The pentester's Swiss knife

AMSI Bypass

Ghosting-AMSI: AMSI Bypass via RPC Hijack

This technique exploits the COM-level mechanics AMSI uses when delegating scan requests to antivirus (AV) providers through RPC. By hooking into the NdrClientCall3 function—used internally by the RPC runtime to marshal and dispatch function...

NTFS Forensics tool

ntfstool: Forensics tool for NTFS

ntfstool NTFSTool is a forensic tool to play with disks and NTFS volumes. It supports reading partition info (mbr, partition table, vbr) but also information on bitlocker encrypted partition (fve). See examples below to...

Fuzzing Unification Framework

fuzzuf: Fuzzing Unification Framework

fuzzuf fuzzuf (fuzzing unification framework) is a fuzzing framework with its own DSL to describe a fuzzing loop by constructing building blocks of fuzzing primitives. Why use fuzzuf? fuzzuf enables a flexible definition of a fuzzing loop...

Honeypot Platform

tpotce: The All In One Honeypot Platform

T-Pot – The All In One Honeypot Platform T-Pot is based on the Debian (Stable) network installer. The honeypot daemons as well as other support components are dockered. This allows T-Pot to run multiple honeypot...

disk forensics

CyberPipe: collect memory and disk forensics

CSIRT-Collect A PowerShell script to collect memory and (triage) disk forensics for incident response investigations. The script leverages a network share, from which it will access and copy the required executables and subsequently upload...

dns honeypots

honeypots: 30 honeypots in a single pypi package

honeypots 30 low-high level honeypots in a single PyPI package for monitoring network traffic, bots activities, and username \ password credentials. The honeypots respond back, non-blocking, can be used as objects, or called directly...

IPED Digital Forensic Tool

IPED Digital Forensic Tool IPED is open-source software that can be used to process and analyze digital evidence, often seized at crime scenes by law enforcement or in a corporate investigation by private examiners....