8,962 tools
A Docker-based honeypot network implementation featuring cowrie and dionaea honeypots with centralized event collection, geolocation enrichment, and real-time attack visualization.
A Docker-based honeypot network implementation featuring cowrie and dionaea honeypots with centralized event collection, geolocation enrichment, and real-time attack visualization.
A low interaction client honeypot that detects malicious websites using signature, anomaly and pattern matching techniques with automated URL collection and JavaScript analysis capabilities.
A low interaction client honeypot that detects malicious websites using signature, anomaly and pattern matching techniques with automated URL collection and JavaScript analysis capabilities.
A WordPress plugin that logs failed login attempts to help monitor unauthorized access attempts on WordPress websites.
A WordPress plugin that logs failed login attempts to help monitor unauthorized access attempts on WordPress websites.
A honeypot system that allows you to set up a decoy API to detect and analyze potential security threats.
A honeypot system that allows you to set up a decoy API to detect and analyze potential security threats.
An SDN honeypot tool for detecting and analyzing malicious activities in Software-Defined Networking environments.
An SDN honeypot tool for detecting and analyzing malicious activities in Software-Defined Networking environments.
A honeypot tool to detect and log CVE-2019-19781 scan and exploitation attempts.
A honeypot tool to detect and log CVE-2019-19781 scan and exploitation attempts.
Collection of Yara rules for file identification and classification
Collection of Yara rules for file identification and classification
A tool for creating compact Linux memory dumps compatible with popular debugging tools.
A tool for creating compact Linux memory dumps compatible with popular debugging tools.
Yaraprocessor allows for scanning data streams in unique ways and dynamic scanning of payloads from network packet captures.
Yaraprocessor allows for scanning data streams in unique ways and dynamic scanning of payloads from network packet captures.
ChopShop is a MITRE framework that helps analysts create pynids-based decoders and detectors for identifying APT tradecraft in network traffic.
ChopShop is a MITRE framework that helps analysts create pynids-based decoders and detectors for identifying APT tradecraft in network traffic.
Tools to export data from MISP MySQL database for post-incident analysis and correlation.
Tools to export data from MISP MySQL database for post-incident analysis and correlation.
Lists of sources and utilities to hunt, detect, and prevent evildoers.
Lists of sources and utilities to hunt, detect, and prevent evildoers.
An Active Defense framework for detecting and responding to phishing attacks in Office 365 Message Trace logs.
An Active Defense framework for detecting and responding to phishing attacks in Office 365 Message Trace logs.
A demonstration of a method to delete a locked executable or currently running file from disk.
A demonstration of a method to delete a locked executable or currently running file from disk.
DMG2IMG converts Apple compressed DMG archives to standard HFS+ image files supporting zlib, bzip2, and LZFSE compression formats.
DMG2IMG converts Apple compressed DMG archives to standard HFS+ image files supporting zlib, bzip2, and LZFSE compression formats.
Orochi is a collaborative forensic memory dump analysis framework.
Orochi is a collaborative forensic memory dump analysis framework.
KLara is a distributed system written in Python that helps Threat Intelligence researchers hunt for new malware using Yara.
KLara is a distributed system written in Python that helps Threat Intelligence researchers hunt for new malware using Yara.
A low-interaction SSH authentication logging honeypot that logs all authentication attempts in JSON format.
A low-interaction SSH authentication logging honeypot that logs all authentication attempts in JSON format.
Starbase is a graph-based security analysis platform that provides automated asset discovery and relationship mapping across external services and systems to enhance attack surface visibility.
Starbase is a graph-based security analysis platform that provides automated asset discovery and relationship mapping across external services and systems to enhance attack surface visibility.
ConDroid is a concolic execution framework for Android applications that automates dynamic analysis by driving execution to specific code locations without manual interaction.
ConDroid is a concolic execution framework for Android applications that automates dynamic analysis by driving execution to specific code locations without manual interaction.
Dynamic binary analysis library with various analysis and emulation capabilities.
Dynamic binary analysis library with various analysis and emulation capabilities.
Assembler/disassembler for the dex format used by Dalvik, Android's Java VM implementation.
Assembler/disassembler for the dex format used by Dalvik, Android's Java VM implementation.
Web interface for the Volatility Memory Forensics Framework
Web interface for the Volatility Memory Forensics Framework