Python

A Python library and command line tool that creates interactive visualizations for log data analysis with zoom and navigation capabilities.

Interactive computational environment for code execution, text, and media combination.

An interactive command line application for Open Source Intelligence collection and artifact management that enables investigation of IP addresses, domains, email addresses, file hashes, and other digital artifacts.

Ebowla is a tool for generating payloads in Python, GO, and PowerShell with support for Reflective DLLs.

A modular malware collection and processing framework with support for various threat intelligence feeds.

A native Python cross-version decompiler and fragment decompiler.

OCyara performs OCR on images and PDF files to extract text content and scan it against Yara rules for malware detection.

A pure Python parser for Windows Event Log (.evtx) files that enables cross-platform forensic analysis of Windows system events.

Collect various intelligence sources for hosts in CSV format.

A tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container, aiding in digital forensic triage.

A Flask-based honeypot that simulates Outlook Web App (OWA) environments to attract and analyze malicious activities targeting OWA systems.

AWS IR is a Python command line utility for automated incident response and mitigation of instance and key compromises in Amazon Web Services environments.

A dependency security scanner that identifies potential supply chain vulnerabilities by checking for available package namespace registrations across Python, JavaScript, PHP, and Maven repositories.

SILENTTRINITY is a Python-based, asynchronous C2 framework that uses .NET scripting languages for post-exploitation activities without relying on PowerShell.

PhoneyC is a client-side honeypot that emulates vulnerable web browsers to detect and analyze malicious web content and browser-based exploits.

A command-line tool that parses Google Protobuf encoded data without schema definitions and displays the content in a readable, colored format.

Pupy is an open-source, cross-platform C2 framework that provides remote access and control capabilities for compromised systems across Windows, Linux, OSX, and Android platforms.

A low interaction Python honeypot designed to mimic various services and ports to attract attackers and log access attempts.

OpenCanary is a multi-protocol network honeypot with low resource requirements and alerting capabilities.

A Python wrapper for the Libemu library that enables shellcode analysis and malicious code examination through programmatic interfaces.

FIR is a Python-based cybersecurity incident management platform designed for CSIRTs, CERTs, and SOCs to create, track, and report security incidents.

Open source Python library for NTFS analysis

A collection of CTF write-ups demonstrating the use of pwntools for solving binary exploitation challenges across various cybersecurity competitions.

Hale is a modular botnet command and control monitoring tool that tracks C&C server communications across multiple protocols with web-based analysis interface and collaborative research capabilities.