Python

Pupy is an open-source, cross-platform C2 framework that provides remote access and control capabilities for compromised systems across Windows, Linux, OSX, and Android platforms.

A low interaction Python honeypot designed to mimic various services and ports to attract attackers and log access attempts.

OpenCanary is a multi-protocol network honeypot with low resource requirements and alerting capabilities.

A Python wrapper for the Libemu library that enables shellcode analysis and malicious code examination through programmatic interfaces.

FIR is a Python-based cybersecurity incident management platform designed for CSIRTs, CERTs, and SOCs to create, track, and report security incidents.

Open source Python library for NTFS analysis

A collection of CTF write-ups demonstrating the use of pwntools for solving binary exploitation challenges across various cybersecurity competitions.

Hale is a modular botnet command and control monitoring tool that tracks C&C server communications across multiple protocols with web-based analysis interface and collaborative research capabilities.

Repository containing MITRE ATT&CK and CAPEC threat intelligence datasets formatted in STIX 2.0 standard for cybersecurity analysis and threat intelligence sharing.

A Python-based Burp Suite extension that integrates Yara scanning capabilities for detecting patterns and signatures in web application traffic using custom Yara rules.

IRIS-SOAR is a Python-based modular SOAR platform that automates security incident response workflows and integrates with DFIR-IRIS for enhanced digital forensics operations.

An open source cloud-native security data lake platform for AWS that normalizes security logs into structured data with Detection-as-Code capabilities and vendor-neutral storage using open standards.

A Python library for handling TAXII v1.x messages and services to enable automated threat intelligence sharing and indicator exchange.

A collection of Python scripts that automate tasks and extend IDA Pro disassembler functionality for reverse engineering workflows.

GrokEVT is a tool for reading Windows event log files and converting them to a human-readable format.

A Python command line tool that scans directories for AWS credentials in files, designed for CI/CD integration to prevent credential exposure in builds.

Python-based web server framework for setting up fake web servers and services with precise data responses.

StringSifter is a machine learning tool that automatically ranks strings extracted from malware samples based on their relevance for analysis.

SkyWrapper analyzes temporary token behaviors in AWS accounts to detect suspicious activities and generates Excel reports with findings summaries.

A Python-based modular incident response tool for AWS environments that enables automated security actions across EC2, IAM, VPC, and other AWS resources.

A tool that checks if domains are present in Alexa or Cisco top one million domain lists for reputation assessment and threat analysis.

Honeypot tool with bug-catching capabilities and support for multiple protocols.

A command-line interface tool for managing container image security analysis, vulnerability scanning, and policy enforcement through the Anchore Engine REST API.

Honeypot for analyzing data with customizable services and logging capabilities.