Meerkat
Meerkat is a collection of PowerShell modules designed for artifact gathering and reconnaissance of Windows-based endpoints without requiring a pre-deployed agent. Use cases include incident response triage, threat hunting, baseline monitoring, snapshot comparisons, and more. The tool provides a wide range of artifacts such as host information, network adapters, processes, services, files, audit policies, Windows firewall rules, DLLs, local users, ADS, disks, ports, strings, local groups, recycle bin, hotfixes, ARP, handles, scheduled tasks, hosts file, TPM, DNS, environment variables, autoruns, certificates, software, network routes, sessions, Bitlocker, registry, hardware, shares, domain information, defender event logs, drivers, USB history, metadata events related to login failures, user/group management, and more. It also offers ingestion into SIEMs, quick start guides, usage analysis, and troubleshooting tips.
FEATURES
SIMILAR TOOLS
No More Ransom is a collaborative project to combat ransomware attacks by providing decryption tools and prevention advice.
Browse and analyze iPhone/iPad backups with detailed file properties and various viewers.
usbdeath is an anti-forensic tool that manipulates udev rules for known USB devices and performs actions on unknown USB device insertion or specific USB device removal.
Automated collection tool for incident response triage in Windows systems.
Collects and organizes Linux OS data for detailed analysis and incident response.
A powerful tool for analyzing and visualizing system activity timelines.
DMG2IMG is a tool for converting Apple compressed dmg archives to standard image disk files with support for zlib, bzip2, and LZFSE compression.
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.