8,922 tools
A lightweight bash script IOC scanner for Linux/Unix/macOS systems that detects malicious indicators through hash matching, filename analysis, string searches, and C2 server identification without requiring installation.
A lightweight bash script IOC scanner for Linux/Unix/macOS systems that detects malicious indicators through hash matching, filename analysis, string searches, and C2 server identification without requiring installation.
Ghidra is an NSA-developed software reverse engineering framework that provides disassembly, decompilation, and analysis tools for examining compiled code across multiple platforms and processor architectures.
Ghidra is an NSA-developed software reverse engineering framework that provides disassembly, decompilation, and analysis tools for examining compiled code across multiple platforms and processor architectures.
An anti-forensic Linux Kernel Module kill-switch for USB ports.
An anti-forensic Linux Kernel Module kill-switch for USB ports.
Mellivora Mellivora is a PHP-based CTF engine that provides comprehensive competition hosting capabilities with challenge management, team scoring, and administrative tools for cybersecurity competitions.
Mellivora Mellivora is a PHP-based CTF engine that provides comprehensive competition hosting capabilities with challenge management, team scoring, and administrative tools for cybersecurity competitions.
A CLI program that simplifies cybersecurity solution management through automated deployment, configuration, monitoring, and lifecycle operations across multiple hosts.
A CLI program that simplifies cybersecurity solution management through automated deployment, configuration, monitoring, and lifecycle operations across multiple hosts.
A tool for creating encrypted volumes with self-destruction capabilities that automatically destroy data when tampering is detected or commands are issued.
A tool for creating encrypted volumes with self-destruction capabilities that automatically destroy data when tampering is detected or commands are issued.
A Go-based honeypot server for detecting and logging attacker activity
A Go-based honeypot server for detecting and logging attacker activity
Tool used for dumping memory from Android devices with root access requirement and forensic soundness considerations.
Tool used for dumping memory from Android devices with root access requirement and forensic soundness considerations.
Integrates static APK analysis with Yara and requires re-compilation of Yara with the androguard module.
Integrates static APK analysis with Yara and requires re-compilation of Yara with the androguard module.
A Docker-based honeypot network implementation featuring cowrie and dionaea honeypots with centralized event collection, geolocation enrichment, and real-time attack visualization.
A Docker-based honeypot network implementation featuring cowrie and dionaea honeypots with centralized event collection, geolocation enrichment, and real-time attack visualization.
A low interaction client honeypot that detects malicious websites using signature, anomaly and pattern matching techniques with automated URL collection and JavaScript analysis capabilities.
A low interaction client honeypot that detects malicious websites using signature, anomaly and pattern matching techniques with automated URL collection and JavaScript analysis capabilities.
A WordPress plugin that logs failed login attempts to help monitor unauthorized access attempts on WordPress websites.
A WordPress plugin that logs failed login attempts to help monitor unauthorized access attempts on WordPress websites.
A honeypot system that allows you to set up a decoy API to detect and analyze potential security threats.
A honeypot system that allows you to set up a decoy API to detect and analyze potential security threats.
An SDN honeypot tool for detecting and analyzing malicious activities in Software-Defined Networking environments.
An SDN honeypot tool for detecting and analyzing malicious activities in Software-Defined Networking environments.
A honeypot tool to detect and log CVE-2019-19781 scan and exploitation attempts.
A honeypot tool to detect and log CVE-2019-19781 scan and exploitation attempts.
Collection of Yara rules for file identification and classification
Collection of Yara rules for file identification and classification
A tool for creating compact Linux memory dumps compatible with popular debugging tools.
A tool for creating compact Linux memory dumps compatible with popular debugging tools.
Yaraprocessor allows for scanning data streams in unique ways and dynamic scanning of payloads from network packet captures.
Yaraprocessor allows for scanning data streams in unique ways and dynamic scanning of payloads from network packet captures.
ChopShop is a MITRE framework that helps analysts create pynids-based decoders and detectors for identifying APT tradecraft in network traffic.
ChopShop is a MITRE framework that helps analysts create pynids-based decoders and detectors for identifying APT tradecraft in network traffic.
Tools to export data from MISP MySQL database for post-incident analysis and correlation.
Tools to export data from MISP MySQL database for post-incident analysis and correlation.
Lists of sources and utilities to hunt, detect, and prevent evildoers.
Lists of sources and utilities to hunt, detect, and prevent evildoers.
An Active Defense framework for detecting and responding to phishing attacks in Office 365 Message Trace logs.
An Active Defense framework for detecting and responding to phishing attacks in Office 365 Message Trace logs.
A demonstration of a method to delete a locked executable or currently running file from disk.
A demonstration of a method to delete a locked executable or currently running file from disk.