Python

SMTP Honeypot with custom modules for different modes of operation.

A neo4j-based data management platform with command-line interface for analyzing cyber threat indicators and other data points through graph database traversal.

A Python-based honeypot service for SSH, FTP, and Telnet connections

A Python 3 tool for analyzing XOR-encrypted data that can guess key lengths and decrypt XOR ciphers based on character frequency analysis.

Standalone SIGMA-based detection tool for EVTX, Auditd, Sysmon for Linux, XML or JSONL/NDJSON Logs.

A utility that attempts to decrypt data from weak RSA public keys and recover private keys using multiple integer factorization algorithms.

PyIntelOwl is a Python SDK and CLI client for interacting with IntelOwl's threat intelligence API to submit files and observables for automated security analysis.

KLara is a distributed system written in Python that helps Threat Intelligence researchers hunt for new malware using Yara.

A command-line tool that analyzes SPF and DMARC records to identify domains vulnerable to email spoofing attacks.

Clinv is a command line DevSecOps asset inventory tool for tracking and managing digital assets across organizational infrastructure.

Malscan is a tool to scan process memory for YARA matches and execute Python scripts.

A Python tool that analyzes AWS CloudTrail data to summarize IAM principal activities, API calls, regions, IP addresses, and user agents with configurable timeframes and visualization options.

A Python script that scans Nexus Repository Manager for artifacts with identical names across repositories to identify dependency confusion attack vulnerabilities.

A Windows Registry hive extraction library that provides C API access for reading and writing registry binary files with XML export capabilities.

An educational project that teaches data analysis techniques for cybersecurity applications using Python tools like IPython, Pandas, and Scikit Learn through practical exercises and realistic scenarios.

GuardDog is a CLI tool that identifies malicious PyPI and npm packages using heuristics-based analysis of source code and metadata.

A modular Python tool that obfuscates Android applications by manipulating decompiled smali code, resources, and manifest files without requiring source code access.

Pwntools is a Python CTF framework and exploit development library that provides tools for rapid prototyping and development of exploits and CTF challenge solutions.

Threat hunting tool leveraging Windows events for identifying outliers and suspicious behavior.

A Python-based forensic tool for extracting and analyzing browser artifacts from Firefox, Iceweasel, and Seamonkey browsers on Unix and Windows systems.

A Security Information and Event Management (SIEM) system with a focus on security and minimalism.

A Python-based network hacking toolkit that implements various attack and reconnaissance techniques for educational purposes and network security learning.

A command-line tool that discovers and catalogs all AWS resources across an account using botocore, outputting results in JSON format.

A set of commands for exploit developers and reverse-engineers to enhance GDB functionality.