8,922 tools
A tool for quick and effective Yara rule creation to isolate malware families and malicious objects.
A tool for quick and effective Yara rule creation to isolate malware families and malicious objects.
An OCaml Ctypes wrapper for the YARA matching engine that enables malware identification capabilities in OCaml applications.
An OCaml Ctypes wrapper for the YARA matching engine that enables malware identification capabilities in OCaml applications.
WebGoat is an OWASP-maintained deliberately insecure web application designed to teach web application security through hands-on exercises with intentional vulnerabilities.
WebGoat is an OWASP-maintained deliberately insecure web application designed to teach web application security through hands-on exercises with intentional vulnerabilities.
Create a vulnerable active directory for testing various Active Directory attacks.
Create a vulnerable active directory for testing various Active Directory attacks.
Open-source Java application for creating proxies for traffic analysis & modification.
Open-source Java application for creating proxies for traffic analysis & modification.
A webshell manager via terminal for controlling web servers running PHP or MySQL.
A webshell manager via terminal for controlling web servers running PHP or MySQL.
A tool for managing multiple reverse shell sessions/clients via terminal with a RESTful API.
A tool for managing multiple reverse shell sessions/clients via terminal with a RESTful API.
NightShade is a Django-based capture the flag framework that enables organizations to create and manage cybersecurity competitions with support for multiple contest formats and multi-tenant architecture.
NightShade is a Django-based capture the flag framework that enables organizations to create and manage cybersecurity competitions with support for multiple contest formats and multi-tenant architecture.
A Python framework for building custom Command and Control interfaces that implements Cobalt Strike's External C2 specification for data transfer between frameworks.
A Python framework for building custom Command and Control interfaces that implements Cobalt Strike's External C2 specification for data transfer between frameworks.
Express middleware for detecting and redirecting Tor or Surface users.
Express middleware for detecting and redirecting Tor or Surface users.
A Node.js tool that analyzes HTTP security headers on websites to identify missing or problematic security configurations.
A Node.js tool that analyzes HTTP security headers on websites to identify missing or problematic security configurations.
An extensible network forensic analysis framework with deep packet analysis and plugin support.
An extensible network forensic analysis framework with deep packet analysis and plugin support.
Modular honeypot based on Python with support for Siemens S7 protocol.
Modular honeypot based on Python with support for Siemens S7 protocol.
UDcide is an Android malware analysis tool that detects and removes specific malicious behaviors from malware samples while preserving the binary for investigation purposes.
UDcide is an Android malware analysis tool that detects and removes specific malicious behaviors from malware samples while preserving the binary for investigation purposes.
A modular, cross-platform framework for creating repeatable, time-delayed security events and scenarios for Blue Team training and Red Team operations.
A modular, cross-platform framework for creating repeatable, time-delayed security events and scenarios for Blue Team training and Red Team operations.
Data exfiltration & infiltration tool using text-based steganography to evade security controls.
Data exfiltration & infiltration tool using text-based steganography to evade security controls.
A collection of PowerShell modules for artifact gathering and reconnaissance of Windows-based endpoints.
A collection of PowerShell modules for artifact gathering and reconnaissance of Windows-based endpoints.
A community-driven informational repository providing resources and guidance for hunting adversaries in IT environments.
A community-driven informational repository providing resources and guidance for hunting adversaries in IT environments.
Developer documentation providing REST API and SDK resources for ThreatConnect platform integration across Python, Java, and JavaScript environments.
Developer documentation providing REST API and SDK resources for ThreatConnect platform integration across Python, Java, and JavaScript environments.
Hippocampe is a threat feed aggregator with configurable confidence levels and a Hipposcore for determining maliciousness.
Hippocampe is a threat feed aggregator with configurable confidence levels and a Hipposcore for determining maliciousness.
A tool for privilege escalation within Linux environments by targeting vulnerabilities in SUDO usage.
A tool for privilege escalation within Linux environments by targeting vulnerabilities in SUDO usage.
YETI is a proof-of-concept TAXII implementation that supports Inbox, Poll, and Discovery services for automated cyber threat intelligence indicator exchange.
YETI is a proof-of-concept TAXII implementation that supports Inbox, Poll, and Discovery services for automated cyber threat intelligence indicator exchange.
Sysmon for Linux is a tool that monitors and logs system activity with advanced filtering to identify malicious activity.
Sysmon for Linux is a tool that monitors and logs system activity with advanced filtering to identify malicious activity.
Procmon for Linux is a reimagining of the classic Procmon tool from Windows, allowing Linux developers to trace syscall activity efficiently.
Procmon for Linux is a reimagining of the classic Procmon tool from Windows, allowing Linux developers to trace syscall activity efficiently.