Projects in Awesome Lists by fox-it

https://github.com/fox-it/dissect

Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats, developed by Fox-IT (part of NCC Group).

dfir dissect python

Last synced: 08 Apr 2025

https://github.com/fox-it/aclpwn.py

Active Directory ACL exploitation with BloodHound

Last synced: 02 Apr 2025

https://github.com/fox-it/invoke-aclpwn

Last synced: 02 Apr 2025

https://github.com/fox-it/Invoke-ACLPwn

Last synced: 13 Mar 2025

https://github.com/fox-it/log4j-finder

Find vulnerable Log4j2 versions on disk and also inside Java Archive Files (Log4Shell CVE-2021-44228, CVE-2021-45046, CVE-2021-45105)

cve-2021-44228 cve-2021-45046 cve-2021-45105 log4j log4j-finder log4j2 log4shell python

Last synced: 02 Jul 2025

https://github.com/fox-it/cve-2019-1040-scanner

Last synced: 14 Jul 2025

https://github.com/fox-it/dissect.cstruct_legacy

A no-nonsense c-like structure parsing library for Python

cstruct parsing python struct

Last synced: 07 May 2025

https://github.com/fox-it/quantuminsert

Quantum Insert

detection ids man-on-the-side pcap python quantum-insert

Last synced: 02 Jul 2025

https://github.com/fox-it/mkyara

Generating YARA rules based on binary code

Last synced: 02 Jul 2025

https://github.com/fox-it/mkYARA

Generating YARA rules based on binary code

Last synced: 15 Mar 2025

https://github.com/fox-it/ldapfragger

Last synced: 29 Oct 2025

https://github.com/fox-it/LDAPFragger

Last synced: 11 Jul 2025

https://github.com/fox-it/dissect.cobaltstrike

Python library for dissecting and parsing Cobalt Strike related data such as Beacon payloads and Malleable C2 Profiles

beacon cobaltstrike dissect malleable-c2-profile parser pcap pypy3 python python3

Last synced: 08 Oct 2025

https://github.com/fox-it/danderspritz-evtx

Parse evtx files and detect use of the DanderSpritz eventlogedit module

danderspritz eventlogedit evtx python

Last synced: 02 Jul 2025

https://github.com/fox-it/bloodhound-import

Python based BloodHound data importer

Last synced: 13 May 2025

https://github.com/fox-it/cryptophp

CryptoPHP Indicators of Compromise

Last synced: 02 Jul 2025

https://github.com/fox-it/cobaltstrike-beacon-data

Open Dataset of Cobalt Strike Beacon metadata (2018-2022)

beacon cobaltstrike dataset indicators-of-compromise iocs json jupyter jupyter-notebook pandas python research threat-intelligence

Last synced: 02 Sep 2025

https://github.com/fox-it/cobaltstrike-extraneous-space

Historical list of {Cobalt Strike,NanoHTTPD} servers

cobaltstrike iocs nanohttpd teamserver

Last synced: 23 Feb 2026

https://github.com/fox-it/acquire

acquire is a tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container.

Last synced: 11 May 2025

https://github.com/fox-it/openssh-session-key-recovery

Project containing several tools/ scripts to recover the OpenSSH session keys used to encrypt/ decrypt SSH traffic.

memory openssh pcap sshd volatility volatility3

Last synced: 03 Sep 2025

https://github.com/fox-it/OpenSSH-Session-Key-Recovery

Project containing several tools/ scripts to recover the OpenSSH session keys used to encrypt/ decrypt SSH traffic.

memory openssh pcap sshd volatility volatility3

Last synced: 30 Mar 2025

https://github.com/fox-it/skrapa

A zero dependency and customizable Python library for scanning Windows and Linux process memory.

Last synced: 23 Oct 2025

https://github.com/fox-it/openssh-network-parser

Project to decrypt and parse SSH traffic

Last synced: 02 Jul 2025

https://github.com/fox-it/dissect.target

The Dissect module tying all other Dissect modules together. It provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets).

Last synced: 24 Feb 2026

https://github.com/fox-it/bro-scripts

Bro-IDS scripts

Last synced: 30 Jan 2026

https://github.com/fox-it/cisco-ios-xe-implant-detection

Cisco IOS XE implant scanning & detection (CVE-2023-20198, CVE-2023-20273)

badcandy cisco cisco-ios-xe cve-2023-20198 cve-2023-20273 iocisco pcap suricata

Last synced: 02 Jul 2025

https://github.com/fox-it/dissect.cstruct

A Dissect module implementing a parser for C-like structures.

Last synced: 07 May 2025

https://github.com/fox-it/operation-wocao

Operation Wocao - Indicators of Compromise

apt20 iocs operation-wocao suricata yara

Last synced: 28 Jan 2026

https://github.com/fox-it/citrix-netscaler-triage

Dissect triage script for Citrix NetScaler devices

citrix cve-2023-3519 dfir dissect iocs netscaler webshells

Last synced: 20 Jul 2025

https://github.com/fox-it/pcap-broker

PCAP-over-IP server written in Golang

attack-defense-ctf ctf ctf-tool network-analysis pcap pcap-over-ip peecap tcpdump

Last synced: 10 Sep 2025

https://github.com/fox-it/dll-hijacking-poc

A quick POC on how to embed a meterpreter in Firefox via DLL hijacking

Last synced: 13 Oct 2025

https://github.com/fox-it/decrypt-tfssecretvariables

Last synced: 22 Aug 2025

https://github.com/fox-it/ponmocup

Ponmocup Indicators of Compromise

Last synced: 28 Jan 2026

https://github.com/fox-it/signed-phishing-email

Last synced: 05 Jul 2025

https://github.com/fox-it/spookyssl-pcaps

SpookySSL PCAPS and Network Coverage

cve-2022-3602 detection network openssl pcaps spookyssl suricata

Last synced: 10 Feb 2026

https://github.com/fox-it/dissect.ntfs

A Dissect module implementing a parser for the NTFS file system, used by the Windows operating system.

Last synced: 02 Jul 2025

https://github.com/fox-it/mofang

Mofang Indicators of Compromise

Last synced: 27 Feb 2026

https://github.com/fox-it/flow.record

Recordization library

Last synced: 22 Jul 2025

https://github.com/fox-it/dissect-docs

Dissect documentation project

Last synced: 02 Jul 2025

https://github.com/fox-it/dissect.evidence

A Dissect module implementing a parsers for various forensic evidence file containers, currently: AD1, ASDF and EWF.

Last synced: 26 Jul 2025

https://github.com/fox-it/log4shell-pcaps

Log4Shell PCAPS and Network Coverage

detection ids log4j2 log4shell network pcap suricata

Last synced: 02 Jul 2025

https://github.com/fox-it/dissect.eventlog

A Dissect module implementing parsers for the Windows EVT, EVTX and WEVT log file formats.

Last synced: 18 Oct 2025

https://github.com/fox-it/dissect.clfs

A Dissect module implementing a parser for the CLFS (Common Log File System) file system of Windows.

Last synced: 24 Oct 2025

https://github.com/fox-it/dissect.sql

A Dissect module implementing a parsers for the SQLite database file format, commonly used by applications to store configuration data.

Last synced: 02 Jul 2025

https://github.com/fox-it/dissect.hypervisor

A Dissect module implementing parsers for various hypervisor disk, backup and configuration files.

Last synced: 02 Jul 2025

https://github.com/fox-it/aws-lambda-kinesis-windowseventlog

AWS lambda to transform the json from AWS kinesis agent to useful json documents for elasticsearch

Last synced: 14 Oct 2025

https://github.com/fox-it/reasm

Extract parts of the malware and re-compile it on linux for decrypting stuff using same malware algorithms.

Last synced: 02 Jul 2025

https://github.com/fox-it/dissect.fve

A Dissect module implementing a parsers for full volume encryption implementations, currently Microsoft's Bitlocker Disk Encryption (BDE) and Linux Unified Key Setup (LUKS1 and LUKS2).

Last synced: 25 Jul 2025

https://github.com/fox-it/psixbot

PsiXBot Indicators of Compromise

iocs psixbot

Last synced: 31 Jan 2026