8,922 tools
A Python script for scanning data within an IDB using Yara
A Python script for scanning data within an IDB using Yara
Steganographic Swiss army knife for encoding and decoding data into images.
Steganographic Swiss army knife for encoding and decoding data into images.
Static security code scanner (SAST) for Node.js applications with Docker support and integrations with Slack.
Static security code scanner (SAST) for Node.js applications with Docker support and integrations with Slack.
A low-interaction honeypot for detecting and analyzing security threats
A low-interaction honeypot for detecting and analyzing security threats
Timeliner is a digital forensics tool that rewrites mactime with an advanced expression engine for complex timeline filtering using BPF syntax.
Timeliner is a digital forensics tool that rewrites mactime with an advanced expression engine for complex timeline filtering using BPF syntax.
RegRippy is a modern Python 3 alternative to RegRipper for extracting data from Windows registry hives.
RegRippy is a modern Python 3 alternative to RegRipper for extracting data from Windows registry hives.
A .Net wrapper library for the native Yara library with interoperability and portability features.
A .Net wrapper library for the native Yara library with interoperability and portability features.
Serverless, real-time data analysis framework for incident detection and response.
Serverless, real-time data analysis framework for incident detection and response.
BinaryAlert is an open-source serverless AWS pipeline that automatically scans files uploaded to S3 buckets with YARA rules and generates immediate alerts when malware is detected.
BinaryAlert is an open-source serverless AWS pipeline that automatically scans files uploaded to S3 buckets with YARA rules and generates immediate alerts when malware is detected.
Ensnare is a Ruby on Rails gem that deploys honey traps and automated responses to detect and interfere with malicious behavior in web applications.
Ensnare is a Ruby on Rails gem that deploys honey traps and automated responses to detect and interfere with malicious behavior in web applications.
A threat hunting tool for Windows event logs to detect APT movements and decrease the time to uncover suspicious activity.
A threat hunting tool for Windows event logs to detect APT movements and decrease the time to uncover suspicious activity.
A Node.js library for validating environment variables and providing immutable access to configuration values in applications.
A Node.js library for validating environment variables and providing immutable access to configuration values in applications.
DDoSPot is a plugin-based honeypot platform that tracks UDP-based DDoS attacks and generates daily blacklists of potential attackers and scanners.
DDoSPot is a plugin-based honeypot platform that tracks UDP-based DDoS attacks and generates daily blacklists of potential attackers and scanners.
Repository of YARA rules for Trellix ATR blogposts and investigations
Repository of YARA rules for Trellix ATR blogposts and investigations
A modified version of GNU dd with added features like hashing and fast disk wiping.
A modified version of GNU dd with added features like hashing and fast disk wiping.
A portable forensic tool that detects encrypted containers like Truecrypt and Veracrypt by analyzing file headers, block cipher patterns, and entropy without external dependencies.
A portable forensic tool that detects encrypted containers like Truecrypt and Veracrypt by analyzing file headers, block cipher patterns, and entropy without external dependencies.
WackoPicko is an intentionally vulnerable web application used for security testing, penetration testing practice, and vulnerability scanner evaluation.
WackoPicko is an intentionally vulnerable web application used for security testing, penetration testing practice, and vulnerability scanner evaluation.
Open source framework for network traffic analysis with advanced features.
Open source framework for network traffic analysis with advanced features.
A tool for tracking, scanning, and filtering yara files with distributed scanning capabilities.
A tool for tracking, scanning, and filtering yara files with distributed scanning capabilities.
Inspeckage is a dynamic analysis tool for Android applications that provides runtime behavior monitoring through API hooking and real-time system interaction tracking.
Inspeckage is a dynamic analysis tool for Android applications that provides runtime behavior monitoring through API hooking and real-time system interaction tracking.
AbuseHelper is an open-source framework for receiving and redistributing abuse feeds and threat intel.
AbuseHelper is an open-source framework for receiving and redistributing abuse feeds and threat intel.
A Mac OS X forensic utility for ensuring correct forensic procedures during disk imaging.
A Mac OS X forensic utility for ensuring correct forensic procedures during disk imaging.