Python

Yaramod is a library for parsing YARA rules into AST and building new YARA rulesets with C++ programming interface.

A network-triggered emergency tool that overwrites LUKS encryption headers with random data to prevent forced decryption in high-risk situations.

NoSQLMap is an open source Python tool that automates NoSQL injection attacks and exploits configuration weaknesses in NoSQL databases to disclose or clone data.

Strelka is a real-time, container-based file scanning system that performs file extraction and metadata collection at enterprise scale for threat hunting, detection, and incident response.

SHIVA: Spam Honeypot with Intelligent Virtual Analyzer for capturing and analyzing spam data.

CyBot is a free and open source threat intelligence chat bot with a community-driven plugin framework.

pcapfex is a forensic tool that extracts files from packet capture data by analyzing network traffic and identifying embedded file content.

ROPgadget is a cross-platform command-line tool that searches for ROP gadgets in binary files across multiple architectures to facilitate exploit development and ROP chain construction.

A Python library and command line tool that creates interactive visualizations for log data analysis with zoom and navigation capabilities.

Interactive computational environment for code execution, text, and media combination.

An interactive command line application for Open Source Intelligence collection and artifact management that enables investigation of IP addresses, domains, email addresses, file hashes, and other digital artifacts.

Ebowla is a tool for generating payloads in Python, GO, and PowerShell with support for Reflective DLLs.

A modular malware collection and processing framework with support for various threat intelligence feeds.

A native Python cross-version decompiler and fragment decompiler.

OCyara performs OCR on images and PDF files to extract text content and scan it against Yara rules for malware detection.

A pure Python parser for Windows Event Log (.evtx) files that enables cross-platform forensic analysis of Windows system events.

Collect various intelligence sources for hosts in CSV format.

A tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container, aiding in digital forensic triage.

A Flask-based honeypot that simulates Outlook Web App (OWA) environments to attract and analyze malicious activities targeting OWA systems.

AWS IR is a Python command line utility for automated incident response and mitigation of instance and key compromises in Amazon Web Services environments.

A dependency security scanner that identifies potential supply chain vulnerabilities by checking for available package namespace registrations across Python, JavaScript, PHP, and Maven repositories.

SILENTTRINITY is a Python-based, asynchronous C2 framework that uses .NET scripting languages for post-exploitation activities without relying on PowerShell.

PhoneyC is a client-side honeypot that emulates vulnerable web browsers to detect and analyze malicious web content and browser-based exploits.

A command-line tool that parses Google Protobuf encoded data without schema definitions and displays the content in a readable, colored format.