dissect Dissect is a digital forensics and incident response framework and toolset developed by Fox-IT (part of NCC Group). It allows you to quickly access and analyze forensic artifacts from various disk and file formats....
Real Intelligence Threat Analytics Real Intelligence Threat Analytics (RITA) is an open-source framework for network traffic analysis. The framework ingests Bro Logs, and currently supports the following analysis features: Beaconing Detection: Search for signs of...
Arkime Arkime is an open-source, large-scale, full packet capturing, indexing, and a database system. Arkime augments your current security infrastructure to store and index network traffic in standard PCAP format, providing fast, indexed access....
Mobile Verification Toolkit Mobile Verification Toolkit (MVT) is a collection of utilities to simplify and automate the process of gathering forensic traces helpful to identify a potential compromise of Android and iOS devices. It...
Falco Falco is a cloud-native security tool. It provides near real-time threat detection for cloud, container, and Kubernetes workloads by leveraging runtime insights. Falco can monitor events defined via customizable rules from various sources, including the...
Odinova Digital Tiger: Overview Odinova Digital Tiger is an advanced application designed for Open-Source Intelligence (OSINT), equipped with versatile tools and a user-friendly interface to streamline investigative workflows and enhance data analysis capabilities. Documenter:...
VAST — Visibility Across Space and Time VAST is a network telemetry engine for data-driven security investigations. It ingests high-volume streams of network and logs data, indexes it for later retrieval, and offers several...
sniffnet Sniffnet is a network monitoring tool to help you easily keep track of your Internet traffic. Sniffnet is a technical tool, but at the same time it strongly focuses on the overall user experience: most of...
Horus Horus is a comprehensive OSINT (Open-Source Intelligence) and digital forensics tool built in Python. From leveraging APIs to compiling data, Horus serves as your all-in-one solution for investigative assistance. Whether you’re conducting digital...
Certiception Certiception is a honeypot for Active Directory Certificate Services (ADCS), designed to trap attackers with a realistic and attractive bait that triggers highly relevant alerts. Developed by the SRLabs Red Team, Certiception creates a...
DOLOS-T DOLOS-T is an orchestration platform for cyber deception operations that allows the deployment of realistic decoys and services with high and medium interaction to detect threats in the operational infrastructure. It can be...
ELFieScanner A C++ POC for advanced process memory scanning that attempts to detect many malicious techniques used by threat actors & those that have been incorporated into open-source user-mode rootkits. ELFieScanner inspects every running...
Zeek & Grafana Integration for Network Monitoring This repository provides a quick way to get started using Zeek with a practical use case. The focus is to analyse a network pcap and enable easy...
GoAccess GoAccess is an open-source real-time web log analyzer and interactive viewer that runs in a terminal on *nix systems or through your browser. It provides fast and valuable HTTP statistics for system administrators who require a visual server...
RecoverPy RecoverPy is a powerful tool that leverages your system capabilities to recover lost files. Unlike others, you can not only recover deleted files but also overwritten data. Every block of your partition will be...
What is Netis Cloud Probe? Netis Cloud Probe (Packet Agent, name used before)is an open-source project to deal with such a situation: it captures packets on Machine A but has to use them on Machine B....
