Explore @fox-it Open Source projects

Top Rating
- Top Contributors
  Discover the Top Open Source contributors by country or by language
- Interviews
  Discover real stories from Open Source developers
Discover

Discover your Favorite Language
Discover the top trending repositories and projects on Github. Explore the latest trends in your preferred languages.

Elixir

Rust

Go

Ruby

Java

Perl

Swift

R

More Languages
Awesome

Awesome repositories
Discover the most awesome repositories and projects of your favorite languages. Inspired by the Awesome-* lists trend in GitHub.

Swift

C++

R

Groovy

Perl

PowerShell

Elixir

Erlang

More Languages
By Country

Rankings by Country
Discover the community of talented open source contributors in each country.

🇮🇳 India

🇩🇰 Denmark

🇦🇺 Australia

🇲🇻 Maldives

🇹🇨 Turks and Caicos Islands

🇳🇪 Niger

🇨🇦 Canada

🇦🇼 Aruba

All Countries Compare Countries

Fox-IT (@fox-it)

fox-it

Stars
5,163
Global Org. Rank 4,354 (Top 2 %)
Registered over 13 years ago
Most used languages

Python
78.6 %

PowerShell
5.4 %

Go
1.8 %

C#
1.8 %

Shell
1.8 %

Bro 1.8 %

Java
1.8 %

C
1.8 %

YARA 1.8 %

Jupyter Notebook
1.8 %

HTML
1.8 %
Location 🇳🇱 Netherlands
Country Total Rank 97
Country Ranking

Bro 1

YARA 1

PowerShell
13

Python
31

HTML
44

Jupyter Notebook
73

Shell
79

C#
111

C
454

Go
476

Java
1,129

dissect

Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats, developed by Fox-IT (part of NCC Group).

aclpwn.py

Active Directory ACL exploitation with BloodHound

log4j-finder

Find vulnerable Log4j2 versions on disk and also inside Java Archive Files (Log4Shell CVE-2021-44228, CVE-2021-45046, CVE-2021-45105)

cve-2019-1040-scanner

dissect.cstruct_legacy

A no-nonsense c-like structure parsing library for Python

quantuminsert

LDAPFragger

mkYARA

Generating YARA rules based on binary code

linux-luks-tpm-boot

A guide for setting up LUKS boot with a key from TPM in Linux

Invoke-CredentialPhisher

dissect.cobaltstrike

Python library for dissecting and parsing Cobalt Strike related data such as Beacon payloads and Malleable C2 Profiles

danderspritz-evtx

Parse evtx files and detect use of the DanderSpritz eventlogedit module

bloodhound-import

Python based BloodHound data importer

cryptophp

CryptoPHP Indicators of Compromise

cobaltstrike-extraneous-space

Historical list of {Cobalt Strike,NanoHTTPD} servers

cobaltstrike-beacon-data

Open Dataset of Cobalt Strike Beacon metadata (2018-2022)

Jupyter Notebook

OpenSSH-Session-Key-Recovery

Project containing several tools/ scripts to recover the OpenSSH session keys used to encrypt/ decrypt SSH traffic.

acquire

acquire is a tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container.

OpenSSH-Network-Parser

Project to decrypt and parse SSH traffic

bro-scripts

Bro-IDS scripts

cisco-ios-xe-implant-detection

Cisco IOS XE implant scanning & detection (CVE-2023-20198, CVE-2023-20273)

dissect.cstruct

A Dissect module implementing a parser for C-like structures.

operation-wocao

Operation Wocao - Indicators of Compromise

dissect.target

The Dissect module tying all other Dissect modules together. It provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets).

dll-hijacking-poc

A quick POC on how to embed a meterpreter in Firefox via DLL hijacking

citrix-netscaler-triage

Dissect triage script for Citrix NetScaler devices

Decrypt-TFSSecretVariables

ponmocup

Ponmocup Indicators of Compromise

signed-phishing-email

pcap-broker

PCAP-over-IP server written in Golang

mofang

Mofang Indicators of Compromise

spookyssl-pcaps

SpookySSL PCAPS and Network Coverage

dissect.esedb

A Dissect module implementing a parser for Microsofts Extensible Storage Engine Database (ESEDB), used for example in Active Directory, Exchange and Windows Update.

log4shell-pcaps

Log4Shell PCAPS and Network Coverage

dissect.evidence

A Dissect module implementing a parsers for various forensic evidence file containers, currently: AD1, ASDF and EWF.

dissect.ntfs

A Dissect module implementing a parser for the NTFS file system, used by the Windows operating system.

dissect.eventlog

A Dissect module implementing parsers for the Windows EVT, EVTX and WEVT log file formats.

saitama-server

Server-side implementation for the Saitama implant, useful for detection engineering purposes

dissect-docs

Dissect documentation project

flow.record

Recordization library

django-auth-policy

Django Authentication Policy

psixbot

PsiXBot Indicators of Compromise

reasm

Extract parts of the malware and re-compile it on linux for decrypting stuff using same malware algorithms.

aws-lambda-kinesis-windowseventlog

AWS lambda to transform the json from AWS kinesis agent to useful json documents for elasticsearch

dissect.cim

A Dissect module implementing a parser for the Windows Common Information Model (CIM) database, used in the Windows operating system.

dissect.hypervisor

A Dissect module implementing parsers for various hypervisor disk, backup and configuration files.

Decrypt-OrchestratorSecretVariables

dissect.sql

A Dissect module implementing a parsers for the SQLite database file format, commonly used by applications to store configuration data.

blister-research

Scripts, YARA and IOCs from our research on the Blister malware 🩹

dissect.clfs

A Dissect module implementing a parser for the CLFS (Common Log File System) file system of Windows.

dissect.volume

A Dissect module implementing a parser for different disk volume and partition systems, for example LVM2, GPT and MBR.

dissect.ole

A Dissect module implementing a parser for the Object Linking & Embedding (OLE) format, commonly used by document editors on Windows operating systems.

dissect.vmfs

Dissect module implementing a parser for the VMFS file system, used by VMware virtualization software.

dissect.regf

A Dissect module implementing a parser for Windows registry file format, used to store application and OS configuration on Windows operating systems.

Invoke-BadPwdCountSprayer

dissect.fat

A Dissect module implementing parsers for the FAT and exFAT file systems, commonly used on flash memory based storage devices and UEFI partitions.

dissect.shellitem

A Dissect module implementing a parser for the Shellitem structures, commonly used by Microsoft Windows.

dissect.util

A Dissect module implementing various utility functions for the other Dissect modules.

dissect.ffs

A Dissect module implementing a parser for the FFS file system, commonly used by BSD operating systems.

dissect.xfs

A Dissect module implementing a parser for the XFS file system, commonly used by RedHat Linux distributions.

dissect-workflow-templates

Workflow templates for the dissect projects

dissect_legacy

Namespace and collection package for all dissect projects

dissect.extfs

A Dissect module implementing a parser for the ExtFS file system, the native filesystem for Linux operating systems.

dissect.btrfs

A Dissect module implementing a parser for the btrfs file system.

dissect.etl

A Dissect module implementing a parser for Event Trace Log (ETL) files, used by the Windows operating system to log kernel events.