanisms.

Python exploitation tool for gaining root access to Sixnet RTUs in SCADA networks by exploiting application-level vulnerabilities.

A deliberately vulnerable web application written in under 100 lines of Python code for educational purposes and web security testing.

A full-featured reconnaissance framework for web-based reconnaissance with a modular design.

Open source penetration testing tool for detecting and exploiting command injection vulnerabilities.

A honeypot that simulates an exposed networked printer using PJL protocol to capture and log attacker interactions through a virtual filesystem.

Repository for IBM SOAR Apps source-code and development resources.

A modular and script-friendly multithread bruteforcer for managing task parameters in Python scripts.

hpfeeds is a lightweight authenticated publish-subscribe protocol with Python 3 compatible broker and client.

drozer is an open source Android security testing framework that identifies vulnerabilities in mobile apps and devices through Android Runtime and IPC endpoint interaction.

A portable forensic tool that detects encrypted containers like Truecrypt and Veracrypt by analyzing file headers, block cipher patterns, and entropy without external dependencies.

A Python utility that calculates RSA cryptographic parameters and generates OpenSSL-compatible private keys from prime numbers or modulus/exponent pairs.

A Cross-Platform Forensic Framework for Google Chrome that allows investigation of history, downloads, bookmarks, cookies, and provides a full report.

A command-line tool for analyzing Cowrie honeypot log files over time, generating statistics and visualizations from local or remote log data.

A security testing framework for assessing container environment security across AWS and GCP cloud platforms.

Python package for fanging and defanging indicators of compromise in text.

A library to access and parse Windows XML Event Log (EVTX) format, useful for digital forensics and incident response.

TrailBlazer analyzes AWS CloudTrail logging behavior by systematically testing API calls across services to determine what gets logged and how it appears in CloudTrail.

A simpler version of a honeypot that looks for connections from external parties and performs a specific action, usually blacklisting.

An open source tool that generates YARA rules from installed software on running operating systems for efficient software identification in digital forensic investigations.

TIH is an intelligence tool that helps you search for IOCs across multiple security feeds and APIs.

JIMI is a flow-based orchestration automation platform that combines low-code and no-code capabilities for multi-team collaboration across IT, security, and development operations.