Displaying 1 to 20 from 30 results

awesome-hacking - Awesome hacking is an awesome collection of hacking tools.

  •    Python

Awesome hacking is a curated list of hacking tools for hackers, pentesters and security researchers. Its goal is to collect, classify and make awesome tools easy to find by humans, creating a toolset you can checkout and update with one command. Every kind of contribution is really appreciated! Follow the :doc:`contribute`.

timesketch - Collaborative forensic timeline analysis

  •    Python

Timesketch is an open source tool for collaborative forensic timeline analysis. Using sketches you and your collaborators can easily organize your timelines and analyze them all at the same time. Add meaning to your raw data with rich annotations, comments, tags and stars.

PcapXray - :snowflake: PcapXray - A Network Forensics Tool - To visualize a Packet Capture offline as a Network Diagram including device identification, highlight important communication and file extraction

  •    Python

Given a Pcap File, plot a network diagram displaying hosts in the network, network traffic, highlight important traffic and Tor traffic as well as potential malicious traffic including data involved in the communication.

plaso - Super timeline all the things

  •    Python

In short, plaso is a Python-based backend engine for the tool log2timeline. log2timeline is a tool designed to extract timestamps from various files found on a typical computer system(s) and aggregate them.

SeqBox - A single file container/archive that can be reconstructed even after total loss of file system structures

  •    Python

An SBX container exists both as a normal file in a mounted file system, and as a collection of recognizable blocks at a lower level.SBX blocks have a size sub-multiple/equal to that of a sector, so they can survive any level of fragmentation. Each block have a minimal header that include a unique file identifier, block sequence number, checksum, version. Additional, non critical info/metadata are contained in block 0 (like name, file size, crypto-hash, other attributes, etc.).

goHackTools - Hacker tools on Go (Golang)

  •    Go

This project is licensed under MIT license. Please read the LICENSE file. Welcomes any kind of contribution. Please read the CONTRIBUTING, ISSUE TEMPLATE and CODE_OF_CONDUCT file.

hindsight - Internet history forensics for Google Chrome/Chromium

  •    Python

Hindsight is a free tool for analyzing web artifacts. It started with the browsing history of the Google Chrome web browser and has expanded to support other Chromium-based applications (with more to come!). Hindsight can parse a number of different types of web artifacts, including URLs, download history, cache records, bookmarks, autofill records, saved passwords, preferences, browser extensions, HTTP cookies, and Local Storage records (HTML5 cookies). Once the data is extracted from each file, it is correlated with data from other history files and placed in a timeline. The only field you are required to complete is "Profile Path". This is the location of the Chrome profile you want to analyze (the default profile paths for different OSes is listed at the bottom of this page). Click "Run" and you'll be taken to the results page in where you can save the results to a spreadsheet (or other formats).

diffy - Diffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response

  •    Python

Diffy is a digital forensics and incident response (DFIR) tool developed by Netflix's Security Intelligence and Response Team (SIRT). Diffy allows a forensic investigator to quickly scope a compromise across cloud instances during an incident, and triage those instances for followup actions. Diffy is currently focused on Linux instances running within Amazon Web Services (AWS), but owing to our plugin structure, could support multiple platforms and cloud providers.

BlockHashLoc - Recover files using lists of blocks hashes, bypassing the File System entirely

  •    Python

The purpose of BlockHashLoc is to enable the recovery of files after total loss of File System structures, or without even knowing what FS was used in the first place.The way it can recover a given file is by keeping a (small) parallel BHL file with a list of crypto-hashes of all the blocks (of selectable size) that compose it. So it's then possible to read blocks from a disk image/volume, calculate their hashes, compare them with the saved ones and rebuild the original file.

amt-forensics - Retrieve Intel AMT's Audit Log from a Linux machine without knowing the admin user's password

  •    Python

This README contains instructions on how to use the scripts in this repository to retrieve Intel AMT's Audit Log from a Linux machine without knowing the admin user's password. The ideas from the script can be used to retrieve other pertinent information from Intel AMT via the ME Interface (MEI).You should be able to load http://localhost:16992/ in your browser now.

docker-explorer - A tool to help forensicate offline docker acquisitions

  •    Python

This project helps a forensics analyst explore offline Docker filesystems. When analyzing a system where a Docker container has been compromised, it can be useful to have the same view of the filesystem as the container's.

RecuperaBit - A tool for forensic file system reconstruction.

  •    Python

A software which attempts to reconstruct file system structures and recover files. Currently it supports only NTFS. You can get more information about the reconstruction algorithms and the architecture used in RecuperaBit by reading my MSc thesis or checking out the slides.

dnslog - Minimalistic DNS logging tool

  •    Python

Minimalistic DNS logging tool. Captures all DNS traffic and stores its textual presentation (in compressed form) to the /var/log/dnslog/<date>.log.gz. Created for the network forensics purposes.

bits_parser - Extract BITS jobs from QMGR queue and store them as CSV records

  •    Python

Extract BITS jobs from QMGR queue and store them as CSV records. QMGR queues are usually .dat files located in the folder %%ALLUSERSPROFILE%%\Microsoft\Network\Downloader on a Windows system.

bootcode_parser - A boot record parser that identifies known good signatures for MBR, VBR and IPL.

  •    Python

bootcode_parser.py is a Python script designed to perform a quick offline analysis of the boot records used by BIOS based systems (UEFI is not supported). It is intended to help the analyst triaging individual boot record dumps or whole disk images. The latter is preferred since it allows the script to perform additional checks that would not be possible on individual dumps alone.

qed - quod erat demonstrandum - verifiable data structure

  •    Go

qed is a software to test the scalability of authenticated data structures. Our mission is to design a system which, even when deployed into a non-trusted server, allows one to verify the integrity of a chain of events and detect modifications of single events or parts of its history. This software is experimental and part of the research being done at BBVA Labs. We will eventually publish our research work, analysis and the experiments for anyone to reproduce.

tr1pd - tamper resistant audit log

  •    Rust

tr1pd is a tamper resistant audit log. Make sure you have the following dependencies installed: Debian/Ubuntu: libsodium-dev libseccomp-dev libzmq3-dev, Archlinux: libsodium libseccomp zeromq, Alpine: make libsodium-dev libseccomp-dev zeromq-dev, OpenBSD: libsodium zeromq.

We have large collection of open source products. Follow the tags from Tag Cloud >>

Open source products are scattered around the web. Please provide information about the open source projects you own / you use. Add Projects.