scared scared is a library that aims to provide tools to achieve side-channel analysis. It provides pretty high-level APIs, and ready-to-use tools to quickly run classic CPA, DPA, … leakage, and reverse analysis. It...
EVTX A cross-platform parser for the Windows XML EventLog format Features 🔒 Implemented using 100% safe rust – and works on all platforms supported by rust (that have stdlib). 🚀 Multi-threaded. ✨ Supports XML and JSON outputs,...
The Memory Process File System: The Memory Process File System (MemProcFS) is an easy and convenient way of accessing physical memory as files a virtual file system. Easy trivial point-and-click memory analysis without the...
RecoverPy You can already find plenty of solutions to recover deleted files, but it can be a hassle to recover overwritten files. RecoverPy searches through every block of your partition to find your request....
Vector Vector is a high-performance, end-to-end (agent & aggregator) observability data pipeline that puts you in control of your observability data. Collect, transform, and route all your logs, metrics, and traces to any vendors you want today and...
Loki: like Prometheus, but for logs. Loki is a horizontally-scalable, highly-available, multi-tenant log aggregation system inspired by Prometheus. It is designed to be very cost-effective and easy to operate. It does not index the contents...
Watcher Watcher is a Django & React JS automated platform for discovering new potential cybersecurity threats targeting your organization. It should be used on web servers and available on Docker. Watcher capabilities Detect emerging...
LNAV — The Logfile Navigator The log file navigator, lnav, is an enhanced log file viewer that takes advantage of any semantic information that can be gleaned from the files being viewed, such as...
Tcpreplay Tcpreplay is a suite of GPLv3 licensed utilities for UNIX (and Win32 under Cygwin) operating systems for editing and replaying network traffic which was previously captured by tools like tcpdump and Ethereal/Wireshark. It allows you to classify traffic as...
UAC (Unix-like Artifacts Collector) UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD,...
python-oletools oletools is a package of python tools to analyze Microsoft OLE2 files (also called Structured Storage, Compound File Binary Format, or Compound Document File Format), such as Microsoft Office documents or Outlook messages, mainly for...
IRIS – Incident Response Investigation System IRIS is a web collaborative platform for incident response analysts allowing them to share investigations at a technical level. It’s a web application, so it can be either...
DNS Diagnostics and Performance Measurement Tools Ever been wondering if your ISP is hijacking your DNS traffic? Ever observed any misbehavior with your DNS responses? Ever been redirected to wrong address and suspected something is...
chainsaw – Rapidly Search and Hunt through Windows Event Logs Chainsaw provides a powerful “first-response” capability to quickly identify threats within Windows event logs. It offers a generic and fast method of searching through...
Tracee – Container, and system tracing using eBPF Tracee is a lightweight and easy-to-use container and system tracing tool. It allows you to observe system calls and other system events in real-time. A unique...
OWASP O-Saft OWASP SSL advanced forensic tool / OWASP SSL audit for testers O-Saft is easy to use tool to show information about SSL certificate and tests the SSL connection according to given list...
