8,962 tools
APT Simulator is a tool for simulating a compromised system on Windows.
APT Simulator is a tool for simulating a compromised system on Windows.
AutoYara is a Java tool that automatically generates YARA rules from malware samples using biclustering algorithms to help analysts create detection rules for malware families.
AutoYara is a Java tool that automatically generates YARA rules from malware samples using biclustering algorithms to help analysts create detection rules for malware families.
An open source packet capture and forwarding tool that captures network packets on one machine and sends them to another for remote monitoring and analysis.
An open source packet capture and forwarding tool that captures network packets on one machine and sends them to another for remote monitoring and analysis.
Dispatch helps manage security incidents by integrating with existing tools and automating incident response tasks.
Dispatch helps manage security incidents by integrating with existing tools and automating incident response tasks.
ConsoleMe is a web service that simplifies AWS IAM permissions and credential management across multiple accounts through self-service workflows and centralized administration.
ConsoleMe is a web service that simplifies AWS IAM permissions and credential management across multiple accounts through self-service workflows and centralized administration.
Scumblr is a web-based security automation platform that performs periodic data source synchronization and security analysis to help organizations proactively identify and track security issues.
Scumblr is a web-based security automation platform that performs periodic data source synchronization and security analysis to help organizations proactively identify and track security issues.
A deprecated digital forensics tool by Netflix that helped investigators scope compromises across AWS cloud instances by identifying behavioral differences and outliers during security incidents.
A deprecated digital forensics tool by Netflix that helped investigators scope compromises across AWS cloud instances by identifying behavioral differences and outliers during security incidents.
A PowerShell toolkit for penetration testing Microsoft Azure environments, providing discovery, configuration auditing, and post-exploitation capabilities.
A PowerShell toolkit for penetration testing Microsoft Azure environments, providing discovery, configuration auditing, and post-exploitation capabilities.
A generator for YARA rules that creates rules from strings found in malware files while removing strings from goodware files.
A generator for YARA rules that creates rules from strings found in malware files while removing strings from goodware files.
yarAnalyzer creates statistics on a yara rule set and files in a sample directory, generating tables and CSV files, including an inventory feature.
yarAnalyzer creates statistics on a yara rule set and files in a sample directory, generating tables and CSV files, including an inventory feature.
YARA signature and IOC database for LOKI and THOR Lite scanners with high quality rules and IOCs.
YARA signature and IOC database for LOKI and THOR Lite scanners with high quality rules and IOCs.
An online hash checker utility that retrieves information from various online sources, including Virustotal, HybridAnalysis, and more.
An online hash checker utility that retrieves information from various online sources, including Virustotal, HybridAnalysis, and more.
A comprehensive auditd configuration for Linux systems following best practices.
A comprehensive auditd configuration for Linux systems following best practices.
Fnord is a pattern extraction tool that analyzes obfuscated code using sliding window techniques to identify frequent byte sequences and generate experimental YARA rules for malware analysis.
Fnord is a pattern extraction tool that analyzes obfuscated code using sliding window techniques to identify frequent byte sequences and generate experimental YARA rules for malware analysis.
A lightweight bash script IOC scanner for Linux/Unix/macOS systems that detects malicious indicators through hash matching, filename analysis, string searches, and C2 server identification without requiring installation.
A lightweight bash script IOC scanner for Linux/Unix/macOS systems that detects malicious indicators through hash matching, filename analysis, string searches, and C2 server identification without requiring installation.
Ghidra is an NSA-developed software reverse engineering framework that provides disassembly, decompilation, and analysis tools for examining compiled code across multiple platforms and processor architectures.
Ghidra is an NSA-developed software reverse engineering framework that provides disassembly, decompilation, and analysis tools for examining compiled code across multiple platforms and processor architectures.
An anti-forensic Linux Kernel Module kill-switch for USB ports.
An anti-forensic Linux Kernel Module kill-switch for USB ports.
Mellivora Mellivora is a PHP-based CTF engine that provides comprehensive competition hosting capabilities with challenge management, team scoring, and administrative tools for cybersecurity competitions.
Mellivora Mellivora is a PHP-based CTF engine that provides comprehensive competition hosting capabilities with challenge management, team scoring, and administrative tools for cybersecurity competitions.
A CLI program that simplifies cybersecurity solution management through automated deployment, configuration, monitoring, and lifecycle operations across multiple hosts.
A CLI program that simplifies cybersecurity solution management through automated deployment, configuration, monitoring, and lifecycle operations across multiple hosts.
A tool for creating encrypted volumes with self-destruction capabilities that automatically destroy data when tampering is detected or commands are issued.
A tool for creating encrypted volumes with self-destruction capabilities that automatically destroy data when tampering is detected or commands are issued.
A Go-based honeypot server for detecting and logging attacker activity
A Go-based honeypot server for detecting and logging attacker activity
Tool used for dumping memory from Android devices with root access requirement and forensic soundness considerations.
Tool used for dumping memory from Android devices with root access requirement and forensic soundness considerations.
Integrates static APK analysis with Yara and requires re-compilation of Yara with the androguard module.
Integrates static APK analysis with Yara and requires re-compilation of Yara with the androguard module.