Automated Security Response: Falcon Orchestrator

CrowdStrike Falcon Orchestrator is an extendable Windows-based application that provides workflow automation, case management and security response functionality. The tool leverages the highly extensible APIs contained within the CrowdStrike Falcon Connect program. Falcon Orchestrator has only be...

osquery Command And Control: Kolide

osquery Command And Control Kolide is an agentless osquery web interface and remote api server. Kolide uses the osquery remote apis to do ad-hoc distributed queries, osqueryd configurations and the collection and processing of scheduled queries packs. Kolide was designed to be extremely portable ...

Binary Analysis Platform: angr

Binary Analysis Platform angr is a platform-agnostic binary analysis framework developed by the Computer Security Lab at UC Santa Barbara and their associated CTF team, Shellphish. angr is a suite of python libraries that let you load a binary and do a lot of cool things to it: Disassembly and...

OS Instrumentation Framework: osquery

OS Instrumentation Framework osquery exposes an operating system as a high-performance relational database. This allows you to write SQL-based queries to explore operating system data. With osquery, SQL tables represent abstract concepts such as running processes, loaded kernel modules, open...

Architecture Neutral Dynamic Analysis: PANDA

Architecture Neutral Dynamic Analysis PANDA is an open-source Platform for Architecture Neutral Dynamic Analysis. It is built upon the QEMU whole system emulator, and so analyses have access to all code executing in the guest and all data. PANDA adds the ability to record and replay executions,...

Low Interaction Honeypot: HoneyPy

A low interaction honeypot with the capability to be more of a medium interaction honeypot. HoneyPy is written in Python and is intended to be easy to: deploy, extend functionality with plugins, and apply custom configurations. The level of interaction is determined by the functionality of a...

High Throughput Fuzzer: Grr

High Throughput Fuzzer GRR is an x86 to amd64 binary translator. GRR was created to emulate and fuzzer DECREE challenge binaries. GRR was created for the DARPA Cyber Grand Challenge. Features Code cache persistence avoids translation overheads across separate runs. Optimization of the code cache,...

Interactive Disassembler: Plasma

Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code. PLASMA is an interactive disassembler. It can generate a more readable assembly pseudo code with colored syntax. You can write scripts with the available Python api. The project is still in big...

Malicious Host Intelligence: hostintel

Malicious Host Intelligence This tool is used to collect various intelligence sources for hosts. Hostintel is written in a modular fashion so new intelligence sources can be easily added. Hosts are identified by FQDN host name, Domain, or IP address. This tool only supports IPv4 at the moment. Th...

Open Source CAN Network Analysis: BUSMASTER

Open Source CAN Network Analysis BUSMASTER is an open source PC software for the design, monitoring, analysis, and simulation of CAN networks. Using its powerful functions and user-programmability one can simulate CAN system of any complexity. Additionally it provides options to analyze data byte...

Unified Diagnostic Services Simulator: UDSim

Unified Diagnostic Services Simulator The UDSim is a graphical simulator that can emulate different modules in a vehicle and respond to UDS request. It was designed as a training tool to run alongside of ICSim. It also has some unique learning features and can even be used to security test...

CAN bus analysis tool: Kayak

CAN bus analysis tool Kayak is a application for CAN bus diagnosis and monitoring. Its main goals are a simple interface and platform independence. Kayak is implemented in pure Java and has no platform specific dependencies. It includes a complete CAN bus abstraction model that can be included in...

ARP Poison Attack Script: Creak

ARP Poison Attack Script Deny navigation and download capabilities of a target host in the local network performing an ARP poison attack and sending reset TCP packets to every request made to the router. Born as a didactic project for learning python language. Installation $ git clone...

OWASP SSL TLS Scanning : DeepViolet

DeepViolet is a TLS/SSL scanning API written in Java. To keep DeepViolet easy to use, identify bugs, reference implementations have been developed that consume the API. If you want to see what DeepViolet can do, use it from the command line in your scripts or use the graphical tool from the comfo...

Auditing CAN Devices: CANSPY

A Platform for Auditing CAN Devices In the past few years, several tools have been released allowing hobbyists to connect to CAN buses found in cars. This is welcomed as the CAN protocol is becoming the backbone for embedded computers found in smartcars. Its use is now even spreading outside the...

SSL Enabled Basic Auth Credential Harvester: phishery

An SSL Enabled Basic Auth Credential Harvester with a Word Document Template URL Injector Phishery is a Simple SSL Enabled HTTP server with the primary purpose of phishing credentials via Basic Authentication. Phishery also provides the ability easily to inject the URL into a .docx Word document...

Twitter OSINT framework: Birdwatcher

Birdwatcher is a data analysis and OSINT framework for Twitter. Birdwatcher supports creating multiple workspaces where arbitrary Twitter users can be added and their Tweets harvested through the Twitter API for offline storage and analysis. Birdwatcher comes with several modules which can be...

Windows Remote Incident Response: CimSweep

Windows Remote Incident Response CimSweep is a suite of CIM/WMI-based tools that enable the ability to perform incident response and hunting operations remotely across all versions of Windows. CimSweep may also be used to engage in offensive reconnaissance without the need to drop any payload to...

Instruction Trace Visualisation Tool: rgat

An instruction trace visualisation tool intended to help reverse engineers make the link between target behaviour and code. rgat uses dynamic binary instrumentation courtesy of DynamoRIO to produce graphs from running executables. It creates static and animated visualisations in realtime to suppo...

Tunnel TCP connections over HTTP: Tunna

Tunnel TCP connections over HTTP Tunna is a set of tools which will wrap and tunnel any TCP communication over HTTP. It can be used to bypass network restrictions in fully firewalled environments. In a fully firewalled inbound and outbound connections restricted – except the webserver port. The...

WPA Enterprise Brute Force Attack Tool: Air-Hammer

WPA Enterprise Brute Force Attack Tool Air-Hammer is a new tool for performing online, horizontal brute-force attacks against wireless networks secured with WPA Enterprise. This is a completely different attack than the usual “ evil twin ” attacks against those networks. Although WPA Enterprise i...

Open Source Distributed Secure Skype Alternative: Tox Messenger

Open Source Distributed Secure Skype Alternative Distributed FOSS secure messenger with audio and video chat capabilities Tox began a few years ago, in the wake of Edward Snowden’s leaks regarding NSA spying activity. The idea was to create an instant messaging protocol that ran without any kind ...

Transparent Proxy tunnels: anonym8

Transparent Proxy tunnels Transparent Proxy through TOR, I2P, Privoxy, Polipo and modify DNS, for a simple and better privacy and security; Include Anonymizing Relay Monitor arm, macchanger, hostname and wipe Cleans ram/cache & swap-space features. Tested on Debian Kali Parrot To use the graphica...

CERT Basic Fuzzing Framework: BFF

CERT Basic Fuzzing Framework The CERT Basic Fuzzing Framework BFF is a software testing tool that finds defects in applications that run on the Linux and Mac OS X platforms. BFF performs mutational fuzzing on software that consumes file input. Mutational fuzzing is the act of taking well-formed...

Automated Memory Analyzer For Malware Samples: VolatilityBot

Automated Memory Analyzer For Malware Samples VolatilityBot is an automation tool for researchers cuts all the guesswork and manual tasks out of the binary extraction phase, or to help the investigator in the first steps of performing a memory analysis investigation. Not only does it automaticall...

High Precision WiFi Indoor Positioning Framework: FIND

High Precision WiFi Indoor Positioning Framework The Framework for Internal Navigation and Discovery FIND allows you to use your Android smartphone or WiFi-enabled computer laptop or Raspberry Pi or etc. to determine your position within your home or office. You can easily use this system in plac...

Windows Crypto Ransomware in Go: Ransomware

Windows Crypto Ransomware in Go Ransomware is a type of malware that prevents or limits users from accessing their system, either by locking the system’s screen or by locking the users’ files unless a ransom is paid. More modern ransomware families, collectively categorized as crypto-ransomware,...

Free Open Source Self Hosted VirusTotal: Malice

Free Open Source Self Hosted VirusTotal Malice’s mission is to be a free open source version of VirusTotal that anyone can use at any scale from an independent researcher to a fortune 500 company.’ Ubuntu Install: Install Go $ sudo add-apt-repository ppa:ubuntu-lxc/lxd-stable $ sudo apt-get updat...

The YAWAST Antecedent Web Application Security Toolkit

The YAWAST Antecedent Web Application Security Toolkit YAWAST is an application meant to simplify initial analysis and information gathering for penetration testers and security auditors. It performs basic checks in these categories: TLS/SSL – Versions and cipher suites supported; common issues...

Anonymous Offline Communications System: PirateBox

Anonymous Offline Communications System PirateBox creates offline wireless networks designed for anonymous file sharing, chatting, message boarding, and media streaming. You can think of it as your very own portable offline Internet in a box! When users join the PirateBox wireless network and ope...

Next Generation Firewall Bypass Tool: FireAway

Next Generation Firewall Bypass Tool Fireaway is a tool for auditing, bypassing, and exfiltrating data against layer 7/AppID inspection rules on next generation firewalls, as well as other deep packet inspection defense mechanisms, such as data loss prevention DLP and application aware proxies...

Microsoft Exchange Sensitive Data Search: MailSniper

Microsoft Exchange Sensitive Data Search MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms passwords, insider intel, network architecture information, etc.. It can be used as a non-administrative user to search their own...

One Click Symbolic Execution: Ponce

Ponce pronounced ‘poN θe pon-they is an IDA Pro plugin that provides users the ability to perform taint analysis and symbolic execution over binaries in an easy and intuitive fashion. With Ponce you are one click away from getting all the power from cutting edge symbolic execution. Entirely writt...

KNX Home Automation Security Auditing: KNXmap

KNX Home Automation Security Auditing A tool for scanning and auditing KNXnet/IP gateways on IP driven networks. KNXnet/IP defines Ethernet as physical communication media for KNX EN 50090, ISO/IEC 14543. KNXmap also allows to scan for devices on the KNX bus via KNXnet/IP gateways. In addition to...

WPA WPA2 Phishing Tool: Linset

WPA WPA2 Phishing Tool: Linset Linset Is Not a Social Enginering Tool To run linset in Kali-linux, only two2 additional programs are requiredrqr. They are lighttpd and php5-cgi. apt-get install lighttpd apt-get install php5-cgi After you unzip the download, place the linset folder found in the...

Web Application Security Scanner: Netsparker

THE ONLY FALSE POSITIVE FREE WEB APPLICATION SECURITY AND VULNERABILITY SCANNER Almost every business entity on the market today is trying hard to stretch out this year’s budget and somehow fit ‘security’ in the environment. Preferably, with minimal cost. Business owners, board directors, stock...

Windows Forensic Data Collection: IR-rescue

Windows Forensic Data Collection ir-rescue is a Windows Batch script that collects a myriad of forensic data from 32-bit and 64-bit Windows systems while respecting the order of volatility. It is intended for incident response use at different stages in the analysis and investigation process. It...

Data Exfiltration Toolkit: DET

Data Exfiltration Toolkit DET is provided AS IS, is a proof of concept to perform Data Exfiltration using either single or multiple channels at the same time. This is a Proof of Concept aimed at identifying possible DLP failures. This should never be used to exfiltrate sensitive/live data. The id...

Python Windows Event Log Parser: python-evtx

Python Windows Event Log Parser python-evtx is a pure Python parser for recent Windows Event Log files those with the file extension “.evtx”. The module provides programmatic access to the File and Chunk headers, record templates, and event entries. For example, you can use python-evtx to review...

Build Your Own PwnPhone

Build Your Own PwnPhone We’ll attempt to show you how to build your own Pwn Phone running the Kali operating system and our AOPP Android Open Pwn Project image. Let’s get cracking… Flashing the Phone 1. Download the Recovery image for your device: https://twrp.me/Devices 2. Connect the device to...

Arbitrary TCP Connection Proxy: BinProxy

Arbitrary TCP Connection Proxy BinProxy is a proxy for arbitrary TCP connections. You can define custom message formats using the BinData gem. BinProxy is a tool for understanding and manipulating binary network traffic. BinProxy gives you a TCP proxy and an interface to write protocol-specific...

Android Security Virtual Machine: Androl4b

Android Security Virtual Machine AndroL4b is an android security virtual machine based on ubuntu-mate includes the collection of latest framework, tutorials and labs from different security geeks and researchers for reverse engineering and malware analysis. The tools directory contains tools and...

Linux Memory Extractor: LiME

Linux Memory Extractor LiME formerly DMD is A Loadable Kernel Module LKM which allows for volatile memory acquisition from Linux and Linux-based devices, such as Android. This makes LiME unique as it is the first tool that allows for full memory captures on Android devices. It also minimizes its...

MITM BLE Security Assessment: gattacker

MITM BLE Security Assessment A Node.js package for BLE Bluetooth Low Energy Man-in-the-Middle & more The tool creates exact copy of attacked device in Bluetooth layer, and then tricks mobile application to interpret its broadcasts and connect to it instead the original device. At the same time, i...

Mercenary Linux

Mercenary-Linux is a “new-era” lightweight distribution of mostly Dockerized tools built for field expedient hunting, forensics, and malware analysis. This problem birthed MHF Mercenary Hunt Framework which allows the hunt team to easily perform hunt operations within a framework that aggregates...

Open Redirect DDoS Tool: UFONet

Open Redirect DDoS Tool UFONet – is a tool designed to launch DDoS attacks against a target, using ‘Open Redirect’ vectors on third party web applications, like botnet. UFONet abuses OSI Layer 7-HTTP to create/manage ‘zombies’ and to conduct different attacks using; GET/POST, multithreading,...

Raptor Web Application Firewall

Raptor Web Application Firewall Raptor Web Application Firewall is a simple web application firewall made in C, using KISS principle , to make poll use select function, is not better than epoll or kqueue from BSD but is portable, the core of match engine using DFA to detect XSS, SQLi and path...

Open Source Disk Encryption: VeraCrypt

VeraCrypt is a software for establishing and maintaining an on-the-fly-encrypted volume data storage device. On-the-fly encryption means that data is automatically encrypted right before it is saved and decrypted right after it is loaded, without any user intervention. No data stored on an...

RunPE Extraction Tool: FridaExtract

FridaExtract is a Frida.re based RunPE extraction tool. RunPE type injection is a common technique used by malware to hide code within another process. It also happens to be the final stage in a lot of packers : NOTE: Frida now also supports extraction of injected PE files using the...

Intel Engine Firmware Analysis Tool: MEAnalyzer

ME Analyzer is a tool which parses Intel Engine & PMC firmware images from the Converged Security Management Engine, Converged Security Trusted Execution Engine, Converged Security Server Platform Services, Management Engine, Trusted Execution Engine, Server Platform Services & Power Management...