Explore @cisagov Open Source projects

Cybersecurity and Infrastructure Security Agency (@cisagov)

cisagov

Stars
14,001
Global Org. Rank 1,627 (Top 0.6 %)
Registered about 8 years ago
Most used languages

Shell
35.2 %

HCL 26.8 %

Python
21.8 %

JavaScript
3.9 %

HTML
2.5 %

Zeek 1.4 %

Dockerfile
1.1 %

Java
1.1 %

C++
1.1 %

TypeScript
1.1 %

Others 4.3 %
Location 🇺🇸 United States
Country Total Rank 709
Country Ranking

Open Policy Agent 2

TSQL 2

Zeek 10

PowerShell
32

HCL 53

SCSS 110

Shell
130

HTML
253

Python
259

TypeScript
274

Java
386

Dockerfile
656

C++
3,392

CSS
6,414

C#
9,010

RedEye

RedEye is a visual analytic tool supporting Red & Blue Team operations

Malcolm

Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.

ScubaGear

Automation to assess the state of your M365 tenant against CISA's baselines

Open Policy Agent

Sparrow

Sparrow.ps1 was created by CISA's Cloud Forensics team to help detect possible compromised accounts and applications in the Azure/m365 environment.

cset

Cybersecurity Evaluation Tool

log4j-scanner

log4j-scanner is a project derived from other members of the open-source community by CISA to help organizations identify potentially vulnerable web services affected by the log4j vulnerabilities.

log4j-affected-db

A community sourced list of log4j-affected software

CHIRP

A DFIR tool written in Python.

decider

A web application that assists network defenders, analysts, and researchers in the process of mapping adversary behaviors to the MITRE ATT&CK® framework.

LME

Logging Made Easy (LME) is a no-cost and open logging and protective monitoring solution serving all organizations.

untitledgoosetool

Untitled Goose Tool is a robust and flexible hunt and incident response tool that adds novel authentication and data gathering methods in order to run a full investigation against a customer’s Azure Active Directory (AzureAD), Azure, and M365 environments.

pshtt

Scan domains and return data based on HTTPS best practices

crossfeed

External monitoring for organization assets

ESXiArgs-Recover

A tool to recover from ESXiArgs ransomware

bad-practices

CISA's catalog of bad practices that are exceptionally risky.

development-guide

A set of guidelines and best practices for an awesome engineering team

trustymail

Scan domains and return data based on trustworthy email best practices

cyber.dhs.gov

A site for CISA directives

ScubaGoggles

SCuBA Security Configuration Baselines and assessment tool for Google Workspace

Open Policy Agent

dotgov-data

Official list of .gov domains

check-cve-2019-19781

Test a host for susceptibility to CVE-2019-19781

ICSNPP

Industrial Control Systems Network Protocol Parsers

findcdn

findCDN is a tool created to help accurately identify what CDN a domain is using.

prescup-challenges

President's Cup Cybersecurity Competition Challenges

ansible-role-cobalt-strike

An Ansible role for installing Cobalt Strike.

parsnip

shareable-soar-workflows

This is a repository of vendor-agnostic workflows provided for those interested in deploying Security Orchestration, Automation, and Response capabilities within their organizations.

cybersecurity-performance-goals

CISA's space for collaboration on the Cybersecurity Performance Goals.

PNT-Integrity

The PNT Integrity Library provides users a method to verify the integrity of the received GPS data and ranging signals, thereby improving resiliency against potential GPS signal loss.

join-cisagov

CISA is hiring! We’re looking for candidates passionate about our mission to lead the national effort to understand and manage cyber and physical risk to our critical infrastructure.

gophish-tools

Helpful tools for interacting with a GoPhish phishing instance

ioc-scanner

Search a filesystem for indicators of compromise (IoC).

gophish-docker

Docker container for the gophish phishing framework.

vdp-in-fceb

Vulnerability disclosure policies in the US Government's executive branch

Epsilon

The Epsilon Algorithm Suite provides users a method to verify the integrity of the received GPS data and ranging signals, thereby improving resiliency against potential GPS signal loss.

pca-gophish-composition

Phishing campaign docker composition for Gophish

check-your-pulse

This utility can help determine if indicators of compromise (IOCs) exist in the log files of a Pulse Secure VPN Appliance for CVE-2019-11510.

getgov

Building a new .gov registrar for a bright .gov future

postfix-docker

Docker container with a postfix server designed for use during phishing campaigns

dotgov-home

Homepage for the .gov registry

assessment-reporting-engine

skeleton-python-library

A skeleton project for quickly getting a new cisagov Python library started.

scanner

Automated pshtt, trustymail, and sslyze scanning

cyhy_amis

AWS infrastructure for Cyber Hygiene and BOD 18-01 scanning

icsnpp-opcua-binary

Zeek OPCUA Binary Parser - CISA ICSNPP

admiral

Distributed certificate transparency log harvester

skeleton-docker

A skeleton project for quickly getting a new cisagov Docker container started.

icsnpp-enip

Zeek Ethernet/IP and CIP Parser - CISA ICSNPP

pe-reports

Automated process to build and distribute Posture & Exposure Reports' bi-weekly to customers.

icsnpp-bacnet

Zeek BACnet Parser - CISA ICSNPP

ansible-role-clamav

Ansible role to install and enable the ClamAV virus scanner

lambda_functions

Generate AWS Lambda environment zip files for use by cisagov/domain-scan

icsnpp-s7comm

Zeek S7comm, S7comm-plus, and COTP Parser - CISA ICSNPP

network-architecture-verification-and-validation

The NAVV (Network Architecture Verification and Validation) tool creates a spreadsheet for network traffic analysis from PCAP data and Zeek logs, automating Zeek analysis of PCAP files, the collation of Zeek logs and the dissection of conn.log and dns.log to create a summary or network traffic in an XLSX-formatted spreadsheet.

docker-kali-ansible

A systemd-enabled Kali Linux Docker image, in the spirit of geerlingguy/docker-debian11-ansible.

tic3.0

Collaborating on Trusted Internet Connection 3.0 use cases

icsnpp-genisys

Industrial Control Systems Network Protocol Parsers (ICSNPP) - Genisys over TCP/IP

gh-skeleton

This extension for the gh CLI provides the ability to easily start new projects from our existing library of skeleton repositories.

scoping-validation-tool

SVT is a tool that can be used to verify ownership and location of assets during the scoping process of a penetration test.

orchestrator

Orchestrate gatherer, scanner, saver, and trustymail_reporter

pshtt_reporter

Generate HTTPS reports based on scan data

cyhy-mailer

Email Cyber Hygiene, Trustworthy Email, and HTTPS reports to the appropriate technical or distribution addresses

trustymail_reporter

Generate Trustworthy Email reports based on scan data

pre-commit-packer

Provides pre-commit hooks for Packer projects.

nessus-packer

Create machine images containing the Nessus vulnerability scanner

domain-manager-api

Flask API for Domain Manager

gatherer

Gather domains as a precursor to scanning

certboto-docker

Certbot container that stores its configuration in an AWS S3 bucket

icsnpp-modbus

Zeek Modbus Extension Scripts - CISA ICSNPP

aws-profile-sync

Synchronize AWS credential profiles from remote sources

ansible-role-kali

An Ansible role for provisioning kali

icsnpp-dnp3

Zeek DNP3 Extension Scripts - CISA ICSNPP

dmarc-import

A tool for parsing DMARC aggregate reports.

icsnpp-bsap-ip

Zeek BSAP over IP Parser - CISA ICSNPP

CISASuite

The CSET, Malcom, Con-PCA suite of tools

skeleton-generic

A generic skeleton project for quickly getting a new cisagov project started.

icsnpp-ethercat

Zeek Ethercat Parser - CISA ICSNPP

Sogu

This script generates a list of possible SOGU filenames based on serial numbers of active drives. It has the added functionality of searching each drive from the generated file list.

travis-wait-improved

A tool to help long-running, yet reticent, processes avoid death at the hands of Traivs-CI.

con-pca-api

API Docker Container for Con-PCA

.dotfiles

Generic set of dotfiles to get you started with a cisagov development environment

domain-manager-ui

UI for the Domain Manager

pen-testing-findings

A collection of Active Directory, phishing, mobile technology, system, service, web application, and wireless technology weaknesses that may be discovered during a penetration test.

vulnerable-instances

Virtual machines that are set up with a variety of known vulnerabilities.

openvpn-server-tf-module

Terraform module to create an OpenVPN server instance

scan-target-data

Contains data used to identify targets for scanning

ansible-role-burp-suite-pro

An Ansible role for installing Burp Suite Professional

con-pca-web

The website source and terraform code for continuous phishing assessment.

kali-packer

This project can be used to create AMIs based on Kali Linux, a penetration testing distribution.

security-contact-finder

Making government security contacts accessible

saver

Save scan results to a database

con-pca-cicd

continuous phishing main repository

megazord-composition

ansible-role-openvpn

Ansible role to install an OpenVPN server and configure it to authenticate users certificates against FreeIPA.

ansible-role-amazon-efs-utils

An Ansible role for installing aws/efs-utils

PNT-Integrity-Toolkit

The PNT Integrity DIY Toolkit describes how a perspective end-user of the PNT Integrity Library can assemble a demonstrational toolkit with commercial-off-the-shelf (COTS) hardware.

awssh

Tool to simplify secure shell connections over AWS simple systems manager.

sslyze-lambda

AWS Lambda function for sslyze

cyhy-core

cool-assessment-terraform

Terraform to deploy an assessment environment to the COOL