Discover cisagov/ansible-role-amazon-efs-utils Open Source project

Sparrow.ps1 was created by CISA's Cloud Forensics team to help detect possible compromised accounts and applications in the Azure/m365 environment.

1,504

Sparrow

PowerShell

1,371

ScubaGear

Automation to assess the state of your M365 tenant against CISA's baselines

Open Policy Agent

1,361

cset

Cybersecurity Evaluation Tool

TSQL

1,305

log4j-scanner

log4j-scanner is a project derived from other members of the open-source community by CISA to help organizations identify potentially vulnerable web services affected by the log4j vulnerabilities.

Java

1,262

log4j-affected-db

A community sourced list of log4j-affected software

A DFIR tool written in Python.

1,115

CHIRP

A web application that assists network defenders, analysts, and researchers in the process of mapping adversary behaviors to the MITRE ATT&CK® framework.

1,040

decider

Untitled Goose Tool is a robust and flexible hunt and incident response tool that adds novel authentication and data gathering methods in order to run a full investigation against a customer’s Azure Active Directory (AzureAD), Azure, and M365 environments.

1,021

untitledgoosetool

Logging Made Easy (LME) is a no-cost and open logging and protective monitoring solution serving all organizations.

699

LME

PowerShell

690

pshtt

Scan domains and return data based on HTTPS best practices

External monitoring for organization assets

668

crossfeed

TypeScript

320

ESXiArgs-Recover

A tool to recover from ESXiArgs ransomware

CISA's catalog of bad practices that are exceptionally risky.

293

bad-practices

A set of guidelines and best practices for an awesome engineering team

181

development-guide

Scan domains and return data based on trustworthy email best practices

180

trustymail

A site for CISA directives

180

cyber.dhs.gov

SCSS

138

dotgov-data

Official list of .gov domains

108

ScubaGoggles

SCuBA Security Configuration Baselines and assessment tool for Google Workspace

Open Policy Agent

105

check-cve-2019-19781

Test a host for susceptibility to CVE-2019-19781

Industrial Control Systems Network Protocol Parsers

105

ICSNPP

104

findcdn

findCDN is a tool created to help accurately identify what CDN a domain is using.

President's Cup Cybersecurity Competition Challenges

prescup-challenges

An Ansible role for installing Cobalt Strike.

ansible-role-cobalt-strike

This is a repository of vendor-agnostic workflows provided for those interested in deploying Security Orchestration, Automation, and Response capabilities within their organizations.

shareable-soar-workflows

cybersecurity-performance-goals

CISA's space for collaboration on the Cybersecurity Performance Goals.

The PNT Integrity Library provides users a method to verify the integrity of the received GPS data and ranging signals, thereby improving resiliency against potential GPS signal loss.

PNT-Integrity

C++

join-cisagov

CISA is hiring! We’re looking for candidates passionate about our mission to lead the national effort to understand and manage cyber and physical risk to our critical infrastructure.

Helpful tools for interacting with a GoPhish phishing instance

gophish-tools

Search a filesystem for indicators of compromise (IoC).

ioc-scanner

Vulnerability disclosure policies in the US Government's executive branch

vdp-in-fceb

Epsilon

The Epsilon Algorithm Suite provides users a method to verify the integrity of the received GPS data and ranging signals, thereby improving resiliency against potential GPS signal loss.

Docker container for the gophish phishing framework.

gophish-docker

This utility can help determine if indicators of compromise (IOCs) exist in the log files of a Pulse Secure VPN Appliance for CVE-2019-11510.

check-your-pulse

Building a new .gov registrar for a bright .gov future

getgov

Docker container with a postfix server designed for use during phishing campaigns

postfix-docker

Homepage for the .gov registry

dotgov-home

SCSS

assessment-reporting-engine

A skeleton project for quickly getting a new cisagov Python library started.

skeleton-python-library

Automated pshtt, trustymail, and sslyze scanning

scanner

AWS infrastructure for Cyber Hygiene and BOD 18-01 scanning

cyhy_amis

Distributed certificate transparency log harvester

admiral

A skeleton project for quickly getting a new cisagov Docker container started.

skeleton-docker

Zeek OPCUA Binary Parser - CISA ICSNPP

icsnpp-opcua-binary

Zeek Ethernet/IP and CIP Parser - CISA ICSNPP

icsnpp-enip

Zeek

pe-reports

Automated process to build and distribute Posture & Exposure Reports' bi-weekly to customers.

Zeek BACnet Parser - CISA ICSNPP

icsnpp-bacnet

Ansible role to install and enable the ClamAV virus scanner

ansible-role-clamav

Generate AWS Lambda environment zip files for use by cisagov/domain-scan

lambda_functions

Zeek S7comm, S7comm-plus, and COTP Parser - CISA ICSNPP

icsnpp-s7comm

The NAVV (Network Architecture Verification and Validation) tool creates a spreadsheet for network traffic analysis from PCAP data and Zeek logs, automating Zeek analysis of PCAP files, the collation of Zeek logs and the dissection of conn.log and dns.log to create a summary or network traffic in an XLSX-formatted spreadsheet.

network-architecture-verification-and-validation

A systemd-enabled Kali Linux Docker image, in the spirit of geerlingguy/docker-debian11-ansible.

docker-kali-ansible

Dockerfile

tic3.0

Collaborating on Trusted Internet Connection 3.0 use cases

icsnpp-genisys

Industrial Control Systems Network Protocol Parsers (ICSNPP) - Genisys over TCP/IP

This extension for the gh CLI provides the ability to easily start new projects from our existing library of skeleton repositories.

gh-skeleton

SVT is a tool that can be used to verify ownership and location of assets during the scoping process of a penetration test.

scoping-validation-tool

Orchestrate gatherer, scanner, saver, and trustymail_reporter

orchestrator

Generate HTTPS reports based on scan data

pshtt_reporter

Email Cyber Hygiene, Trustworthy Email, and HTTPS reports to the appropriate technical or distribution addresses

cyhy-mailer

Generate Trustworthy Email reports based on scan data

trustymail_reporter

Provides pre-commit hooks for Packer projects.

pre-commit-packer

Create machine images containing the Nessus vulnerability scanner

nessus-packer

Flask API for Domain Manager

domain-manager-api

Gather domains as a precursor to scanning

gatherer

Certbot container that stores its configuration in an AWS S3 bucket

certboto-docker

Zeek Modbus Extension Scripts - CISA ICSNPP

icsnpp-modbus

Zeek

aws-profile-sync

Synchronize AWS credential profiles from remote sources

An Ansible role for provisioning kali

ansible-role-kali

Zeek DNP3 Extension Scripts - CISA ICSNPP

icsnpp-dnp3

Zeek

dmarc-import

A tool for parsing DMARC aggregate reports.

Zeek BSAP over IP Parser - CISA ICSNPP

icsnpp-bsap-ip

The CSET, Malcom, Con-PCA suite of tools

CISASuite

Zeek Ethercat Parser - CISA ICSNPP

icsnpp-ethercat

C++

skeleton-generic

A generic skeleton project for quickly getting a new cisagov project started.

This script generates a list of possible SOGU filenames based on serial numbers of active drives. It has the added functionality of searching each drive from the generated file list.

Sogu

PowerShell

travis-wait-improved

A tool to help long-running, yet reticent, processes avoid death at the hands of Traivs-CI.

API Docker Container for Con-PCA

con-pca-api

Generic set of dotfiles to get you started with a cisagov development environment

.dotfiles

UI for the Domain Manager

domain-manager-ui

A collection of Active Directory, phishing, mobile technology, system, service, web application, and wireless technology weaknesses that may be discovered during a penetration test.

pen-testing-findings

vulnerable-instances

Virtual machines that are set up with a variety of known vulnerabilities.

Terraform module to create an OpenVPN server instance

openvpn-server-tf-module

Contains data used to identify targets for scanning

scan-target-data

An Ansible role for installing Burp Suite Professional

ansible-role-burp-suite-pro

The website source and terraform code for continuous phishing assessment.

con-pca-web

This project can be used to create AMIs based on Kali Linux, a penetration testing distribution.

kali-packer

Making government security contacts accessible

security-contact-finder

CSS

saver

Save scan results to a database

continuous phishing main repository

con-pca-cicd

megazord-composition

Ansible role to install an OpenVPN server and configure it to authenticate users certificates against FreeIPA.

ansible-role-openvpn

The PNT Integrity DIY Toolkit describes how a perspective end-user of the PNT Integrity Library can assemble a demonstrational toolkit with commercial-off-the-shelf (COTS) hardware.

PNT-Integrity-Toolkit

C++

awssh

Tool to simplify secure shell connections over AWS simple systems manager.

AWS Lambda function for sslyze

sslyze-lambda

cyhy-core

Terraform to deploy an assessment environment to the COOL

cool-assessment-terraform

ncats-data-dictionary

Automate the regular transfer of AIS data into a MISP Server

flare-misp-service

Java

100

Excel2STIX

Generate a STIX XML output file from a Microsoft Excel spreadsheet.