8,812 tools
Collection of Yara rules for file identification and classification
Collection of Yara rules for file identification and classification
A tool for creating compact Linux memory dumps compatible with popular debugging tools.
A tool for creating compact Linux memory dumps compatible with popular debugging tools.
Yaraprocessor allows for scanning data streams in unique ways and dynamic scanning of payloads from network packet captures.
Yaraprocessor allows for scanning data streams in unique ways and dynamic scanning of payloads from network packet captures.
ChopShop is a MITRE framework that helps analysts create pynids-based decoders and detectors for identifying APT tradecraft in network traffic.
ChopShop is a MITRE framework that helps analysts create pynids-based decoders and detectors for identifying APT tradecraft in network traffic.
Tools to export data from MISP MySQL database for post-incident analysis and correlation.
Tools to export data from MISP MySQL database for post-incident analysis and correlation.
Lists of sources and utilities to hunt, detect, and prevent evildoers.
Lists of sources and utilities to hunt, detect, and prevent evildoers.
An Active Defense framework for detecting and responding to phishing attacks in Office 365 Message Trace logs.
An Active Defense framework for detecting and responding to phishing attacks in Office 365 Message Trace logs.
A demonstration of a method to delete a locked executable or currently running file from disk.
A demonstration of a method to delete a locked executable or currently running file from disk.
DMG2IMG converts Apple compressed DMG archives to standard HFS+ image files supporting zlib, bzip2, and LZFSE compression formats.
DMG2IMG converts Apple compressed DMG archives to standard HFS+ image files supporting zlib, bzip2, and LZFSE compression formats.
Orochi is a collaborative forensic memory dump analysis framework.
Orochi is a collaborative forensic memory dump analysis framework.
KLara is a distributed system written in Python that helps Threat Intelligence researchers hunt for new malware using Yara.
KLara is a distributed system written in Python that helps Threat Intelligence researchers hunt for new malware using Yara.
A low-interaction SSH authentication logging honeypot that logs all authentication attempts in JSON format.
A low-interaction SSH authentication logging honeypot that logs all authentication attempts in JSON format.
Starbase is a graph-based security analysis platform that provides automated asset discovery and relationship mapping across external services and systems to enhance attack surface visibility.
Starbase is a graph-based security analysis platform that provides automated asset discovery and relationship mapping across external services and systems to enhance attack surface visibility.
ConDroid is a concolic execution framework for Android applications that automates dynamic analysis by driving execution to specific code locations without manual interaction.
ConDroid is a concolic execution framework for Android applications that automates dynamic analysis by driving execution to specific code locations without manual interaction.
Dynamic binary analysis library with various analysis and emulation capabilities.
Dynamic binary analysis library with various analysis and emulation capabilities.
Assembler/disassembler for the dex format used by Dalvik, Android's Java VM implementation.
Assembler/disassembler for the dex format used by Dalvik, Android's Java VM implementation.
Web interface for the Volatility Memory Forensics Framework
Web interface for the Volatility Memory Forensics Framework
SysmonSearch makes event log analysis more effective by aggregating Microsoft Sysmon logs and providing detailed analysis through Elasticsearch and Kibana.
SysmonSearch makes event log analysis more effective by aggregating Microsoft Sysmon logs and providing detailed analysis through Elasticsearch and Kibana.
MalConfScan is a Volatility plugin for extracting configuration data of known malware and analyzing memory images.
MalConfScan is a Volatility plugin for extracting configuration data of known malware and analyzing memory images.
Investigate malicious logons by visualizing and analyzing Windows Active Directory event logs with LogonTracer.
Investigate malicious logons by visualizing and analyzing Windows Active Directory event logs with LogonTracer.
PowerForensics is a PowerShell digital forensics framework for hard drive forensic analysis.
PowerForensics is a PowerShell digital forensics framework for hard drive forensic analysis.
Powershell Threat Hunting Module for scanning remote endpoints and collecting comprehensive information.
Powershell Threat Hunting Module for scanning remote endpoints and collecting comprehensive information.