Displaying 1 to 7 from 7 results

commando-vm - Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution

  •    PowerShell

Welcome to CommandoVM - a fully customizable, Windows-based security distribution for penetration testing and red teaming. The script will set up the Boxstarter environment and proceed to download and install the Commando VM environment. You will be prompted for the administrator password in order to automate host restarts during installation. If you do not have a password set, hitting enter when prompted will also work.

flare-emu

  •    Python

flare-emu marries a supported binary analysis framework, such as IDA Pro or Radare2, with Unicorn’s emulation framework to provide the user with an easy to use and flexible interface for scripting emulation tasks. It is designed to handle all the housekeeping of setting up a flexible and robust emulator for its supported architectures so that you can focus on solving your code analysis problems. Currently, flare-emu supports the x86, x86_64, ARM, and ARM64 architectures. It currently provides five different interfaces to serve your emulation needs, along with a slew of related helper and utility functions.

stringsifter - A machine learning tool that ranks strings based on their relevance for malware analysis

  •    Python

StringSifter is a machine learning tool that automatically ranks strings based on their relevance for malware analysis. The pip install command installs two runnable scripts flarestrings and rank_strings into your python environment. When developing from source, use pipenv run flarestrings and pipenv run rank_strings.

flashmingo - Automatic analysis of SWF files based on some heuristics. Extensible via plugins.

  •    Python

NOTE: The following instructions are for Python3. If you need to install FLASHMINGO on Python2.7 you can checkout the release 1.0 under the releases tab. The installation steps are essentially the same.




gocat - Provides access to libhashcat

  •    Go

gocat is a cgo library for interacting with libhashcat. gocat enables you to create purpose-built password cracking tools that leverage the capabilities of hashcat.

jitm - JITM is an automated tool to bypass the JIT Hooking protection on a .NET sample.

  •    C++

JITM is an automated tool to bypass the JIT Hooking protection on a .NET sample. JIT Hooking is the technique where the sample hooks the compileMethod() function. With the hook in place, the sample can easily replace the MSIL with a decrypted/deobfuscated version at run time. This makes static analysis almost impossible. One possible solution is to install our own hook before loading the sample. We can have a chance to save/recover the real MSIL and save the content to a file. We can then rebuild the .NET executable by adding a brand new section containing the dumped methods and fix all methods in the MethodDef tables of the .NET #~ stream. The end result is still not runable without further intervention; however, it should be good enough to perform advanced static analysis.

vocab_scraper - Vocabulary Scraper script used in FLARE's analysis of Russian-language Carbanak source code

  •    Python

Vocabulary Scraper is meant to aid analysis of foreign-language codebases. It reads source files (*.{c,h,cpp,hpp,txt}) and writes a prioritized vocabularly list in UTF-8. It was written and used by FLARE to analyze the Carbanak source code, and accordingly, the default setting is to read files in code page 1251 (Cyrillic). The default input encoding is cp1251 and the default output encoding is utf-8. Any character encoding name recognized by the Python standard libraries should work.






We have large collection of open source products. Follow the tags from Tag Cloud >>


Open source products are scattered around the web. Please provide information about the open source projects you own / you use. Add Projects.