Fox-IT (@fox-it)
Guthub

fox-it

Twitter logo Share LinkedIn logo Share Facebook logo Share

Top repositories

1

dissect

Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats, developed by Fox-IT (part of NCC Group).
779
star
2

aclpwn.py

Active Directory ACL exploitation with BloodHound
Python
632
star
3

log4j-finder

Find vulnerable Log4j2 versions on disk and also inside Java Archive Files (Log4Shell CVE-2021-44228, CVE-2021-45046, CVE-2021-45105)
Python
435
star
4

cve-2019-1040-scanner

Python
276
star
5

dissect.cstruct_legacy

A no-nonsense c-like structure parsing library for Python
Python
240
star
6

quantuminsert

Quantum Insert
HTML
211
star
7

LDAPFragger

C#
181
star
8

mkYARA

Generating YARA rules based on binary code
Python
179
star
9

linux-luks-tpm-boot

A guide for setting up LUKS boot with a key from TPM in Linux
Shell
175
star
10

Invoke-CredentialPhisher

PowerShell
170
star
11

bloodhound-import

Python based BloodHound data importer
Python
141
star
12

dissect.cobaltstrike

Python library for dissecting and parsing Cobalt Strike related data such as Beacon payloads and Malleable C2 Profiles
Python
139
star
13

danderspritz-evtx

Parse evtx files and detect use of the DanderSpritz eventlogedit module
Python
139
star
14

cryptophp

CryptoPHP Indicators of Compromise
Python
128
star
15

cobaltstrike-extraneous-space

Historical list of {Cobalt Strike,NanoHTTPD} servers
125
star
16

cobaltstrike-beacon-data

Open Dataset of Cobalt Strike Beacon metadata (2018-2022)
Jupyter Notebook
114
star
17

OpenSSH-Session-Key-Recovery

Project containing several tools/ scripts to recover the OpenSSH session keys used to encrypt/ decrypt SSH traffic.
Python
72
star
18

acquire

acquire is a tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container.
Python
57
star
19

OpenSSH-Network-Parser

Project to decrypt and parse SSH traffic
Python
54
star
20

bro-scripts

Bro-IDS scripts
Bro
51
star
21

cisco-ios-xe-implant-detection

Cisco IOS XE implant scanning & detection (CVE-2023-20198, CVE-2023-20273)
Python
38
star
22

dissect.cstruct

A Dissect module implementing a parser for C-like structures.
Python
30
star
23

operation-wocao

Operation Wocao - Indicators of Compromise
YARA
30
star
24

dissect.target

The Dissect module tying all other Dissect modules together. It provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets).
Python
27
star
25

dll-hijacking-poc

A quick POC on how to embed a meterpreter in Firefox via DLL hijacking
C
17
star
26

citrix-netscaler-triage

Dissect triage script for Citrix NetScaler devices
Python
17
star
27

Decrypt-TFSSecretVariables

PowerShell
15
star
28

ponmocup

Ponmocup Indicators of Compromise
13
star
29

signed-phishing-email

Python
11
star
30

pcap-broker

PCAP-over-IP server written in Golang
Go
11
star
31

mofang

Mofang Indicators of Compromise
10
star
32

spookyssl-pcaps

SpookySSL PCAPS and Network Coverage
10
star
33

dissect.esedb

A Dissect module implementing a parser for Microsofts Extensible Storage Engine Database (ESEDB), used for example in Active Directory, Exchange and Windows Update.
Python
10
star
34

dissect-docs

Dissect documentation project
7
star
35

log4shell-pcaps

Log4Shell PCAPS and Network Coverage
Java
7
star
36

dissect.evidence

A Dissect module implementing a parsers for various forensic evidence file containers, currently: AD1, ASDF and EWF.
Python
7
star
37

dissect.ntfs

A Dissect module implementing a parser for the NTFS file system, used by the Windows operating system.
Python
7
star
38

dissect.eventlog

A Dissect module implementing parsers for the Windows EVT, EVTX and WEVT log file formats.
Python
6
star
39

saitama-server

Server-side implementation for the Saitama implant, useful for detection engineering purposes
Python
6
star
40

flow.record

Recordization library
Python
6
star
41

django-auth-policy

Django Authentication Policy
Python
6
star
42

psixbot

PsiXBot Indicators of Compromise
5
star
43

reasm

Extract parts of the malware and re-compile it on linux for decrypting stuff using same malware algorithms.
Python
5
star
44

aws-lambda-kinesis-windowseventlog

AWS lambda to transform the json from AWS kinesis agent to useful json documents for elasticsearch
Python
5
star
45

dissect.cim

A Dissect module implementing a parser for the Windows Common Information Model (CIM) database, used in the Windows operating system.
Python
5
star
46

dissect.hypervisor

A Dissect module implementing parsers for various hypervisor disk, backup and configuration files.
Python
4
star
47

Decrypt-OrchestratorSecretVariables

PowerShell
4
star
48

dissect.sql

A Dissect module implementing a parsers for the SQLite database file format, commonly used by applications to store configuration data.
Python
4
star
49

blister-research

Scripts, YARA and IOCs from our research on the Blister malware 🩹
Python
3
star
50

dissect.clfs

A Dissect module implementing a parser for the CLFS (Common Log File System) file system of Windows.
Python
3
star
51

dissect.volume

A Dissect module implementing a parser for different disk volume and partition systems, for example LVM2, GPT and MBR.
Python
3
star
52

dissect.ole

A Dissect module implementing a parser for the Object Linking & Embedding (OLE) format, commonly used by document editors on Windows operating systems.
Python
3
star
53

dissect.vmfs

Dissect module implementing a parser for the VMFS file system, used by VMware virtualization software.
Python
3
star
54

dissect.regf

A Dissect module implementing a parser for Windows registry file format, used to store application and OS configuration on Windows operating systems.
Python
3
star
55

Invoke-BadPwdCountSprayer

2
star
56

dissect.fat

A Dissect module implementing parsers for the FAT and exFAT file systems, commonly used on flash memory based storage devices and UEFI partitions.
Python
2
star
57

dissect.shellitem

A Dissect module implementing a parser for the Shellitem structures, commonly used by Microsoft Windows.
Python
2
star
58

dissect.util

A Dissect module implementing various utility functions for the other Dissect modules.
Python
2
star
59

dissect.ffs

A Dissect module implementing a parser for the FFS file system, commonly used by BSD operating systems.
Python
2
star
60

dissect.xfs

A Dissect module implementing a parser for the XFS file system, commonly used by RedHat Linux distributions.
Python
2
star
61

dissect-workflow-templates

Workflow templates for the dissect projects
2
star
62

dissect_legacy

Namespace and collection package for all dissect projects
Python
2
star
63

dissect.extfs

A Dissect module implementing a parser for the ExtFS file system, the native filesystem for Linux operating systems.
Python
1
star
64

dissect.btrfs

A Dissect module implementing a parser for the btrfs file system.
Python
1
star
65

dissect.etl

A Dissect module implementing a parser for Event Trace Log (ETL) files, used by the Windows operating system to log kernel events.
Python
1
star