Python

A Python tool that mines URLs from web archives to assist security researchers in discovering potential attack surfaces for bug hunting and vulnerability assessment.

A Python-based tool for external attack surface discovery and reconnaissance across large-scale networks, focusing on IP address and subdomain enumeration.

Access Undenied on AWS analyzes CloudTrail AccessDenied events to explain access denial reasons and provide least-privilege remediation suggestions.

mkCTF is a framework for creating and managing jeopardy-style CTF challenges with configurable structure and automated deployment capabilities.

ALEAPP is a Python-based forensic tool for parsing Android logs, events, and protobuf data with both CLI and GUI interfaces.

A command-line tool that shows configuration history and changes of AWS resources using AWS Config service.

A Scriptable Android Debugger for reverse engineers and developers.

YLS Language Server for YARA Language with comprehensive features and Python 3.8 support.

RegRippy is a modern Python 3 alternative to RegRipper for extracting data from Windows registry hives.

mac_apt is a versatile DFIR tool for processing Mac and iOS images, offering extensive artifact extraction capabilities and cross-platform support.

Django based web application for network traffic analysis with protocol handling capabilities.

An IDAPython script that generates YARA rules for basic blocks of the current function in IDA Pro, with automatic masking of relocation bytes and optional validation against file segments.

A Python script that inventories and lists main AWS account resources to provide visibility into cloud infrastructure components that may impact billing or security.

PyBOF is a Python library that enables in-memory loading and execution of Beacon Object Files (BOFs) with support for argument passing and function targeting.

aws-gate is a tool that enables secure connections to AWS EC2 instances through AWS Systems Manager Session Manager without requiring SSH keys or direct network access.

AMDH is a Python3 Android security tool that automates mobile device hardening through malware detection, privacy protection, CIS benchmark compliance, and application security analysis.

Modular Threat Hunting Tool & Framework

A low-interaction honeypot that uses Dionaea as its core, providing a simple and easy-to-use interface for setting up and managing honeypots.

A configurable DNS honeypot with SQLite logging and Docker support.

A Bluetooth 5 and 4.x sniffer using TI CC1352/CC26x2 hardware with advanced features and Python-based host-side software.

A Python-based red team toolkit that leverages AWS boto3 SDK to perform offensive operations including credential extraction and file exfiltration from EC2 instances.

A Python library that provides an interface to query ThreatCrowd's API for threat intelligence data including email, IP, domain, and antivirus reports with built-in caching capabilities.

Unfurl is a URL analysis tool that extracts and visualizes data from URLs, breaking them down into components and presenting the information visually.

GridPot is a honeypot framework that combines GridLAB-D, Conpot, and libiec61850 to simulate industrial control systems and detect attacks on power grid infrastructure.