8,922 tools
ARM TrustZone provides a secure execution environment for applications on ARM processors.
ARM TrustZone provides a secure execution environment for applications on ARM processors.
A library of event-based analytics written in EQL to detect adversary behaviors identified in MITRE ATT&CK, providing detection rules for the Elastic Stack.
A library of event-based analytics written in EQL to detect adversary behaviors identified in MITRE ATT&CK, providing detection rules for the Elastic Stack.
Browse a library of EQL analytics now natively integrated in Elasticsearch.
Browse a library of EQL analytics now natively integrated in Elasticsearch.
A malware processing and analytics tool that utilizes Pig, Django, and Elasticsearch to analyze and visualize malware data.
A malware processing and analytics tool that utilizes Pig, Django, and Elasticsearch to analyze and visualize malware data.
A Python-based framework that generates evidence of MITRE ATT&CK tactics to help blue teams test their detection capabilities against simulated malicious activities.
A Python-based framework that generates evidence of MITRE ATT&CK tactics to help blue teams test their detection capabilities against simulated malicious activities.
PCAPdroid is a privacy-friendly app for tracking, analyzing, and blocking network connections on your device.
PCAPdroid is a privacy-friendly app for tracking, analyzing, and blocking network connections on your device.
Dagda is a Docker security tool that performs static vulnerability analysis of container images and monitors running containers for malicious threats and anomalous activities.
Dagda is a Docker security tool that performs static vulnerability analysis of container images and monitors running containers for malicious threats and anomalous activities.
A proof-of-concept executable injection tool that compiles and launches parasitic executables within target processes using standard or stealth injection techniques.
A proof-of-concept executable injection tool that compiles and launches parasitic executables within target processes using standard or stealth injection techniques.
Signature-based YARA rules for detecting and preventing threats within Linux, Windows, and macOS systems.
Signature-based YARA rules for detecting and preventing threats within Linux, Windows, and macOS systems.
OCaml bindings to the YARA scanning engine for integrating YARA scanning capabilities into OCaml projects
OCaml bindings to the YARA scanning engine for integrating YARA scanning capabilities into OCaml projects
Dorothy is a tool to test monitoring and detection capabilities for Okta environments, with modules mapped to MITRE ATT&CK® tactics.
Dorothy is a tool to test monitoring and detection capabilities for Okta environments, with modules mapped to MITRE ATT&CK® tactics.
Home for rules used by Elastic Security with code for unit testing, Kibana integration, and Red Team Automation.
Home for rules used by Elastic Security with code for unit testing, Kibana integration, and Red Team Automation.
An unofficial Python API that enables programmatic searching, browsing, and downloading of Android apps from Google Play Store.
An unofficial Python API that enables programmatic searching, browsing, and downloading of Android apps from Google Play Store.
echoCTF is a cybersecurity framework for running Capture the Flag competitions and training exercises on real IT infrastructure.
echoCTF is a cybersecurity framework for running Capture the Flag competitions and training exercises on real IT infrastructure.
GrokEVT is a tool for reading Windows event log files and converting them to a human-readable format.
GrokEVT is a tool for reading Windows event log files and converting them to a human-readable format.
Accessing databases stored on a machine by the Chrome browser and dumping URLs found.
Accessing databases stored on a machine by the Chrome browser and dumping URLs found.
Aptoide is an alternative Android application marketplace that enables APK downloads and metadata retrieval for mobile security research and analysis.
Aptoide is an alternative Android application marketplace that enables APK downloads and metadata retrieval for mobile security research and analysis.
A command-line tool for downloading Android APK files from the Appland platform via npm installation.
A command-line tool for downloading Android APK files from the Appland platform via npm installation.
Docker file for building Androguard dependencies with an optional interactive shell environment.
Docker file for building Androguard dependencies with an optional interactive shell environment.
Troje is a honeypot that creates dynamic LXC container environments to attract and monitor attackers while recording their activities and system changes.
Troje is a honeypot that creates dynamic LXC container environments to attract and monitor attackers while recording their activities and system changes.
CloudMapper is an AWS security analysis tool that audits configurations, identifies misconfigurations, analyzes IAM policies, finds unused resources, and provides network visualization capabilities.
CloudMapper is an AWS security analysis tool that audits configurations, identifies misconfigurations, analyzes IAM policies, finds unused resources, and provides network visualization capabilities.
A multiarch honeypot platform supporting 20+ honeypots and offering visualization options and security tools.
A multiarch honeypot platform supporting 20+ honeypots and offering visualization options and security tools.