Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/pe3zx/my-infosec-awesome
My curated list of awesome links, resources and tools on infosec related topics
https://github.com/pe3zx/my-infosec-awesome
List: my-infosec-awesome
awesome awesome-list information-security list
Last synced: 3 months ago
JSON representation
My curated list of awesome links, resources and tools on infosec related topics
- Host: GitHub
- URL: https://github.com/pe3zx/my-infosec-awesome
- Owner: pe3zx
- License: mit
- Created: 2017-11-09T16:11:18.000Z (about 7 years ago)
- Default Branch: master
- Last Pushed: 2024-04-21T09:31:41.000Z (8 months ago)
- Last Synced: 2024-05-22T05:00:38.747Z (7 months ago)
- Topics: awesome, awesome-list, information-security, list
- Homepage:
- Size: 2.32 MB
- Stars: 1,028
- Watchers: 44
- Forks: 135
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
Awesome Lists containing this project
- project-awesome - pe3zx/my-infosec-awesome - My curated list of awesome links, resources and tools on infosec related topics (Others)
- awesome-security-collection - **239**星
- awesome-csirt - my-infosec-awesome
- awesome-hacking-lists - pe3zx/my-infosec-awesome - My curated list of awesome links, resources and tools on infosec related topics (Others)
README
# My Infosec Awesome
---
**Update Nov 18, 2020**: [Offensive Bookmark.md](Offensive.md) has been created based on my need to map bookmarks (and tools) that practice tactics and techniques for offensive operations with MITRE ATT&CK Enterprise Matrix. The Post Exploitation section on [README.md](readme.md) is now migrate to the new page. I will update the new page with my personal bookmark soon.
---
This repository is created as an online bookmark for useful links, resources and tools in infosec field which serve my needs to have a searchable page to look further.
- [Adversary Simulation & Emulation](#adversary-simulation--emulation)
- [Application Security](#application-security)
- [Binary Analysis](#binary-analysis)
- [Cloud Security](#cloud-security)
- [Courses](#courses)
- [Cryptography](#cryptography)
- [Data Sets](#data-sets)
- [Digital Forensics and Incident Response](#digital-forensics-and-incident-response)
- [Exploits](#exploits)
- [Hardening](#hardening)
- [Hardware](#hardware)
- [Malware Analysis](#malware-analysis)
- [Mobile Security](#mobile-security)
- [Network Security](#network-security)
- [Open-source Intelligence (OSINT)](#open-source-intelligence-osint)
- [Password Cracking and Wordlists](#password-cracking-and-wordlists)
- [Social Engineering](#social-engineering)
- [Smart Contract](#smart-contract)
- [Vulnerable](#vulnerable)
## Adversary Simulation & Emulation
Link
Description
activeshadow/go-atomicredteam
go-atomicredteam is a Golang application to execute tests as defined in the atomics folder of Red Canary's Atomic Red Team project
alphasoc/flightsim
A utility to generate malicious network traffic and evaluate controls
Attack Simulatorin Office 365
Simulate realistic attacks on Office 365 environment
Azure/Cloud-Katana
Unlocking Serverless Computing to Assess Security Controls
BinaryDefense/beacon-fronting
A simple command line program to help defender test their detections for network beacon patterns and domain fronting
blackbotinc/Atomic-Red-Team-Intelligence-C2
ARTi-C2 is a post-exploitation framework used to execute Atomic Red Team test cases with rapid payload deployment and execution capabilities via .NET's DLR.
Blue Team Training Toolkit
Blue Team Training Toolkit (BT3) is designed for network analysis training sessions, incident response drills and red team engagements
carbonblack/excel4-tests
Carbon Black TAU Excel 4 Macro Analysis
center-for-threat-informed-defense/adversary_emulation_library
An open library of adversary emulation plans designed to empower organizations to test their defenses based on real-world TTPs.
Coalfire-Research/Red-Baron
Automate creating resilient, disposable, secure and agile infrastructure for Red Teams
Cyb3rWard0g/Invoke-ATTACKAPI
A PowerShell script to interact with the MITRE ATT&CK Framework via its own API
Cyb3rWard0g/mordor
Re-play Adversarial Techniques
chryzsh/DarthSidious
Building an Active Directory domain and hacking it
d3vzer0/reternal-quickstart
Repo containing docker-compose files and setup scripts without having to clone the individual reternal components
Datadog/stratus-red-team
☁️ ⚡ Granular, Actionable Adversary Emulation for the Cloud.
ElevenPaths/ATTPwn
ATTPwn is a computer security tool designed to emulate adversaries.
endgameinc/RTA
RTA provides a framework of scripts designed to allow blue teams to test their detection capabilities against malicious tradecraft, modeled after MITRE ATT&CK
FourCoreLabs/firedrill
firedrill is a malware simulation harness for evaluating your security controls
fozavci/tehsat
Tehsat Malware Traffic Generator
FSecureLABS/leonidas
Automated Attack Simulation in the Cloud, complete with detection use cases.
JonathanSalwan/Triton
Triton is a dynamic binary analysis library. Build your own program analysis tools, automate your reverse engineering, perform software verification or just emulate code.
jymchoeng/AutoTTP
Automated Tactics Techniques & Procedures
lawrenceamer/0xsp-Mongoose
a unique framework for cybersecurity simulation and red teaming operations, windows auditing for newer vulnerabilities, misconfigurations and privilege escalations attacks, replicate the tactics and techniques of an advanced adversary in a network.
microsoft/restler-fuzzer
RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services.
MiladMSFT/ThreatHunt
ThreatHunt is a PowerShell repository that allows you to train your threat hunting skills.
mitre/caldera
An automated adversary emulation system
mvelazc0/PurpleSharp
PurpleSharp is a C# adversary simulation tool that executes adversary techniques with the purpose of generating attack telemetry in monitored Windows environments
NextronSystems/APTSimulator
A toolset to make a system look as if it was the victim of an APT attack
NextronSystems/ransomware-simulator
Ransomware simulator written in Golang
n0dec/MalwLess
Test blue team detections without running any attack
OTRF/Microsoft-Sentinel2Go
Microsoft Sentinel2Go is an open source project developed to expedite the deployment of a Microsoft Sentinel research lab.
OTRF/SimuLand
Cloud Templates and scripts to deploy mordor environments
praetorian-code/purple-team-attack-automation
Praetorian's public release of our Metasploit automation of MITRE ATT&CK™ TTPs
qsecure-labs/overlord
Overlord - Red Teaming Infrastructure Automation
ReconInfoSec/adversary-emulation-map
Creates an ATT&CK Navigator map of an Adversary Emulation Plan
redcanaryco/atomic-red-team
Small and highly portable detection tests based on MITRE's ATT&CK.
redcanaryco/AtomicTestHarnesses
Public Repo for Atomic Test Harness
redcanaryco/chain-reactor
Chain Reactor is an open source framework for composing executables that simulate adversary behaviors and techniques on Linux endpoints.
redhuntlabs/RedHunt-OS
Virtual Machine for Adversary Emulation and Threat Hunting
RedTeamOperations/RedCloud-OS
RedCloudOS is a Cloud Adversary Simulation Operating System for Red Teams to assess the Cloud Security of Leading Cloud Service Providers (CSPs)
nickzer0/RedLab
Files for red team lab infrastructure.
ScarredMonk/SysmonSimulator
Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detections and correlation rules by Blue teams.
SecurityRiskAdvisors/VECTR
VECTR is a tool that facilitates tracking of your red and blue team testing activities to measure detection and prevention capabilities across different attack scenarios
SpiderLabs/sheepl
Sheepl : Creating realistic user behaviour for supporting tradecraft development within lab environments
splunk/attack_range
A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk
splunk/salo
Synthetic Adversarial Log Objects: A Framework for synthentic log generation
Splunk Boss of SOC
Splunk Boss of SOC
swimlane/atomic-operator
A Python package is used to execute Atomic Red Team tests (Atomics) across multiple operating system environments.
swimlane/soc-faker
A python package for use in generating fake data for SOC and security automation.
TryCatchHCF/DumpsterFire
"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events.
uber-common/metta
An information security preparedness tool to do adversarial simulation.
Unfetter
Unfetter is a project designed to help network defenders, cyber security professionals, and decision makers identify and analyze defensive gaps in a more scalable and repeatable way
warhorse/warhorse
Warhorse consists of a fully-featured Ansible playbook to deploy infrastructure in the cloud for conducting security assessments.
## Application Security
Link
Description
aboul3la/Sublist3r
Fast subdomains enumeration tool for penetration testers
Acheron-VAF/Acheron
Acheron is a RESTful vulnerability assessment and management framework built around search and dedicated to terminal extensibility.
ambionics/phpggc
PHPGGC is a library of unserialize() payloads along with a tool to generate them, from command line or programmatically.
anchore/grype
A vulnerability scanner for container images and filesystems
appsecco/spaces-finder
A tool to hunt for publicly accessible DigitalOcean Spaces
anatshri/svn-extractor
Simple script to extract all web resources by means of .SVN folder exposed over network.
aquasecurity/kube-hunter
Hunt for security weaknesses in Kubernetes clusters
aquasecurity/trivy
A Simple and Comprehensive Vulnerability Scanner for Container Images, Git Repositories and Filesystems. Suitable for CI
ARPSyndicate/kenzer
automated web assets enumeration & scanning
Assured OSS
Improve the security of your software supply chain by incorporating the same trusted open source software (OSS) packages that Google secures and uses into your own developer workflows.
barrracud4/image-upload-exploits
This repository contains various media files for known attacks on web applications processing media files. Useful for penetration tests and bug bounty.
BishopFox/GitGot
Semi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets.
BishopFox/h2csmuggler
HTTP Request Smuggling over HTTP/2 Cleartext (h2c)
brannondorsey/dns-rebind-toolkit
A front-end JavaScript toolkit for creating DNS rebinding attacks.
bridgecrewio/checkov
Prevent cloud misconfigurations during build-time for Terraform, Cloudformation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew.
brompwnie/botb
A container analysis and exploitation tool for pentesters and engineers.
Bug Bounty Recon
Bug Bounty Recon (bbrecon) is a Recon-as-a-Service for bug bounty hunters and security researchers. The API aims to provide a continuously up-to-date map of the Internet "safe harbor" attack surface, excluding out-of-scope targets.
Checkmarx/kics
Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
chvancooten/BugBountyScanner
A Bash script and Docker image for Bug Bounty reconnaissance. Intended for headless use.
danmar/cppcheck
static analysis of C/C++ code
deepfence/SecretScanner
Find secrets and passwords in container images and file systems
deepfence/ThreatMapper
Identify vulnerabilities in running containers, images, hosts and repositories
DefectDojo/django-DefectDojo
DefectDojo is an open-source application vulnerability correlation and security orchestration tool.
delvelabs/tachyon
Tachyon is a fast web application security reconnaissance tool.
delvelabs/vane2
WordPress version identification and vulnerability finder.
doyensec/inql
InQL - A Burp Extension for GraphQL Security Testing
dstotijn/hetty
Hetty is an HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community.
facebook/pyre-check/
Performant type-checking for python.
Findomain/Findomain
The fastest and cross-platform subdomain enumerator, do not waste your time.
fkie-cad/cwe_checker
cwe_checker finds vulnerable patterns in binary executables
google/atheris
Atheris is a coverage-guided Python fuzzing engine. It supports fuzzing of Python code, but also native extensions written for CPython. Atheris is based off of libFuzzer. When fuzzing native code, Atheris can be used in combination with Address Sanitizer or Undefined Behavior Sanitizer to catch extra bugs.
google/tsunami-security-scanner
Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.
googleprojectzero/weggli
weggli is a fast and robust semantic search tool for C and C++ codebases. It is designed to help security researchers identify interesting functionality in large codebases.
IlluminateJs
IlluminateJs is a static javascript analysis engine (a deobfuscator so to say) aimed to help analyst understand obfuscated and potentially malicious JavaScript Code.
ismailtasdelen/xss-payload-list
Cross Site Scripting ( XSS ) Vulnerability Payload List
jonluca/Anubis
Subdomain enumeration and information gathering tool
LanikSJ/dfimage
Reverse-engineer a Dockerfile from a Docker image.
lelinhtinh/de4js
JavaScript Deobfuscator and Unpacker
mazen160/bfac
BFAC (Backup File Artifacts Checker): An automated tool that checks for backup artifacts that may disclose the web-application's source code.
microsoft/onefuzz
A self-hosted Fuzzing-As-A-Service platform
mindedsecurity/JStillery
Advanced JS Deobfuscation via Partial Evaluation.
mwrlabs/dref
DNS Rebinding Exploitation Framework
nccgroup/singularity
A DNS rebinding attack framework
nccgroup/whalescan
Whalescan is a vulnerability scanner for Windows containers, which performs several benchmark checks, as well as checking for CVEs/vulnerable packages on the container
NetSPI/AutoDirbuster
Automatically run and save Dirbuster scans for multiple IPs
NetSPI/PowerUpSQL
PowerUpSQL: A PowerShell Toolkit for Attacking SQL Server
NotSoSecure/SerializedPayloadGenerator
It's Web Interface to generate payload using various deserialization exploitation framework
noqcks/xeol
Xeol is a scanner for End Of Life (EOL) packages in container images, systems, and SBOMs
Insights
Open Source Insights is an experimental service developed and hosted by Google to help developers better understand the structure, construction, and security of open source software packages.
ossf/allstar
GitHub App to set and enforce security policies
ossf/scorecard
Security Scorecards - Security health metrics for Open Source
OJ/gobuster
Directory/File, DNS and VHost busting tool written in Go
OWASP/Nettacker
Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management
OWASP/wstg
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
OWASP Zed Attack Proxy Project
The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers
PerimeterX/Restringer
A Javascript Deobfuscator
praetorian-inc/gokart
A static analysis tool for securing Go code
praetorian-inc/snowcat
a tool to audit the istio service mesh
pimps/JNDI-Exploit-kit
JNDI-Exploitation-Kit(A modified version of the great JNDI-Injection-Exploit created by @welk1n. This tool can be used to start an HTTP Server, RMI Server and LDAP Server to exploit java web apps vulnerable to JNDI Injection
presidentbeef/brakeman
A static analysis security vulnerability scanner for Ruby on Rails applications
Public WWW
Source Code Search Engine
pumasecurity/puma-scan
Puma Scan is a software security Visual Studio extension that provides real time, continuous source code analysis as development teams write code. Vulnerabilities are immediately displayed in the development environment as spell check and compiler warnings, preventing security bugs from entering your applications.
pwntester/ysoserial.net
Deserialization payload generator for a variety of .NET formatters
quarkslab/kdigger
kdigger is a context discovery tool for Kubernetes penetration testing.
redphx/localify
Effectively debug minified JS files
RedTeamPentesting/monsoon
Fast HTTP enumerator
RhinoSecurityLabs/IPRotate_Burp_Extension
Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.
RhinoSecurityLabs/SleuthQL
Python3 Burp History parsing tool to discover potential SQL injection points. To be used in tandem with SQLmap.
rpgeeganage/audit-node-modules-with-yara
Audit Node Module folder with YARA rules to identify possible malicious packages hiding in node_moudles
s0md3v/XSStrike
Most advanced XSS detection suite
Screetsec/Sudomy
Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting
securego/gosec
Golang security checker
SLSA
Safeguarding artifact integrity across any software supply chain
Snyk
Continuously find & fix vulnerabilities in your dependencies
sslab-gatech/Rudra
Rust Memory Safety & Undefined Behavior Detection
subfinder/subfinder
SubFinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing.
target/mmk-ui-api
UI, API, and Scanner (Rules Engine) services for Merry Maker
trailofbits/it-depends
A tool to automatically build a dependency graph and Software Bill of Materials (SBOM) for packages and arbitrary source code repositories.
vchinnipilli/kubestriker
A Blazing fast Security Auditing tool for Kubernetes
visma-prodsec/confused
Tool to check for dependency confusion vulnerabilities in multiple package management systems
wallarm/gotestwaf
Go Test WAF project, a tool to test different WAF detects for apps and APIs
wagiro/BurpBounty
Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.
wagoodman/dive
A tool for exploring each layer in a docker image
xmendez/wfuzz
Wfuzz has been created to facilitate the task in web applications assessments and it is based on a simple concept: it replaces any reference to the FUZZ keyword by the value of a given payload.
Yelp/detect-secrets
An enterprise friendly way of detecting and preventing secrets in code.
ZupIT/horusec
Horusec is an open source tool that improves identification of vulnerabilities in your project with just one command.
## Binary Analysis
Link
Description
acsdavid97/DotNetHooker
API tracing and argument dumping to ease reverse engineering .NET malware.
advanced-threat-research/DotDumper
An automatic unpacker and logger for DotNet Framework targeting files
Air14/HyperHide
Hypervisor based anti anti debug plugin for x64dbg
ajpc500/RelayRumbler
A proof-of-concept tool that attempts to retrieve the configuration from the memory dump of an F-Secure C3 Relay executable.
avast-tl/retdec
RetDec is a retargetable machine-code decompiler based on LLVM
binref/refinery
High Octane Triage Analysis
binvis.io
visual analysis of binary files
blackberry/pe_tree
Python module for viewing Portable Executable (PE) files in a tree-view using pefile and PyQt5. Can also be used with IDA Pro to dump in-memory PE files and reconstruct imports.
BLint
BLint is a Binary Linter to check the security properties, and capabilities in your executables. It is powered by lief
bohops/RogueAssemblyHunter
Rogue Assembly Hunter is a utility for discovering 'interesting' .NET CLR modules in running processes.
bootleg/ret-sync
ret-sync is a set of plugins that helps to synchronize a debugging session (WinDbg/GDB/LLDB/OllyDbg2/x64dbg) with IDA/Ghidra disassemblers.
buzzer-re/Shinigami
Shinigami is an experimental tool designed to detect and unpack malware implants that are injected via process hollowing or generic packer routines.
can1357/NoVmp
A static devirtualizer for VMProtect x64 3.x. powered by VTIL.
carbonblack/binee
Binee: binary emulation environment
Cisco-Talos/GhIDA
GhIDA is an IDA Pro plugin that integrates the Ghidra decompiler in IDA.
Cisco-Talos/Ghidraaas
Ghidraaas is a simple web server that exposes Ghidra analysis through REST APIs. The project includes three Ghidra plugins to analyze a sample, get the list of functions and to decompile a function.
certcc/kaiju
CERT Kaiju is a binary analysis framework extension for the Ghidra software reverse engineering suite
Comsecuris/gdbghidra
gdbghidra - a visual bridge between a GDB session and GHIDRA
Comsecuris/gdbida
gdbida - a visual bridge between a GDB session and IDA Pro's disassembler
Cutter
Free and Open Source RE Platform powered by radare2
DarthTon/Blackbone
Windows memory hacking library
Decompiler Explorer
This is the Decompiler Explorer! It is an interactive online decompiler which shows equivalent C-like output of decompiled programs from many popular decompilers. It's meant to be the reverse of the amazing Compiler Explorer.
dr4k0nia/Unscrambler
Universal unpacker and fixer for a number of modded ConfuserEx protections
dragon-dreamer/binary-valentine
Binary Valentine is a cross-platform static analysis tool for Portable Executable files. Detects security, configuration, optimization, system and format issues.
e-m-b-a/emba
EMBA - The firmware security analyzer
endgameinc/xori
Xori is an automation-ready disassembly and static analysis library for PE32, 32+ and shellcode
enkomio/shed
.NET runtine inspector. Shed - Inspect .NET malware like a Sir
FernandoDoming/r2diaphora
r2diaphora is a port of Diaphora to radare2 and MySQL. It also uses r2ghidra as decompiler by default, with support for other decompilers such as pdc.
flare-emu
flare-emu marries a supported binary analysis framework, such as IDA Pro or Radare2, with Unicorns emulation framework to provide the user with an easy to use and flexible interface for scripting emulation tasks.
fibratus
A modern tool for the Windows kernel exploration and observability
fireeye/capa
capa detects capabilities in executable files. You run it against a PE file or shellcode and it tells you what it thinks the program can do. For example, it might suggest that the file is a backdoor, is capable of installing services, or relies on HTTP to communicate.
fireeye/capa-rules
Standard collection of rules for capa: the tool for enumerating the capabilities of programs
fireeye/flare-floss
FireEye Labs Obfuscated String Solver - Automatically extract obfuscated strings from malware.
fireeye/speakeasy
Speakeasy is a portable, modular, binary emulator designed to emulate Windows kernel and user mode malware.
fireeye/stringsifter
A machine learning tool that ranks strings based on their relevance for malware analysis.
fkie-cad/FACT_core
Firmware Analysis and Comparison Tool
forrest-orr/moneta
Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs
FuzzySecurity/Dendrobate
Managed code hooking template.
FuzzySecurity/Fermion
Fermion, an electron wrapper for Frida & Monaco.
gaasedelen/tenet
A Trace Explorer for Reverse Engineers
GaloisInc/reopt
A tool for analyzing x86-64 binaries.
GHIDRA
A software reverse engineering (SRE) suite of tools developed by NSA's Research Directorate in support of the Cybersecurity mission
goretk/redress
Redress - A tool for analyzing stripped Go binaries
grimm-co/GEARSHIFT
GEARSHIFT is a tool that performs structure recovery for a specified function within a stripped binary. It also generates a fuzz harness that can be used to call functions in a shared object (.so) or dynamically linked library (.dll) file.
guelfoweb/peframe
PEframe is a open source tool to perform static analysis on Portable Executable malware and malicious MS Office documents.
hasherezade/hollows_hunter
A process scanner detecting and dumping hollowed PE modules.
hasherezade/hook_finder
a small tool for investigating inline hooks (and other in-memory code patches)
hasherezade/pe_to_shellcode
Converts PE into a shellcode
herosi/CTO
Call Tree Overviewer
horsicq/XELFViewer
ELF file viewer/editor for Windows, Linux and MacOS.
HyperDbg/HyperDbg
The Source Code of HyperDbg Debugger 🐞
hzqst/unicorn_pe
Unicorn PE is an unicorn based instrumentation project designed to emulate code execution for windows PE files.
Kaitai Struct
Kaitai Struct is a declarative language used to describe various binary data structures, laid out in files or in memory: i.e. binary file formats, network stream packet formats, etc.
KenSecurityLab/BinAbsInspector
BinAbsInspector: Vulnerability Scanner for Binaries
LIEF
Library to Instrument Executable Formats
loov/lensm
Go assembly and source viewer
mandiant/dncli
The FLARE team's open-source library to disassemble Common Intermediate Language (CIL) instructions.
mandiant/GoReSym
Go symbol recovery tool
mandiant/route-sixty-sink
Link sources to sinks in C# applications.
Martyx00/CollaRE
CollareRE is a tool for collaborative reverse engineering that aims to allow teams that do need to use more then one tool during a project to collaborate without the need to share the files on a separate locations.
Microsoft/binskim
A binary static analysis tool that provides security and correctness results for Windows portable executables
Microsoft/ProcDump-for-Linux
A Linux version of the ProcDump Sysinternals tool
MITRECND/malchive
Various capabilities for static malware analysis.
moyix/gpt-wpre
Whole-Program Reverse Engineering with GPT-3
mrphrazer/obfuscation_detection
Collection of scripts to pinpoint obfuscated code
mxmssh/drltrace
Drltrace is a library calls tracer for Windows and Linux applications
NASA-SW-VnV/ikos
IKOS (Inference Kernel for Open Static Analyzers) is a static analyzer for C/C++ based on the theory of Abstract Interpretation
nsacyber/BAM
The Binary Analysis Metadata tool gathers information about Windows binaries to aid in their analysis.
nccgroup/WindowsMemPageDelta
A Microsoft Windows service to provide telemetry on Windows executable memory page changes to facilitate threat detection
netspooky/scare
A multi-arch assembly REPL and emulator for your command line.
OALabs/hashdb-ida
HashDB API hash lookup plugin for IDA Pro
osandov/drgn
Programmable debugger
pierrezurek/Signsrch
tool for searching signatures inside files, extremely useful in reversing engineering for figuring or having an initial idea of what encryption/compression algorithm is used for a proprietary protocol or file. it can recognize tons of compression, multimedia and encryption algorithms and many other things like known strings and anti-debugging code which can be also manually added since it's all based on a text signature file read at runtime and easy to modify.
Pinitor
An API Monitor Based on Pin
pygore
Python library for analyzing Go binaries
qilingframework/qiling
Qiling Advanced Binary Emulation Framework
revng/pagebuster
PageBuster - dump all executable pages of packed processes.
REW-sploit/REW-sploit
Emulate and Dissect MSF and *other* attacks
rizin
Free and Open Source Reverse Engineering Framework
secretsquirrel/recomposer
Randomly changes Win32/64 PE Files for 'safer' uploading to malware and sandbox sites.
sibears/IDAGolangHelper
Set of IDA Pro scripts for parsing GoLang types information stored in compiled binary
strazzere/golang_loader_assist
Making GO reversing easier in IDA Pro
synacktive/frinet
Frida-based tracer for easier reverse-engineering on Android, iOS, Linux, Windows and most related architectures.
taviso/loadlibrary
Porting Windows Dynamic Link Libraries to Linux
unipacker/unipacker
Automatic and platform-independent unpacker for Windows binaries based on emulation
utkonos/lst2x64dbg
Extract labels from IDA, Ghidra, Binary Ninja, and Relyze files and export x64dbg database. Including radare2 main address.
Veles
New open source tool for binary data analysis
VisUAL
A highly visual ARM emulator
vmp2/vmemu
VMProtect 2 Virtual Machine Handler Emulation
wader/fq
Tool, language and decoders for inspecting binary data.
Wenzel/checksec.py
Checksec tool in Python, Rich output. Based on LIEF
WerWolv/ImHex
A Hex Editor for Reverse Engineers, Programmers and people that value their eye sight when working at 3 AM.
williballenthin/python-idb
Pure Python parser and analyzer for IDA Pro database files (.idb).
## Cloud Security
Link
Description
0xsha/CloudBrute
A tool to find a company (target) infrastructure, files, and apps on the top cloud providers (Amazon, Google, Microsoft, DigitalOcean, Alibaba, Vultr, Linode). The outcome is useful for bug bounty hunters, red teamers, and penetration testers alike.
Alfresco/prowler
Tool for AWS security assessment, auditing and hardening. It follows guidelines of the CIS Amazon Web Services Foundations Benchmark.
andresriancho/nimbostratus
Tools for fingerprinting and exploiting Amazon cloud infrastructures
asecure.cloud
A free repository of customizable AWS security configurations and best practices
asecurityteam/spacecrab
Bootstraps an AWS account with everything you need to generate, mangage, and distribute and alert on AWS honey tokens. Made with breakfast roti by the Atlassian security team.
aws-cloudformation/cloudformation-guard
Guard offers a policy-as-code domain-specific language (DSL) to write rules and validate JSON- and YAML-formatted data such as CloudFormation Templates, K8s configurations, and Terraform JSON plans/configurations against those rules.
awslabs/aws-security-benchmark
Open source demos, concept and guidance related to the AWS CIS Foundation framework.
Azure/Stormspotter
Azure Red Team tool for graphing Azure and Azure Active Directory objects
AzureAD/Azure-AD-Incident-Response-PowerShell-Module
The Azure Active Directory Incident Response PowerShell module provides a number of tools, developed by the Azure Active Directory Product Group in conjunction with the Microsoft Detection and Response Team (DART), to assist in compromise response.
BishopFox/iam-vulnerable
Use Terraform to create your own vulnerable by design AWS IAM privilege escalation playground.
BishopFox/smogcloud
Find cloud assets that no one wants exposed
BloodHoundAD/AzureHound
Azure Hound
bridgecrewio/cdkgoat
CdkGoat is Bridgecrew's "Vulnerable by Design" AWS CDK repository. CdkGoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.
bridgecrewio/cfngoat
Cfngoat is Bridgecrew's "Vulnerable by Design" Cloudformation repository. Cfngoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.
carlospolop/PurplePanda
Identify privilege escalation paths within and across different clouds
carnal0wnage/weirdAAL
WeirdAAL [AWS Attack Library] wiki!
cisagov/Sparrow
Sparrow.ps1 was created by CISA's Cloud Forensics team to help detect possible compromised accounts and applications in the Azure/m365 environment.
cisagov/untitledgoosetool
Untitled Goose Tool is a robust and flexible hunt and incident response tool that adds novel authentication and data gathering methods in order to run a full investigation against a customer’s Azure Active Directory (AzureAD), Azure, and M365 environments.
cloud-sniper/cloud-sniper
Cloud Security Operations Orchestrator
cloudquery/cloudquery
cloudquery transforms your cloud infrastructure into queryable SQL tables for easy monitoring, governance and security.
cloudsploit/scans
AWS security scanning checks
cr0hn/festin
FestIn is a tool for discovering open S3 Buckets starting from a domains.
CrowdStrike/CRT
This tool queries the following configurations in the Azure AD/O365 tenant which can shed light on hard to find permissions and configuration settings in order to assist organizations in securing these environments.
cyberark/blobhunter
Find exposed data in Azure with this public blob scanner
cyberark/SkyArk
SkyArk is a cloud security tool, helps to discover, assess and secure the most privileged entities in AWS
cyberark/SkyWrapper
SkyWrapper helps to discover suspicious creation forms and uses of temporary tokens in AWS
dagrz/aws_pwn
A collection of AWS penetration testing junk
darkbitio/aws-recon
Multi-threaded AWS inventory collection tool with a focus on security-relevant resources and metadata.
darkquasar/AzureHunter
A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365
disruptops/cred_scanner
A simple file-based scaner to look for potential AWS accesses and secret keys in files
duo-labs/cloudtracker
CloudTracker helps you find over-privileged IAM users and roles by comparing CloudTrail logs with current IAM policies.
duo-labs/cloudmapper
CloudMapper helps you analyze your Amazon Web Services (AWS) environments.
endgameinc/varna
Varna: Quick & Cheap AWS CloudTrail Monitoring with Event Query Language (EQL)
eth0izzle/bucket-stream
Find interesting Amazon S3 Buckets by watching certificate transparency logs.
FishermansEnemy/bucket_finder
Amazon bucket brute force tool
FSecureLABS/Azurite
Enumeration and reconnaissance activities in the Microsoft Azure Cloud.
glen-mac/goGetBucket
A penetration testing tool to enumerate and analyse Amazon S3 Buckets owned by a domain.
google/cloud-forensics-utils
Python library to carry out DFIR analysis on the Cloud
hausec/PowerZure
PowerShell framework to assess Azure security
initstring/cloud_enum
Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.
jonrau1/ElectricEye
Continuously monitor your AWS services for configurations that can lead to degradation of confidentiality, integrity or availability. All results will be sent to Security Hub for further aggregation and analysis.
jordanpotti/AWSBucketDump
Security Tool to Look For Interesting Files in S3 Buckets
jordanpotti/CloudScraper
CloudScraper: Tool to enumerate targets in search of cloud resources. S3 Buckets, Azure Blobs, Digital Ocean Storage Space.
kromtech/s3-inspector
Tool to check AWS S3 bucket permissions
lyft/metadataproxy
A proxy for AWS's metadata service that gives out scoped IAM credentials from STS
Macmod/STARS
A multi-cloud DNS record scanner that aims to help cybersecurity/IT analysts identify dangling CNAME records in their cloud DNS services that could possibly lead to subdomain takeover scenarios.
mgeeky/AzureRT
AzureRT - A Powershell module implementing various Azure Red Team tactics
MindPointGroup/cloudfrunt
A tool for identifying misconfigured CloudFront domains
nccgroup/aws-inventory
Discover resources created in an AWS account
nccgroup/azucar
Security auditing tool for Azure environments
nccgroup/PMapper
A tool for quickly evaluating IAM permissions in AWS.
nccgroup/s3_objects_check
Whitebox evaluation of effective S3 object permissions, in order to identify publicly accessible objects.
nccgroup/Scout2
Security auditing tool for AWS environments
nccgroup/ScoutSuite
Scout Suite is an open source multi-cloud security-auditing tool, which enables security posture assessment of cloud environments
Netflix-Skunkworks/diffy
Diffy is a digital forensics and incident response (DFIR) tool developed by Netflix's Security Intelligence and Response Team (SIRT).
Netflix/security_monkey
Security Monkey monitors your AWS and GCP accounts for policy changes and alerts on insecure configurations.
NetSPI/aws_consoler
A utility to convert your AWS CLI credentials into AWS console access.
NetSPI/MicroBurst
A collection of scripts for assessing Microsoft Azure security
NotSoSecure/cloud-service-enum
This script allows pentesters to validate which cloud tokens (API keys, OAuth tokens and more) can access which cloud service.
prevade/cloudjack
Route53/CloudFront Vulnerability Assessment Utility
projectdiscovery/cloudlist
Cloudlist is a tool for listing Assets from multiple Cloud Providers.
pumasecurity/serverless-prey
Serverless Functions for establishing Reverse Shells to Lambda, Azure Functions, and Google Cloud Functions
random-robbie/slurp
Enumerate S3 buckets via certstream, domain, or keywords
RhinoSecurityLabs/cloudgoat
CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool
RhinoSecurityLabs/pacu
Rhino Security Labs' AWS penetration testing toolkit
RiotGames/cloud-inquisitor
Enforce ownership and data security within AWS
sa7mon/S3Scanner
Scan for open S3 buckets and dump
salesforce/cloudsplaining
Cloudsplaining is an AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized HTML report with a triage worksheet
sendgrid/krampus
The original AWS security enforcer™
SecurityFTW/cs-suite
Cloud Security Suite - One stop tool for auditing the security posture of AWS infrastructure.
soteria-security/365Inspect
A PowerShell script that automates the security assessment of Microsoft Office 365 environments.
spacesiren/spacesiren
A honey token manager and alert system for AWS.
sbasu7241/AWS-Threat-Simulation-and-Detection
Playing around with Stratus Red Team (Cloud Attack simulation tool) and SumoLogic
swimlane/CLAW
A packer utility to create and capture DFIR Image for use AWS & Azure
theflakes/reg_hunter
Blueteam operational triage registry hunting/forensic tool
ThreatResponse/margaritashotgun
Remote Memory Acquisition Tool for AWS
ThreatResponse/aws_ir
Python installable command line utiltity for mitigation of host and key compromises.
toniblyx/prowler
Tool based on AWS-CLI commands for AWS account security assessment and hardening, following guidelines of the CIS Amazon Web Services Foundations Benchmark 1.1
widdix/aws-s3-virusscan
Antivirus for Amazon S3 buckets
## Courses
Link
Description
specterops/at-ps
Adversary Tactics - PowerShell Training
## Cryptography
Link
Description
Balasys/dheater
D(HE)ater is a security tool can perform DoS attack by enforcing the DHE key exchange.
CERTCC/keyfinder
A tool for analyzing private (and public) key files, including support for Android APK files.
CertDB
Internet-wide search engine for digital certificates
Ciphey/Ciphey
Automatically decode encryptions without a key, decode encodings, and crack hashes
Demonslay335/CryptoTester
A utility for playing with cryptography, geared towards ransomware analysis.
mpgn/BEAST-PoC
Poc of BEAST attack against SSL/TLS
mpgn/Padding-oracle-attack
Padding oracle attack against PKCS7
mpgn/poodle-PoC
Poodle (Padding Oracle On Downgraded Legacy Encryption) attack
mxrch/evilize
Use md5-collisions to make evil executables looking like a good one.
salesforce/ja3
JA3 is a standard for creating SSL client fingerprints in an easy to produce and shareable way.
## Data Sets
Link
Description
BOTS 1.0 Dataset
The BOTS 1.0 dataset records two attacks perpetrated by a fictitious hacktivist group called po1s0n1vy targeting Wayne Corp of Batman mythology. There are many comic book references in the data; from heroes and villains to “Batman’s” street addresses. Not only does the dataset have many different types of data—everything from Sysmon to Suricata—but there are even file hashes that can be found in Virustotal.com and domains/IPs to hunt for in OSINT tools like PassiveTotal and Robtex!
DataPlane.org
DataPlane.org is a community-powered Internet data, feeds, and measurement resource for operators, by operators. We provide reliable and trustworthy service at no cost.
cobaltstrike-beacon-data
Open Dataset of Cobalt Strike Beacon metadata (2018-2022)
Google Dataset Search
Google Dataset Search
FiveDirections/OpTC-data
Operationally Transparent Cyber (OpTC) Data
intel/yarpgen
Yet Another Random Program Generator
Kitsune Network Attack Dataset
Nine labeled attacks with extracted features and the original network capture
nimrodpar/Labeled-Elfs
A collection of well labeled ELF binaries compiled from benign and malicious code in various ways. Great for exploring similarity in executables and training various ML models.
Security Datasets
The Security Datasets project is an open-source initiatve that contributes malicious and benign datasets, from different platforms, to the infosec community to expedite data analysis and threat research.
SecRepo.com - Samples of Security Related Data
Finding samples of various types of Security related can be a giant pain. This is my attempt to keep a somewhat curated list of Security related data I've found, created, or was pointed to. If you perform any kind of analysis with any of this data please let me know and I'd be happy to link it from here or host it here. Hopefully by looking at others research and analysis it will inspire people to add-on, improve, and create new ideas.
sophos-ai/SOREL-20M
Sophos-ReversingLabs 20 million sample dataset
splunk/attack_data
A Repository of curated datasets from various attacks
Winbindex
The Windows Binaries Index
## Digital Forensics and Incident Response
Link
Description
$I File Parser
Free Forensics Tool – \$I File Parser
0xrawsec/kunai
Threat-hunting tool for Linux
3CORESec/Automata
Automatic detection engineering technical state compliance
AbdulRhmanAlfaifi/Fennec
Artifact collection tool for *nix systems
Accenture/docker-plaso
Docker container for plaso supertimlining tool
activecm/BeaKer
Beacon Kibana Executable Report. Aggregates Sysmon Network Events With Elasticsearch and Kibana
activecm/espy/
Endpoint detection for remote hosts for consumption by RITA and Elasticsearch
ahmedkhlief/APT-Hunter
APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity
airbus-cert/Winshark
A wireshark plugin to instrument ETW
AlienVault OSSIM
AlienVault OSSIM: The World’s Most Widely Used Open Source SIEM
andreafortuna/autotimeliner
Automagically extract forensic timeline from volatile memory dump
ANSSI-FR/bits_parser
Extract BITS jobs from QMGR queue and store them as CSV records
ANSSI-FR/bmc-tools
RDP Bitmap Cache Parser
ANSSI-FR/DFIR4vSphere
Powershell module for VMWare vSphere forensics
ANSSI-FR/DFIR-O365RC
PowerShell module for Office 365 and Azure AD log collection
aquasecurity/tracee
Linux Runtime Security and Forensics using eBPF
Arsenal Recon Free Tools
Arsenal Recon Free Tools
asimihsan/cwl-mount
Mount AWS CloudWatch logs as a file system
bfuzzy/auditd-attack
A Linux Auditd rule set mapped to MITRE's Attack Framework
Broctets-and-Bytes/Darwin
This script is designed to be run against a mounted image, live system, or device in target disk mode. The script automates the collection of key files for MacOS investigations.
bromiley/olaf
Office365 Log Analysis Framework: OLAF is a collection of tools, scripts, and analysis techniques dealing with O365 Investigations.
BSI-Bund/RdpCacheStitcher
RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.
cado-security/varc
Volatile Artifact Collector collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of particular use when investigating a security incident.
carmaa/inception
Inception is a physical memory manipulation and hacking tool exploiting PCI-based DMA. The tool can attack over FireWire, Thunderbolt, ExpressCard, PC Card and any other PCI/PCIe interfaces.
CCob/BeaconEye
Hunts out CobaltStrike beacons and logs operator command output
Cerebrate Project
Cerebrate is an open-source platform meant to act as a trusted contact information provider and interconnection orchestrator for other security tools (such as MISP).
cgosec/Blauhaunt
A tool collection for filtering and visualizing logon events. Designed to help answering the "Cotton Eye Joe" question (Where did you come from where did you go) in Security Incidents and Threat Hunts
chrisandoryan/Nethive-Project
Restructured and Collaborated SIEM and CVSS Infrastructure. Presented at Blackhat Asia Arsenal 2020.
cilium/tetragon
eBPF-based Security Observability and Runtime Enforcement
cisagov/CHIRP
A forensic collection tool written in Python.
coinbase/dexter
Forensics acquisition framework designed to be extensible and secure
ComodoSecurity/openedr
Open EDR public repository
countercept/chainsaw
Rapidly Search and Hunt through Windows Event Logs
CrowdStrike/automactc
AutoMacTC: Automated Mac Forensic Triage Collector
CrowdStrike/Forensics
Scripts and code referenced in CrowdStrike blog posts
CrowdStrike/SuperMem
A python script developed to process Windows memory images based on triage type.
cryps1s/DARKSURGEON
DARKSURGEON is a Windows packer project to empower incident response, digital forensics, malware analysis, and network defense.
cyb3rfox/Aurora-Incident-Response
Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders
Cyb3rWard0g/HELK
A Hunting ELK (Elasticsearch, Logstash, Kibana) with advanced analytic capabilities.
Cyber Analytics Repository
The MITRE Cyber Analytics Repository (CAR) is a knowledge base of analytics developed by MITRE based on the MITRE ATT&CK adversary model.
CyberDefenseInstitute/CDIR
CDIR (Cyber Defense Institute Incident Response) Collector - live collection tool based on oss tool/library
D4stiny/PeaceMaker
PeaceMaker Threat Detection is a Windows kernel-based application that detects advanced techniques used by malware.
DamonMohammadbagher/ETWProcessMon2
ETWProcessMon2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection etc.
DataDog/threatest
Threatest is a Go framework for end-to-end testing threat detection rules.
davehull/Kansa
A Powershell incident response framework
deepalert/deepalert
Serverless SOAR (Security Orchestration, Automation and Response) framework for automatic inspection and evaluation of security alert
DFIR ORC
DFIR ORC, where ORC stands for “Outil de Recherche de Compromission” in French, is a collection of specialized tools dedicated to reliably parse and collect critical artefacts such as the MFT, registry hives or event logs. It can also embed external tools and their configurations.
dfir-iris/iris-web
Incident Response collaborative platform
DFIRKuiper/Kuiper
Digital Forensics Investigation Platform
dfirtrack/dfirtrack
DFIRTrack - The Incident Response Tracking Application
DG Wingman
DG Wingman is a free community Windows tool designed to aid in the collection of forensic evidence in order to properly investigate and scope an intrusion.
dhondta/AppmemDumper
Forensics triage tool relying on Volatility and Foremost
dlcowen/FSEventsParser
Parser for OSX/iOS FSEvents Logs
draios/sysdig
Linux system exploration and troubleshooting tool with first class support for containers
drego85/meioc
Extracting IoC data from eMail
elastic/protections-artifacts
Elastic Security detection content for Endpoint
emalderson/ThePhish
ThePhish: an automated phishing email analysis tool
fireeye/ARDvark
ARDvark parses the Apple Remote Desktop (ARD) files to pull out application usage, user activity, and filesystem listings.
fireeye/SilkETW
SilkETW & SilkService are flexible C# wrappers for ETW, they are meant to abstract away the complexities of ETW and give people a simple interface to perform research and introspection.
fireeye/ThreatPursuit-VM
Threat Pursuit Virtual Machine (VM): A fully customizable, open-sourced Windows-based distribution focused on threat intelligence analysis and hunting designed for intel and malware analysts as well as threat hunters to get up and running quickly.
ForensicArtifacts/artifacts
Digital Forensics Artifact Repository
frikky/Shuffle
Shuffle: A general purpose security automation platform platform. We focus on accessibility for all.
FSecureLABS/LinuxCatScale
Incident Response collection and processing scripts with automated reporting scripts
G-Research/siembol
An open-source, real-time Security Information & Event Management tool based on big data technologies, providing a scalable, advanced security analytics framework.
gleeda/memtriage
Allows you to quickly query a Windows machine for RAM artifacts
google/docker-explorer
A tool to help forensicate offline docker acquisitions
google/GiftStick
1-Click push forensics evidence to the cloud
google/grr
GRR is a python client (agent) that is installed on target systems, and python server infrastructure that can manage and talk to clients.
google/rekall
The Rekall Framework is a completely open collection of tools, implemented in Python under the Apache and GNU General Public License, for the extraction and analysis of digital artifacts computer systems.
google/timesketch
Collaborative forensic timelune analysis
google/turbinia
Automation and Scaling of Digital Forensics Tools
Graylog
Built to open standards, Graylog’s connectivity and interoperability seamlessly collects, enhances, stores, and analyzes log data.
hashlookup/hashlookup-forensic-analyser
Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service
hunters-forge/API-To-Event
A repo to document API functions mapped to security events across diverse platforms
hunters-forge/OSSEM
Open Source Security Events Metadata (OSSEM)
jimtin/IRCoreForensicFramework
Powershell 7 (Powershell Core)/ C# cross platform forensic framework. Built by incident responders for incident responders.
jklepsercyber/defender-detectionhistory-parser
A parser of Windows Defender's DetectionHistory forensic artifact, containing substantial info about quarantined files and executables.
joeavanzato/Trawler
PowerShell script to help Incident Responders discover adversary persistence mechanisms.
JPCERTCC/LogonTracer
Investigate malicious Windows logon by visualizing and analyzing Windows event log
JPCERTCC/SysmonSearch
Investigate suspicious activity by visualizing Sysmon's event log
IllusiveNetworks-Labs/HistoricProcessTree
An Incident Response tool that visualizes historic process execution evidence (based on Event ID 4688 - Process Creation Event) in a tree view.
intezer/linux-explorer
Easy-to-use live forensics toolbox for Linux endpoints
invictus-ir/Microsoft-365-Extractor-Suite
A set of PowerShell scripts that allow for complete and reliable acquisition of the Microsoft 365 Unified Audit Log
Invoke-IR/ACE
The Automated Collection and Enrichment (ACE) platform is a suite of tools for threat hunters to collect data from many endpoints in a network and automatically enrich the data. The data is collected by running scripts on each computer without installing any software on the target. ACE supports collecting from Windows, macOS, and Linux hosts.
Invoke-IR/PowerForensics
PowerForensics provides an all in one platform for live disk forensic analysis
ion-storm/sysmod-edr
Sysmon EDR Active Response
kacos2000/MFT_Browser
$MFT directory tree reconstruction & record info
Kaspersky IR's Artifacts Collector
Kaspersky IR's Artifacts Collector
Live Response Collection - Cedarpelta
Live Response Collection - Cedarpelta
log2timeline/dftimewolf
A framework for orchestrating forensic collection, processing and data export
log2timeline/plaso
log2timeline is a tool designed to extract timestamps from various files found on a typical computer system(s) and aggregate them.
MAGNET App Simulator
MAGNET App Simulator lets you load application data from Android devices in your case into a virtual environment, enabling you to view and interact with the data as the user would have seen it on their own device.
MalwareSoup/MitreAttack
Python wrapper for the Mitre ATT&CK framework API
mandiant/Mandiant-Azure-AD-Investigator
This repository contains a PowerShell module for detecting artifacts that may be indicators of UNC2452 and other threat actor activity
markbaggett/srum-dump
A forensics tool to convert the data in the Windows srum (System Resource Usage Monitor) database to an xlsx spreadsheet.
markbaggett/werejugo
Identifies physical locations where a laptop has been based upon wireless profiles and wireless data recorded in event logs
matanolabs/matano
Open source cloud-native security lake platform (SIEM alternative) for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS
microsoft/avml
AVML - Acquire Volatile Memory for Linux
miriamxyra/EventList
EventList is a tool to help improving your Audit capabilities and to help to build your Security Operation Center.
mitre-attack/bzar
A set of Zeek scripts to detect ATT&CK techniques.
monnappa22/HollowFind
Hollowfind is a Volatility plugin to detect different types of process hollowing techniques used in the wild to bypass, confuse, deflect and divert the forensic analysis techniques. The plugin detects such attacks by finding discrepancy in the VAD and PEB, it also disassembles the address of entry point to detect any redirection attempts and als…
mozilla/audit-go
Linux Audit Plugin for heka written using netlink Protocol in golang and Lua
mozilla/mig
Distributed & real time digital forensics at the speed of the cloud
mozilla/MozDef
MozDef: The Mozilla Defense Platform
nannib/Imm2Virtual
This is a GUI (for Windows 64 bit) for a procedure to virtualize your EWF(E01), DD(Raw), AFF disk image file without converting it, directly with VirtualBox, forensically proof.
Neo23x0/god-mode-rules
God Mode Detection Rules
Netflix/dispatch
All of the ad-hoc things you're doing to manage incidents today, done for you, and much more!
nshalabi/SysmonTools
Utilities for Sysmon (Sysmon View and Sysmon Shell)
NVISOsecurity/evtx-hunter
evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.
NXLog
The modern open source log collector.
omenscan/achoir
Windows Live Artifacts Acquisition Script
omenscan/achoirx
ReWrite of AChoir in Go for Cross PlatformReWrite of AChoir in Go for Cross Platform
opencybersecurityalliance/kestrel-lang
Kestrel Threat Hunting Language
OpenEx-Platform/openex
Open Crisis Exercises Planning Platform
orlikoski/CyLR
CyLR - Live Response Collection Tool
OSSEC
Open Source HIDS SECurity
OTRF/Azure-Sentinel2Go
Azure Sentinel2Go is an open source project developed to expedite the deployment of an Azure Sentinel lab.
ovotech/gitoops
GitOops is a tool to help attackers and defenders identify lateral movement and privilege escalation paths in GitHub organizations by abusing CI/CD pipelines and GitHub access controls.
philhagen/sof-elk
Configuration files for the SOF-ELK VM, used in SANS FOR572
PSGumshoe/PSGumshoe
PSGumshoe is a Windows PowerShell module for the collection of OS and domain artifacts for the purposes of performing live response, hunt, and forensics.
ptresearch/AttackDetection
The Attack Detection Team searches for new vulnerabilities and 0-days, reproduces it and creates PoC exploits to understand how these security flaws work and how related attacks can be detected on the network layer. Additionally, we are interested in malware and hackers’ TTPs, so we develop Suricata rules for detecting all sorts of such activities.
PUNCH-Cyber/stoq
An open source framework for enterprise level automated analysis.
PULSAR
Pulsar is a powerful, blazing fast runtime security observability framework designed for the IoT.
PwC-IR/Office-365-Extractor
The Office 365 Extractor is a tool that allows for complete and reliable extraction of the Unified Audit Log (UAL)
rajiv2790/FalconEye
FalconEye: Real-time detection software for Windows process injections
Red Canary Mac Monitor
Red Canary Mac Monitor is a feature-rich dynamic analysis tool for macOS that leverages our extensive understanding of the platform and Apple’s latest APIs to collect and present relevant security events.
refractionPOINT/limacharlie
LC is an Open Source, cross-platform (Windows, MacOS, Linux ++), realtime Endpoint Detection and Response sensor. The extra-light sensor, once installed on a system provides Flight Data Recorder type information (telemetry on all aspects of the system like processes, DNS, network IO, file IO etc).
RomanEmelyanov/CobaltStrikeForensic
Toolset for research malware and Cobalt Strike beacons
ROCK NSM
Response Operation Collection Kit - An open source Network Security Monitoring platform.
salesforce/bro-sysmon
Bro-Sysmon enables Bro to receive Windows Event Logs. This provide a method to associate Network Monitoring and Host Monitoring. The work was spurred by the need to associate JA3 and HASSH fingerprints with the application on the host. The example below shows the hostname, Process ID, connection information, JA3 fingerprints, Application Path, and binary hashes.
salesforce/jarm
JARM is an active Transport Layer Security (TLS) server fingerprinting tool.
sans-blue-team/DeepBlueCLI
DeepBlueCLI - a PowerShell Module for Threat Hunting via Windows Event Logs
Security Onion
Peel back the layers of your enterprise
SecurityBrewery/catalyst
Catalyst is a SOAR system that helps to automate alert handling and incident response processes
SecurityRiskAdvisors/TALR
Threat Alert Logic Repository (TALR) - A public repository for the collection and sharing of detection rules in platform agnostic formats. Collected rules are appended with STIX required fields for simplified sharing over TAXII servers.
SekoiaLab/fastir_artifacts
Live forensic artifacts collector
SekoiaLab/Fastir_Collector
This tool collects different artefacts on live Windows and records the results in csv or json files. With the analyses of these artefacts, an early compromission can be detected.
shellster/DCSYNCMonitor
Monitors for DCSYNC and DCSHADOW attacks and create custom Windows Events for these events.
SIEMonster
SIEMonster is an Affordable Security Monitoring Software Soulution
Sigma Rules Repository Mirror
Sigma rules repository mirror and translations
slackhq/go-audit
go-audit is an alternative to the auditd daemon that ships with many distros
s0md3v/Orbit
Blockchain Transactions Investigation Tool
splunk/melting-cobalt
A Cobalt Strike Scanner that retrieves detected Team Server beacons into a JSON object
sumeshi/evtx2es
A library for fast import of Windows Eventlogs into Elasticsearch.
swisscom/Invoke-Forensics
Invoke-Forensics provides PowerShell commands to simplify working with the forensic tools KAPE and RegRipper.
Sysinternals/SysmonForLinux
Sysmon For Linux install and build instructions
tap-ir/tapir
TAPIR is a multi-user, client/server, incident response framework
tclahr/uac
UAC (Unix-like Artifacts Collector) is a Live Response collection tool for Incident Reponse that makes use of built-in tools to automate the collection of Unix-like systems artifacts. Supported systems: AIX, FreeBSD, Linux, macOS, NetBSD, Netscaler, OpenBSD and Solaris.
telekom-security/acquire-aws-ec2
A python script to acquire multiple aws ec2 instances in a forensically sound-ish way
TestDisk
TestDisk is powerful free data recovery software! It was primarily designed to help recover lost partitions and/or make non-booting disks bootable again when these symptoms are caused by faulty software: certain types of viruses or human error (such as accidentally deleting a Partition Table). Partition table recovery using TestDisk is really easy.
The Sleuth Kit
sleuthkit.org is the official website for The Sleuth Kit®, Autopsy®, and other open source digital investigation tools. From here, you can find documents, case studies, and download the latest versions of the software.
thewhiteninja/ntfstool
Forensics tool for NTFS (parser, mft, bitlocker, deleted files)
THIBER-ORG/userline
Query and report user logons relations from MS Windows Security Events
threathunters-io/laurel
Transform Linux Audit logs for SIEM usage
TobySalusky/cont3xt
Cont3xt intends to centralize and simplify a structured approach to gathering contextual intelligence in support of technical investigations.
travisfoley/dfirtriage
Digital forensic acquisition tool for Windows based incident response.
trustedsec/SysmonCommunityGuide
TrustedSec Sysinternals Sysmon Community Guide
ufrisk/LeechCore
LeechCore - Physical Memory Acquisition Library & The LeechAgent Remote Memory Acquisition Agent
Uncoder.io
Uncoder.IO is the online translator for SIEM saved searches, filters, queries, API requests, correlation and Sigma rules to help SOC Analysts, Threat Hunters and SIEM Engineers
VSCMount
Volume shadow copies mounter tool
Wazuh
Open Source Host and Endpoint Security
wagga40/Zircolite
A standalone SIGMA-based detection tool for EVTX.
williballenthin/EVTXtract
EVTXtract recovers and reconstructs fragments of EVTX log files from raw binary data, including unallocated space and memory images.
williballenthin/INDXParse
Tool suite for inspecting NTFS artifacts
williballenthin/process-forest
process-forest is a tool that processes Microsoft Windows EVTX event logs that contain process accounting events and reconstructs the historical process heirarchies.
XForceIR/SideLoadHunter
SideLoadHunter is a PowerShell script and Sysmon configuration designed to aide defenders and incident responders identify evidence of DLL sideloading on Windows systems.
Yamato-Security/hayabusa
Hayabusa is a threat hunting and fast forensics timeline generator for Windows event logs.
Yamato-Security/WELA
WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅(ウェラ)
yampelo/beagle
Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
zeronetworks/RPCFirewall
RPC is the underlying mechanism which is used for numerous lateral movement techniques, reconnaisense, relay attacks, or simply to exploit vulnerable RPC services.
zodiacon/ProcMonXv2
Procmon-like tool that uses Event Tracing for Windows (ETW) instead of a kernel driver to provide event information.
## Exploits
Link
Description
externalist/exploit_playground
Analysis of public exploits or my 1day exploits
FriendsOfPHP/security-advisories
The PHP Security Advisories Database references known security vulnerabilities in various PHP projects and libraries. This database must not serve as the primary source of information for security issues, it is not authoritative for any referenced software, but it allows to centralize information for convenience and easy consumption.
gellin/TeamViewer_Permissions_Hook_V1
A proof of concept injectable C++ dll, that uses naked inline hooking and direct memory modification to change your TeamViewer permissions.
HASecuritySolutions/VulnWhisperer
Create actionable data from your Vulnerability Scans
hasherezade/process_doppelganging
My implementation of enSilo's Process Doppelganging (PE injection technique)
itm4n/Perfusion
Exploit for the RpcEptMapper registry key permissions vulnerability (Windows 7 / 2088R2 / 8 / 2012)
itm4n/UsoDllLoader
Windows - Weaponizing privileged file writes with the Update Session Orchestrator service
nomi-sec/PoC-in-GitHub
📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.
opencve/opencve
CVE Alerting Platform
ScottyBauer/Android_Kernel_CVE_POCs
A list of my CVE's with POCs
smgorelik/Windows-RCE-exploits
The exploit samples database is a repository for **RCE** (remote code execution) exploits and Proof-of-Concepts for **WINDOWS**, the samples are uploaded for education purposes for red and blue teams.
Spajed/processrefund
An attempt at Process Doppelgänging
spencerdodd/kernelpop
Kernel privilege escalation enumeration and exploitation framework
tunz/js-vuln-db
A collection of JavaScript engine CVEs with PoCs
victims/victims-cve-db
This database contains information regarding CVE(s) that affect various language modules. We currently store version information corresponding to respective modules as understood by select sources.
VulnReproduction/LinuxFlaw
This repo records all the vulnerabilities of linux software I have reproduced in my local workspace
xairy/kernel-exploits
A bunch of proof-of-concept exploits for the Linux kernel
## Hardening
Link
Description
0x6d69636b/windows_hardening
Windows Hardening settings and configurations
Benchmark: NIST SP 800-53 Revision 5
NIST SP 800-53 Revision 5 represents a multi-year effort to develop the next generation of security and privacy controls needed to strengthen and support the U.S. federal government. These next generation controls offer a proactive and systematic approach to ensure that critical systems, components, and services are sufficiently trustworthy and have the necessary resilience to defend the economic and national security interests of the United States.
cisagov/cset
Cybersecurity Evaluation Tool
elastic/PPLGuard
PPLGuard is a proof of concept tool that can mitigate two currently-unpatched Windows security flaws which pose threats to Protected Processes Light (PPL) processes, such as AntiMalware services.
Linux Kernel Runtime Guard
Linux Kernel Runtime Guard (LKRG) is a out-of-tree security module for the Linux kernel developed by Openwall. It does run-time integrity checks in order to stop known, and unknown, security vulnerabilities in the Linux kernel. It can log detected intrusion attempts or stop them by causing a kernel panic - resulting in a frozen machine or a reboot depending on how the kernel is configured.
nccgroup/exploit_mitigations
Knowledge base of exploit mitigations available across numerous operating systems, architectures and applications and versions.
Privacy.sexy
Enforce privacy & security on Windows and macOS
Santa
Santa is a binary authorization system for macOS
Security Technical Implementation Guides (STIGs)
The Security Technical Implementation Guides (STIGs) are the configuration standards for DOD IA and IA-enabled devices/systems.
securitywithoutborders/hardentools
Hardentools simply reduces the attack surface on Microsoft Windows computers by disabling low-hanging fruit risky features.
ukncsc/Device-Security-Guidance-Configuration-Packs
This repository contains policy packs which can be used by system management software to configure device platforms (such as Windows 10 and iOS) in accordance with NCSC device security guidance. These configurations are aimed primarily at government and other medium/large organisations.
Windows Security Baseline
A security baseline is a group of Microsoft-recommended configuration settings that explains their security impact. These settings are based on feedback from Microsoft security engineering teams, product groups, partners, and customers.
## Hardware
Link
Description
MaximeBeasse/KeyDecoder
KeyDecoder app lets you use your smartphone or tablet to decode your mechanical keys in seconds.
Theldus/bread
🍞 BREAD: BIOS Reverse Engineering & Advanced Debugging
tothi/usbgadget-tool
Dumb USB HID gadget creator for Android (for triggering device driver install on Windows for LPE)
ufrisk/pcileech
Direct Memory Access (DMA) Attack Software
## Malware Analysis
Link
Description
accidentalrebel/mbcscan
Scans a malware file and lists down the related MBC (Malware Behavior Catalog) details.
activecm/rita
Real Intelligence Threat Analytics
adamkramer/rapid_env
Rapid deployment of Windows environment (files, registry keys, mutex etc) to facilitate malware analysis
advanced-threat-research/DarkSide-Config-Extract
DarkSide & BlackMatter Config Extractor by ValthekOn & S2 (@sisoma2)
advanced-threat-research/IOCs
Repository containing IOCs, MISP and Expert rules from our blogs
akamai/luda
Malicious actors often reuse code to deploy their malware, phishing website or CNC server. As a result, similiaries can be found on URLs path by inspecting internet traffic. Moreover, deep learning models or even regular ML model do not fit for inline deployment in terms of running performance. However, regexes ( or YARA rules ) can be deployed …
alexandreborges/malwoverview
Malwoverview.py is a simple tool to perform an initial and quick triage on either a directory containing malware samples or a specific malware sample
APT Groups, Operations and Malware Search Engine
APT Groups, Operations and Malware Search Engine
ashishb/android-malware
Collection of android malware samples
AVCaesar
AVCaesar is a malware analysis engine and repository
blackorbird/APT_REPORT
Interesting apt report collection and some special ioc express
CapacitorSet/box-js
A tool for studying JavaScript malware
captainGeech42/ransomwatch
Ransomware leak site monitoring
cert-ee/cuckoo3
Cuckoo 3 is a Python 3 open source automated malware analysis system.
CERT-Polska/drakvuf-sandbox
DRAKVUF Sandbox - automated hypervisor-level malware analysis system
CERT-Polska/karton
Distributed malware processing framework based on Python, Redis and MinIO.
CERT-Polska/mwdb-core
Malware repository component for samples & static configuration with REST API interface.
CheckPointSW/showstopper
ShowStopper is a tool for helping malware researchers explore and test anti-debug techniques or verify debugger plugins or other solutions that clash with standard anti-debug methods.
Contagio
Malwarre dump
CRED-CLUB/ARTIF
An advanced real time threat intelligence framework to identify threats and malicious web traffic on the basis of IP reputation and historical data.
CriticalPathSecurity/Zeek-Intelligence-Feeds
Zeek-Formatted Threat Intelligence Feeds
cmu-sei/cyobstract
A tool to extract structured cyber information from incident reports.
CRXcavator
CRXcavator automatically scans the entire Chrome Web Store every 3 hours and produces a quantified risk score for each Chrome Extension based on several factors.
countercept/snake
snake - a malware storage zoo
csvl/SEMA-ToolChain
ToolChain using Symbolic Execution for Malware Analysis.
CybercentreCanada/CCCS-Yara
YARA rule metadata specification and validation utility / Spécification et validation pour les règles YARA
D4stiny/spectre
A Windows kernel-mode rootkit that abuses legitimate communication channels to control a machine.
DAS MALWERK
DAS MALWERK - your one stop shop for fresh malware samples
DoctorWebLtd/malware-iocs
This repository contains Indicators of Compromise (IOCs) related to our investigations.
droidefense/engine
Droidefense: Advance Android Malware Analysis Framework
dsnezhkov/racketeer
Racketeer Project - Ransomware emulation toolkit
ecstatic-nobel/Analyst-Arsenal
Phishing kits hunting
EFForg/yaya
Yet Another Yara Automaton - Automatically curate open source yara rules and run scans
eset/malware-ioc
Indicators of Compromises (IOC) of our various investigations
FAME
FAME Automates Malware Evaluation
fireeye/flashmingo
Automatic analysis of SWF files based on some heuristics. Extensible via plugins.
fireeye/iocs
FireEye Publicly Shared Indicators of Compromise (IOCs)
felixweyne/imaginaryC2
Imaginary C2 is a python tool which aims to help in the behavioral (network) analysis of malware. Imaginary C2 hosts a HTTP server which captures HTTP requests towards selectively chosen domains/IPs. Additionally, the tool aims to make it easy to replay captured Command-and-Control responses/served payloads.
FortyNorthSecurity/WMImplant
This is a PowerShell based tool that is designed to act like a RAT. Its interface is that of a shell where any command that is supported is translated into a WMI-equivalent for use on a network/remote machine. WMImplant is WMI based.
godaddy/procfilter
A YARA-integrated process denial framework for Windows
gen0cide/gscript
Framework to rapidly implement custom droppers for all three major operating systems
glmcdona/Process-Dump
Windows tool for dumping malware PE files from memory back to disk for analysis.
google/vxsig
Automatically generate AV byte signatures from sets of similar binaries.
GoSecure/malboxes
Builds malware analysis Windows VMs so that you don't have to.
GreatSCT/GreatSCT
The project is called Great SCT (Great Scott). Great SCT is an open source project to generate application white list bypasses. This tool is intended for BOTH red and blue team
Have I Been Emotet
Check if your email address or domain is involved in the Emotet malspam ([email protected] or domain.ext). Your address can be marked as a SENDER (FAKE or REAL), as a RECIPIENT or any combination of the three.
hasherezade/libpeconv/runpe
RunPE (aka Process Hollowing) is a well known technique allowing to injecting a new PE into a remote processes, imprersonating this process. The given implementation works for PE 32bit as well as 64bit.
hasherezade/mal_unpack
Dynamic unpacker based on PE-sieve
hasherezade/pe-sieve
Scans a given process, searching for the modules containing in-memory code modifications. When found, it dumps the modified PE.
Hatching Triage
Triage is our state-of-the-art malware analysis sandbox designed for cross-platform support (Windows, Android, Linux, and macOS), high-volume malware analysis capabilities, and configuration extraction for numerous malware families.
hegusung/AVSignSeek
Tool written in python3 to determine where the AV signature is located in a binary/payload
hejelylab/easeYARA
C# Desktop GUI application that either performs YARA scan locally or prepares the scan in Active Directory domain environment with a few clicks.
hlldz/SpookFlare
Loader, dropper generator with multiple features for bypassing client-side and network-side countermeasures.
Hybrid-Analysis
Free Automated Malware Analysis Service
InQuest/ThreatIngestor
An extendable tool to extract and aggregate IOCs from threat feeds.
ips-bph-framework
BLACKPHENIX is an open source malware analysis automation framework composed of services, scripts, plug-ins, and tools and is based on a Command-and-Control (C&C) architecture
IRIS-H
IRIS-H is an online digital forensics tool that performs automated static analysis of files stored in a directory-based or strictly structured formats.
jgamblin/Mirai-Source-Code
Leaked Mirai Source Code for Research/IoC Development Purposes.
jgamblin/JPCERTCC/MalConfScan
Volatility plugin for extracts configuration data of known malware
JohnHammond/vbe-decoder
A Python3 script to decode an encoded VBScript file, often seen with a .vbe file extension
JohnLaTwC/PyPowerShellXray
Python script to decode common encoded PowerShell scripts
jstrosch/malware-samples
Malware samples, analysis exercises and other interesting resources.
KasperskyLab/klara
Klara project is aimed at helping Threat Intelligence researechers hunt for new malware using Yara.
katjahahn/PortEx
Java library to analyse Portable Executable files with a special focus on malware analysis and PE malformation robustness
kevoreilly/CAPEv2
Malware Configuration And Payload Extraction
kirk-sayre-work/VBASeismograph
A tool for detecting VBA stomping.
Koodous
Koodous is a collaborative platform that combines the power of online analysis tools with social interactions between the analysts over a vast APKs repository.
LordNoteworthy/al-khaser
Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.
Mac Malware
Mac Malware by Objective-See
mandiant/apooxml
Generate YARA rules for OOXML documents.
marcosd4h/memhunter
Live hunting of code injection techniques
maliceio/malice
Malice's mission is to be a free open source version of VirusTotal that anyone can use at any scale from an independent researcher to a fortune 500 company.
MalShare
A free Malware repository providing researchers access to samples, malicous feeds, and Yara results
MalwareBazaar Database
MalwareBazaar is a project operated by abuse.ch. The purpose of the project is to collect and share malware samples, helping IT-security researchers and threat analyst protecting their constituency and customers from cyber threats.
MalwareCantFly/Vba2Graph
Vba2Graph - Generate call graphs from VBA code, for easier analysis of malicious documents.
malwaredllc/byob
BYOB (Build Your Own Botnet)
malwareinfosec/EKFiddle
A framework based on the Fiddler web debugger to study Exploit Kits, malvertising and malicious traffic in general.
Malwaretiverse
maltiverse - Connect the dots - The definitive IoC search engine
Malwares
Malware SRC Database
Malware Static Analysis
The following interface stands in front of a live engine which takes binary files and runs them against a pletora of hundreds YARA rules.
matterpreter/DefenderCheck
Identifies the bytes that Microsoft Defender flags on.
mindcollapse/MalwareMultiScan
Self-hosted VirusTotal / MetaDefender wannabe with API, demo UI and Scanners running in Docker.
MinervaLabsResearch/Mystique
Mystique may be used to discover infection markers that can be used to vaccinate endpoints against malware. It receives as input a malicious sample and automatically generates a list of mutexes that could be used to as "vaccines" against the sample
mitchellkrogza/Phishing.Database
Phishing Domains, urls websites and threats database. We use the PyFunceble testing tool to validate the status of all known Phishing domains and provide stats to reveal how many unique domains used for Phishing are still active
mohamedaymenkarmous/alienvault-otx-api-html
AlienVault OTX API-based project with HTML (pure HTML or mixed PNG screenshots) reports pages that looks like the real AlienVault OTX website
NavyTitanium/Fake-Sandbox-Artifacts
This script allows you to create various artifacts on a bare-metal Windows computer in an attempt to trick malwares that looks for VM or analysis tools
nbeede/BoomBox
Automatic deployment of Cuckoo Sandbox malware lab using Packer and Vagrant
nbulischeck/tyton
Linux Kernel-Mode Rootkit Hunter for 4.4.0-31+
Neo23x0/APTSimulator
A toolset to make a system look as if it was the victim of an APT attack
Neo23x0/exotron
Sandbox feature upgrade with the help of wrapped samples
nsmfoo/antivmdetection
Script to create templates to use with VirtualBox to make vm detection harder
ntddk/virustream
A script to track malware IOCs with OSINT on Twitter.
OALabs/BlobRunner
Quickly debug shellcode extracted during malware analysis
OALabs/PyIATRebuild
Automatically rebuild Import Address Table for dumped PE file. With python bindings!
oasis-open/cti-stix-generator
OASIS Cyber Threat Intelligence (CTI) TC: A tool for generating STIX content for prototyping and testing.
ohjeongwook/PowerShellRunBox
Dynamic PowerShell analysis framework
outflanknl/EvilClippy
A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. Runs on Linux, OSX and Windows.
P4T12ICK/ypsilon
Ypsilon is an Automated Security Use Case Testing Environment using real malware to test SIEM use cases in an closed environment. Different tools such as Ansible, Cuckoo, VirtualBox, Splunk and ELK are combined to determine the quality of a SIEM use case by testing any number of malware against a SIEM use case. Finally, a test report is generated giving insight to the quality of an use case.
pan-unit42/iocs
Indicators from Unit 42 Public Reports
pandora-analysis/pandora
Pandora is an analysis framework to discover if a file is suspicious and conveniently show the results
phage-nz/ph0neutria
ph0neutria is a malware zoo builder that sources samples straight from the wild. Everything is stored in Viper for ease of access and manageability.
PwCUK-CTO/rtfsig
A tool to help malware analysts signature unique parts of RTF documents
python-iocextract
Advanced Indicator of Compromise (IOC) extractor
quarkslab/irma
IRMA is an asynchronous & customizable analysis system for suspicious files.
quasar/QuasarRAT
Quasar is a fast and light-weight remote administration tool coded in C#. Providing high stability and an easy-to-use user interface, Quasar is the perfect remote administration solution for you.
rastrea2r/rastrea2r
Collecting & Hunting for IOCs with gusto and style
SafeBreach-Labs/mkmalwarefrom
Proof-of-concept two-stage dropper generator that uses bits from external sources
SentineLabs/SentinelLabs_RevCore_Tools
The Windows Malware Analysis Reversing Core Tools
slaughterjames/excelpeek
ExcelPeek is a tool designed to help investigate potentially malicious Microsoft Excel files.
sophos-ai/yaraml_rules
Security ML models encoded as Yara rules
SpamScope/spamscope
Fast Advanced Spam Analysis Tool
SpiderLabs/IOCs-IDPS
This repository will hold PCAP IOC data related with known malware samples (owner: Bryant Smith)
strozfriedberg/cobaltstrike-config-extractor
Cobalt Strike Beacon configuration extractor and parser.
t4d/PhishingKitHunter
Find phishing kits which use your brand/organization's files and image.
target/halogen
Automatically create YARA rules from malicious documents.
ThisIsLibra/MalPull
A CLI interface to search for a MD-5/SHA-1/SHA-256 hash on multiple malware databases and download the sample from the first hit
tklengyel/drakvuf
DRAKVUF Black-box Binary Analysis
tomchop/malcom
Malcom - Malware Communications Analyzer
UNIT 42: Playbook Viewver
Viewing PAN Unit 42's adversary playbook via web interface
UNPACME
An automated malware unpacking service from OpenAnalysis
uqcyber/ColdPress
Extensible Platform for Malware Analysis
ytisf/theZoo
A repository of LIVE malwares for your own joy and pleasure
VirusBay
VirusBay is a web-based, collaboration platform that connects security operations center (SOC) professionals with relevant malware researchers
VirusShare
VirusShare.com is a repository of malware samples to provide security researchers, incident responders, forensic analysts, and the morbidly curious access to samples of live malicious code
VX Vault
VX Vault
W3ndige/aurora
Malware similarity platform with modularity in mind.
xorhex/mlget
A golang CLI tool to download malware from a variety of sources.
YaraDbg
YaraDbg is a free web-based Yara debugger to help security analysts to write hunting or detection rules with less effort and more confidence.
YARAify
YARAify is a project from abuse.ch that allows anyone to scan suspicious files such as malware samples or process dumps against a large repository of YARA rules. With YARAhub, the platform also provides a structured way for sharing YARA rules with the community.
zerofox-oss/phishpond
Because phishtank was taken.. explore phishing kits in a contained environment!
## Mobile Security
Link
Description
ac-pm/Inspeckage
Android Package Inspector - dynamic analysis with api hooks, start unexported activities and more. (Xposed Module)
apkdetect
Android malware analysis and classification platform
Apktool
A tool for reverse engineering Android apk files
as0ler/r2flutch
Tool to decrypt iOS apps using r2frida
chaitin/passionfruit
Simple iOS app blackbox assessment tool. Powered by frida.re and vuejs.
charles2gan/GDA-android-reversing-Tool
GDA is a new fast and powerful decompiler in C++(working without Java VM) for the APK, DEX, ODEX, OAT, JAR, AAR, and CLASS file. which supports malicious behavior detection, privacy leaking detection, vulnerability detection, path solving, packer identification, variable tracking, deobfuscation, python&java scripts, device memory extraction, dat
dpnishant/appmon
AppMon is an automated framework for monitoring and tampering system API calls of native macOS, iOS and android apps. It is based on Frida.
dmayer/idb
idb is a tool to simplify some common tasks for iOS pentesting and research
Drozer
Comprehensive security and attack framework for Android
dwisiswant0/apkleaks
Scanning APK file for URIs, endpoints & secrets.
facebook/mariana-trench
Our security focused static analysis tool for Android and Java applications.
frida/frida
Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.
iSECPartners/Android-SSL-TrustKiller
Bypass SSL certificate pinning for most applications
KJCracks/Clutch
Fast iOS executable dumper
linkedin/qark
Tool to look for several security related Android application vulnerabilities
m0bilesecurity/RMS-Runtime-Mobile-Security
Runtime Mobile Security (RMS) is a powerful web interface that helps you to manipulate Android Java Classes and Methods at Runtime
MobSF/Mobile-Security-Framework-MobSF
Mobile Security Framework is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing framework capable of performing static analysis, dynamic analysis, malware analysis and web API testing
mvt-project/mvt
MVT is a forensic tool to look for signs of infection in smartphone devices
mwrlabs/needle
The iOS Security Testing Framework
nccgroup/house
A runtime mobile application analysis toolkit with a Web GUI, powered by Frida, written in Python.
nygard/class-dump
Generate Objective-C headers from Mach-O files
Pithus
Pithus is a free and open-source mobile threat intelligence platform for activists, journalists, NGOs, researchers...
pxb1988/dex2jar
Tools to work with android .dex and java .class files
quark-engine/quark-engine
An Obfuscation-Neglect Android Malware Scoring System
RealityNet/kobackupdec
Huawei backup decryptor
securing/IOSSecuritySuite
iOS platform security & anti-tampering Swift library
sensepost/objection
objection is a runtime mobile exploration toolkit, powered by Frida. It was built with the aim of helping assess mobile applications and their security posture without the need for a jailbroken or rooted mobile device.
skylot/jadx
Dex to Java decompiler
stefanesser/dumpdecrypted
Dumps decrypted mach-o files from encrypted iPhone applications from memory to disk. This tool is necessary for security researchers to be able to look under the hood of encryption.
swdunlop/AndBug
Android Debugging Library
tcurdt/iProxy
Let's you connect your laptop to the iPhone to surf the web.
## Network Security
Link
Description
Arkime
Arkime (formerly Moloch) is a large scale, open source, indexed packet capture and search tool.
aol/moloch
Moloch is an open source, large scale, full packet capturing, indexing, and database system
austin-taylor/flare
An analytical framework for network traffic and behavioral analytics
Ben0xA/HoneyCreds
HoneyCreds network credential injection to detect responder and other network poisoners.
certego/PcapMonkey
PcapMonkey will provide an easy way to analyze pcap using the latest version of Suricata and Zeek.
chadillac/UPnProxyPot
An SSDP & UPNP honeypot implementation aimed at intercepting/tracking UPnProxy campaigns.
crowdsecurity/crowdsec/
Crowdsec - An open-source, lightweight agent to detect and respond to bad behaviours. It also automatically benefits from our global community-wide IP reputation database.
blechschmidt/massdns
A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)
byt3bl33d3r/MITMf
Framework for Man-In-The-Middle attacks
cisco/mercury
Mercury: network metadata capture and analysis
ddosify/ddosify
High-performance load testing tool, written in Golang.
dhoelzer/ShowMeThePackets
Useful network monitoring, analysis, and active response tools used or mentioned in the SANS SEC503 course
DNSdumpster.com
dns recon & research, find & lookup dns records
eciavatta/caronte
A tool to analyze the network flow during attack/defence capture the flag competitions
eldraco/domain_analyzer
Analyze the security of any domain by finding all the information possible. Made in python.
firefart/stunner
Stunner is a tool to test and exploit STUN, TURN and TURN over TCP servers
fireeye/flare-fakenet-ng
FakeNet-NG - Next Generation Dynamic Network Analysis Tool
qeeqbox/chameleon
Customizable honeypots for monitoring network traffic, bots activities and username\password credentials (DNS, HTTP Proxy, HTTP, HTTPS, SSH, POP3, IMAP, STMP, RDP, VNC, SMB, SOCKS5, Redis, TELNET, Postgres and MySQL)
infobyte/evilgrade
Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates. It comes with pre-made binaries (agents), a working default configuration for fast pentests, and has it's own WebServer and DNSServer modules. Easy to set up new settings, and has an autoconfiguration when new binary agents are set.
joswr1ght/cowpatty
coWPAtty: WPA2-PSK Cracking
joswr1ght/nm2lp
Convert Windows Netmon Monitor Mode Wireless Packet Captures to Libpcap Format
michenriksen/aquatone
AQUATONE is a set of tools for performing reconnaissance on domain names. It can discover subdomains on a given domain by using open sources as well as the more common subdomain dictionary brute force approach. After subdomain discovery, AQUATONE can then scan the hosts for common web ports and HTTP headers, HTML bodies and screenshots can be gathered and consolidated into a report for easy analysis of the attack surface.
nesfit/NetfoxDetective
NFX Detective is a novel Network forensic analysis tool that implements methods for extraction of application content from communication using supported protocols.
odedshimon/BruteShark
BruteShark is a Network Forensic Analysis Tool (NFAT) that performs deep processing and inspection of network traffic (mainly PCAP files)
PacketTotal
A free, online PCAP analysis engine
Phenomite/AMP-Research
Research on UDP/TCP amplification vectors, payloads and mitigations against their use in DDoS Attacks
PolarProxy
PolarProxy is a transparent SSL/TLS proxy created for incident responders and malware researchers. PolarProxy is primarily designed to intercept and decrypt TLS encrypted traffic from malware. PolarProxy decrypts and re-encrypts TLS traffic, while also saving the decrypted traffic in a PCAP file that can be loaded into Wireshark or an intrusion detection system (IDS).
secureworks/dalton
Suricata and Snort IDS rule and pcap testing system
sensepost/routopsy
Routopsy is a toolkit built to attack often overlooked networking protocols. Routopsy currently supports attacks against Dynamic Routing Protocols (DRP) and First-Hop Redundancy Protocols (FHRP).
USArmyResearchLab/Dshell
An extensible network forensic analysis framework. Enables rapid development of plugins to support the dissection of network packet captures.
ValtteriL/UPnProxyChain
A tool to create a SOCKS proxy server out of UPnProxy vulnerable device(s).
vincentbernat/akvorado
Flow collector, hydrater and visualizer
WiGLE
Maps and database of 802.11 wireless networks, with statistics, submitted by wardrivers, netstumblers, and net huggers.
WireEdit
First-Of-A-Kind And The Only Full Stack WYSIWYG Pcap Editor
The ZMap Project
The ZMap Project is a collection of open source tools that enable researchers to perform large-scale studies of the hosts and services that compose the public Internet.
## Open-source Intelligence (OSINT)
Link
Description
althonos/InstaLooter
Another API-less Instagram pictures and videos downloader.
americanexpress/earlybird
EarlyBird is a sensitive data detection tool capable of scanning source code repositories for clear text password violations, PII, outdated cryptography methods, key files and more.
arch4ngel/peasant
LinkedIn reconnaissance tool
Bellingcat's Online Investigation Toolkit
Welcome to Bellingcats freely available online open source investigation toolkit.
byt3bl33d3r/WitnessMe
Web Inventory tool, takes screenshots of webpages using Pyppeteer (headless Chrome/Chromium) and provides some extra bells & whistles to make life easier.
CellID Finder
Find GSM base stations cell id coordinates
CellMapper
Cellular Coverage and Tower Map
Certificate Search
crt.sh | Certificate
CSE Utopia
CSE Utopia
danieleperera/onioningestor
An extendable tool to Collect, Crawl and Monitor onion sites on tor network and index collected information on Elasticsearch
Dargle
Dargle serves as a data aggregation platform for dark web domains. Hidden services on the dark web prove difficult to navigate, but by crawling the clear web, one can accumulate a directory of sorts for these hidden services.
DarkSearch
The 1st Real Dark Web Search Engine
danieliu/play-scraper
A web scraper to retrieve application data from the Google Play Store.
DataSploit/datasploit
An #OSINT Framework to perform various recon techniques on Companies, People, Phone Number, Bitcoin Addresses, etc., aggregate all the raw data, and give data in multiple formats.
dgtlmoon/changedetection.io
changedetection.io - The best and simplest self-hosted open source website change detection monitoring and notification service. An alternative to Visualping, Watchtower etc. Designed for simplicity - the main goal is to simply monitor which websites had a text change. Open source web page change detection - Now also includes JSON API change det…
felix83000/Watcher
Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.
Epieos Tools - Google Account Finder
An online tool to retrieve sensitive information like google maps reviews, public photos, displayed name, usage of google services such as YouTube, Hangouts
grep.app
Search across a half million git repos
GreyNoise Visualizer
GreyNoise Visualizer
haccer/twint
An advanced Twitter scraping & OSINT tool written in Python that doesn't use Twitter's API, allowing you to scrape a user's followers, following, Tweets and more while evading most API limitations.
hessman/gcert
Retrieves information about a given domain from the Google Transparency Report
ImmuniWeb
Domain Security Test | Detect Dark Web Exposure, Phishing, Squatting and Trademark Infringement
IntelligenceX
Search Tor, I2P, data leaks, public web.|
InQuest/omnibus
The OSINT Omnibus
intelowlproject/IntelOwl
Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scale
InternetDB
Fast IP Lookups for Open Ports and Vulnerabilities
iptv-org/iptv
Collection of 8000+ publicly available IPTV channels from all over the world
jofpin/trape
People tracker on the Internet: OSINT analysis and research tool.
khast3x/h8mail
Email OSINT & Password breach hunting tool, locally or using premium services. Supports chasing down related email
knownsec/Kunyu
Kunyu, more efficient corporate asset collection
lanrat/certgraph
An open source intelligence tool to crawl the graph of certificate Alternate Names
LeakIX
This project goes around the internet and finds services to index them.
Leak-Lookup
Data Breach Search Engine
leapsecurity/InSpy
A python based LinkedIn enumeration tool
Lookyloo
Web forensics tool
loseys/Oblivion
Data leak checker & OSINT Tool
Malfrats/xeuledoc
Fetch information about a public Google document.
medialab/minet
A webmining CLI tool & library for python.
megadose/holehe
holehe allows you to check if the mail is used on different sites like twitter, instagram and will retrieve information on sites with the forgotten password function.
mxrch/ghunt
GHunt is an OSINT tool to extract a lot of informations of someone's Google Account email.
nccgroup/scrying
A tool for collecting RDP, web and VNC screenshots all in one place
ninoseki/mihari
A helper to run OSINT queries & manage results continuously
ninoseki/mikata
A browser extension for OSINT search
OCCRP Aleph
The global archive of research material for investigative reporting.
OCCRP Data
Search 102m public records and leaks from 179 sources
OpenCelliD
OpenCelliD - Largest Open Database of Cell Towers & Geolocation - by Unwired Labs
OpenCorporates
Legal-entity data you can trust
Open Ownership
Open Ownership drives the global shift towards transparency and accountability in corporate ownership and control
OSINT.SH
ALL IN ONE INFORMATION GATHERING TOOLS
OWASP/Amass
In-depth Attack Surface Mapping and Asset Discovery
PaperMtn/gitlab-watchman
Monitoring GitLab for sensitive data shared publicly
Pastebin dump collection
Pastebin dump collection
Patrowl/PatrowlHears
PatrowlHears - Vulnerability Intelligence Center / Exploits
Phonebook.cz
Phonebook lists all domains, email addresses, or URLs for the given input domain.
qeeqbox/social-analyzer
API, CLI & Web App for analyzing & finding a person's profile across 350+ social media websites (Detections are updated regularly)
Recon-NG
Recon-ng is a reconnaissance tool with an interface similar to Metasploit. Running recon-ng from the command line you enter a shell like environment where you can configure options, perform recon and output results to different report types.
Register of Overseas Entities
Overseas entities who want to buy, sell or transfer property or land in the UK, must register with Companies House and tell us who their registrable beneficial owners or managing officers are.
RuPEP
Public Database of Domestic Politically Exposed Persons of Russia, Belarus and Kazakhstan
s-rah/onionscan
OnionScan is a free and open source tool for investigating the Dark Web.
same.energy
Tweet Search Engine
Shade Map
View Shade on Map
sherlock-project/sherlock
🔎 Hunt down social media accounts by username across social networks
SnusBase
The longest standing data breach search engine.
sshell/reddit-analyzer
find out when and where someone is posting to reddit
SpiderFoot
SpiderFoot - Opensource Intelligence Automation
sundowndev/PhoneInfoga
Advanced information gathering & OSINT framework for phone numbersAdvanced information gathering & OSINT framework for phone numbers
superhedgy/AttackSurfaceMapper
AttackSurfaceMapper is a tool that aims to automate the reconnaissance process.
TED
Tenders Electronic Daily
thewhiteh4t/nexfil
OSINT tool for finding profiles by username
tor.taxi
tor.taxi - your ride to the darknet
vysecurity/LinkedInt
LinkedIn Recon Tool
WebBreacher/WhatsMyName
This repository has the unified data required to perform user enumeration on various websites. Content is in a JSON file and can easily be used in other projects.
WhatsMyName Web
This tool allows you to enumerate usernames across many websites
woj-ciech/kamerka
Build interactive map of cameras from Shodan
woj-ciech/SocialPath
Track users across social media platform
yogeshojha/rengine
reNgine is an automated reconnaissance framework meant for information gathering during penetration testing of web applications. reNgine has customizable scan engines, which can be used to scan the websites, endpoints, and gather information.
## Password Cracking and Wordlists
Assetnote Wordlists
Automated & Manual Wordlists provided by Assetnote
berzerk0/Probable-Wordlists
Wordlists sorted by probability originally created for password generation and testing - make sure your passwords aren't popular!
byt3bl33d3r/SprayingToolkit
Scripts to make password spraying attacks against Lync/S4B & OWA a lot quicker, less painful and more efficient
c6fc/npk
A mostly-serverless distributed hash cracking platform
Coalfire-Research/npk
A mostly-serverless distributed hash cracking platform
f0cker/crackq
CrackQ: A Python Hashcat cracking queue system
fireeye/gocrack
GoCrack provides APIs to manage password cracking tasks across supported cracking engines.
JoelGMSec/Cloudtopolis
Zero Infrastructure Password Cracking
l0phtcrack/l0phtcrack
L0phtCrack Password Auditor
sc0tfree/mentalist
Mentalist is a graphical tool for custom wordlist generation. It utilizes common human paradigms for constructing passwords and can output the full wordlist as well as rules compatible with Hashcat and John the Ripper.
trustedsec/hate_crack
A tool for automating cracking methodologies through Hashcat from the TrustedSec team.
danielmiessler/SecLists
SecLists is the security tester's companion. It is a collection of multiple types of lists used during security assessments. List types include usernames, passwords, URLs, sensitive data grep strings, fuzzing payloads, and many more.
## Social Engineering
Link
Description
AlteredSecurity/365-Stealer/
365-Stealer is the tool written in python3 which steals data from victims office365 by using access_token which we get by phishing. It steals outlook mails, attachments, OneDrive files, OneNote notes and injects macros.
bitsadmin/fakelogonscreen
Fake Windows logon screen to steal passwords
BiZken/PhishMailer
Generate Professional Phishing Emails Fast And Easy
boxug/trape
People tracker on the Internet: Learn to track the world, to avoid being traced.
dafthack/MailSniper
MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture information, etc.). It can be used as a non-administrative user to search their own email, or by an administrator to search the mailboxes of every user in a domain.
drk1wi/Modlishka
Modlishka. Reverse Proxy. Phishing NG.
certsocietegenerale/swordphish-awareness
Swordphish is a plateform allowing to create and manage fake phishing campaigns.
curtbraz/Phishing-API
Comprehensive Web Based Phishing Suite of Tools for Rapid Deployment and Real-Time Alerting!
Emailrep.io
Illuminate the "reputation" behind an email address
FakeYou Text to Speech
Use deep fake tech to say stuff with your favorite characters.
fireeye/ReelPhish
ReelPhish: A Real-Time Two-Factor Phishing Tool
fkasler/phishmonger
Phishing Framework for Pentesters
GemGeorge/SniperPhish/
SniperPhish - The Web-Email Spear Phishing Toolkit
gophish/gophish
Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and execute phishing engagements and security awareness training
htr-tech/zphisher
An automated phishing tool with 30+ templates.
kgretzky/evilginx2
Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
mdsecactivebreach/o365-attack-toolkit
o365-attack-toolkit allows operators to perform an OAuth phishing attack and later on use the Microsoft Graph API to extract interesting information.
Mr-Un1k0d3r/CatMyPhish
Search for categorized domain
mrd0x/BITB
Browser In The Browser (BITB) Templates
muraenateam/muraena
Muraena is an almost-transparent reverse proxy aimed at automating phishing and post-phishing activities.
Octoberfest7/TeamPhisher
Send phishing messages and attachments to Microsoft Teams users
optiv/Microsoft365_devicePhish
A proof-of-concept script to conduct a phishing attack abusing Microsoft 365 OAuth Authorization Flow
Pretext Project
Open-Source Collection of Social Engineering Pretexts
Raikia/UhOh365
A script that can see if an email address is valid in Office365 (user/email enumeration). This does not perform any login attempts, is unthrottled, and is incredibly useful for social engineering assessments to find which emails exist and which don't.
ralphte/build_a_phish
Ansible playbook to deploy a phishing engagement in the cloud.
Rices/Phishious
An open-source Secure Email Gateway (SEG) evaluation toolkit designed for red-teamers.
ring0lab/catphish
Generate similar-looking domains for phishing attacks. Check expired domains and their categorized domain status to evade proxy categorization. Whitelisted domains are perfect for your C2 servers.
sebastian-mora/awsssome_phish
AWS SSO serverless phishing API.
securestate/king-phisher
Phishing Campaign Toolkit
secureworks/PhishInSuits
PhishInSuits: OAuth Device Code Phishing with Verified Apps
threatexpress/domainhunter
Checks expired domains for categorization/reputation and Archive.org history to determine good candidates for phishing and C2 domain names
Undeadsec/EvilURL
An unicode domain phishing generator for IDN Homograph Attack
UndeadSec/SocialFish
Ultimate phishing tool. Socialize with the credentials
ustayready/CredSniper
CredSniper is a phishing framework written with the Python micro-framework Flask and Jinja2 templating which supports capturing 2FA tokens.
xiecat/goblin
Goblin for Phishing Exercise Tools
Yaxser/SharpPhish
Using outlook COM objects to create convincing phishing emails without the user noticing. This project is meant for internal phishing.
## Smart Contract
Link
Description
breadcrumbs
Breadcrumbs is a blockchain analytics platform accessible to everyone. It offers a range of tools for investigating, monitoring, tracking and sharing relevant information on blockchain transactions.
Capture the Ether
THE GAME OF ETHEREUM SMART CONTRACT SECURITY
cleanunicorn/karl
Monitor smart contracts deployed on blockchain and test against vulnerabilities with Mythril
ConsenSys/mythril
Security analysis tool for EVM bytecode. Supports smart contracts built for Ethereum, Hedera, Quorum, Vechain, Roostock, Tron and other EVM-compatible blockchains.
Contract list
Ethereum Contract Library by Dedaub
ConsenSys/smart-contract-best-practices
A guide to smart contract security best practices
crytic/echidna
Ethereum smart contract fuzzer
csienslab/ProMutator
ProMutator: Detecting Vulnerable Price Oracles in DeFi by Mutated Transactions
crytic/slither
Static Analyzer for Solidity
Damn Vulnerable DeFi
Damn Vulnerable DeFi is the wargame to learn offensive security of DeFi smart contracts.
ethereum-lists/contracts
List of contracts from known projects (work in progress)
EthTx Transaction Decoder
EthTx is an open source decoder of blockchain transactions that is made freely available to the Ethereum Community as a Python library in public PyPi index
enzymefinance/oyente
An Analysis Tool for Smart Contracts
ETH.Build
An Educational Sandbox For Web3... And Much More.
fravoll/solidity-patterns
A compilation of patterns and best practices for the smart contract programming language Solidity
IC3Hydra/Hydra
Framework for cryptoeconomic contract security, decentralized security bounties. Live on Ethereum.
Lossless
The first DeFi hack mitigation tool for token creators.
mikedeshazer/bricks
Bricks is a sandbox and instruction manual collection for building smart contract exploits for Ethereum blockchains, designed to help developers think like hackers in a safe, fun environment.
Mytx
Smart contract security service for Ethereum
nascentxyz/pyrometer
A tool for analyzing the security and parameters of a solidity smart contract
nccgroup/GOATCasino
This is an intentionally vulnerable smart contract truffle deployment aimed at allowing those interested in smart contract security to exploit a wide variety of issues in a safe environment.
OpenZeppelin/contracts-wizard
Interactive smart contract generator based on OpenZeppelin Contracts.
OpenZeppelin/damn-vulnerable-defi
A set of challenges to hack implementations of DeFi in Ethereum. Featuring flash loans, oracles, governance, NFTs, lending pools, and more!
Phalcon
Powerful Transaction Explorer Designed For DeFi Community
raineorshine/solgraph
Visualize Solidity control flow for smart contract security analysis. 💵 ⇆ 💵
Raz0r/semgrep-smart-contracts
Semgrep rules for smart contracts based on DeFi exploits
Robsonsjre/FlashloanUsecases
DeFi 201 - Lets hack Flash Loans
sigp/beacon-fuzz
Differential Fuzzer for Ethereum 2.0
smartbugs/smartbugs
SmartBugs: A Framework to Analyze Solidity Smart Contracts
SunWeb3Sec/DeFiHackLabs
Reproduce DeFi hack incidents using Foundry.
SunWeb3Sec/DeFiVulnLabs
To learn common smart contract vulnerabilities using Foundry!
The Ethernaut
The Ethernaut is a Web3/Solidity based wargame inspired on overthewire.org, played in the Ethereum Virtual Machine. Each level is a smart contract that needs to be 'hacked'.
## Vulnerable
Link
Description
appsecco/VyAPI
VyAPI - A cloud based vulnerable hybrid Android App
atxsinn3r/VulnCases
Vulnerability examples.
AutomatedLab/AutomatedLab
AutomatedLab is a provisioning solution and framework that lets you deploy complex labs on HyperV and Azure with simple PowerShell scripts. It supports all Windows operating systems from 2008 R2 to 2016 including Nano Server and various products like AD, Exchange, PKI, IIS, etc.
avishayil/caponeme
Repository demonstrating the Capital One breach on your AWS account
Azure/Convex
Cloud Open-source Network Vulnerability Exploitation eXperience (CONVEX) spins up Capture The Flag environments in your Azure tenant for participants to play through.
Azure/SimuLand
Understand adversary tradecraft and improve detection strategies
Billy-Ellis/Exploit-Challenges
A collection of vulnerable ARM binaries for practicing exploit development
bkerler/exploit_me
Very vulnerable ARM application (CTF style exploitation tutorial)
bkimminich/juice-shop
OWASP Juice Shop is an intentionally insecure webapp for security trainings written entirely in Javascript which encompasses the entire OWASP Top Ten and other severe security flaws.
brant-ruan/metarget
Framework providing automatic constructions of vulnerable infrastructures
bridgecrewio/terragoat
TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository. TerraGoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.
clong/DetectionLab
Vagrant & Packer scripts to build a lab environment complete with security tooling and logging best practices
cliffe/SecGen
SecGen creates vulnerable virtual machines so students can learn security penetration testing techniques.
CodeShield-Security/Serverless-Goat-Java
Java version of the deliberately vulnerable serverless application Serverless-Goat from https://github.com/OWASP/Serverless-Goat
detectify/vulnerable-nginx
An intentionally vulnerable NGINX setup
dolevf/Damn-Vulnerable-GraphQL-Application
Damn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security.
Flangvik/DeployPrinterNightmare
C# tool for installing a shared network printer abusing the PrinterNightmare bug to allow other network machines easy privesc!
globocom/secDevLabs
A laboratory for learning secure web and mobile development in a practical manner.
google/google-ctf
This repository lists most of the challenges used in the Google CTF 2017. The missing challenges are not ready to be open-sourced, or contain third-party code.
GoSecure/pyrdp
RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact
kmcquade/owasp-youtube-2021
Deliberately vulnerable AWS resources for security assessment demos
Lenas Reversing for Newbies
Nice collection of tutorials aimed particularly for newbie reverse enginners...
InsiderPhD/Generic-University
Vulnerable API
madhuakula/kubernetes-goat
Kubernetes Goat is "Vulnerable by Design" Kubernetes Cluster. Designed to be an intentionally vulnerable cluster environment to learn and practice Kubernetes security.
mandiant/Azure_Workshop
Azure Red Team Attack and Detect Workshop
nccgroup/sadcloud
A tool for standing up (and tearing down!) purposefully insecure cloud infrastructure
Orange-Cyberdefense/GOAD
GOAD is a pentest active directory LAB project. The purpose of this lab is to give pentesters a vulnerable Active directory environement ready to use to practice usual attack techniques.
OWASP/iGoat-Swift
OWASP iGoat (Swift) - A Damn Vulnerable Swift Application for iOS
quarkslab/minik8s-ctf
A beginner-friendly CTF about Kubernetes security.
rapid7/hackazon
A modern vulnerable web app
rewanth1997/Damn-Vulnerable-Bank
Vulnerable Banking Application for Android
Reverse Engineering
Welcome to the Reverse Engineering open course! This course is a journey into executable binaries and operating systems from 3 different angles: 1) Malware analysis, 2) Bug hunting and 3) Exploit writing. Both Windows and Linux x86/x86_64 platforms are under scope.
sagishahar/lpeworkshop
Windows / Linux Local Privilege Escalation Workshop
SEED Labs
Various labs from SEED Project
shellphish/how2heap
A repository for learning various heap exploitation techniques.
Vulnerable Docker VM
Ever fantasized about playing with docker misconfigurations, privilege escalation, etc. within a container?
vulhub/vulhub
Pre-Built Vulnerable Environments Based on Docker-Compose
WazeHell/vulnerable-AD
Create a vulnerable active directory that's allowing you to test most of the active directory attacks in a local lab