Discover cisagov/getgov Open Source project

Cybersecurity Evaluation Tool

1,504

cset

TSQL

1,424

Sparrow

Sparrow.ps1 was created by CISA's Cloud Forensics team to help detect possible compromised accounts and applications in the Azure/m365 environment.

PowerShell

1,371

log4j-scanner

log4j-scanner is a project derived from other members of the open-source community by CISA to help organizations identify potentially vulnerable web services affected by the log4j vulnerabilities.

Java

1,262

log4j-affected-db

A community sourced list of log4j-affected software

A DFIR tool written in Python.

1,115

CHIRP

A web application that assists network defenders, analysts, and researchers in the process of mapping adversary behaviors to the MITRE ATT&CK® framework.

1,040

decider

Logging Made Easy (LME) is a no-cost and open logging and protective monitoring solution serving all organizations.

1,021

LME

Untitled Goose Tool is a robust and flexible hunt and incident response tool that adds novel authentication and data gathering methods in order to run a full investigation against a customer’s Azure Active Directory (AzureAD), Azure, and M365 environments.

795

untitledgoosetool

Scan domains and return data based on HTTPS best practices

699

pshtt

External monitoring for organization assets

670

crossfeed

TypeScript

320

ESXiArgs-Recover

A tool to recover from ESXiArgs ransomware

Scan domains and return data based on trustworthy email best practices

292

trustymail

CISA's catalog of bad practices that are exceptionally risky.

185

bad-practices

A set of guidelines and best practices for an awesome engineering team

181

development-guide

SCuBA Secure Configuration Baselines and assessment tool for Google Workspace

180

ScubaGoggles

Open Policy Agent

148

cyber.dhs.gov

A site for CISA directives

SCSS

138

dotgov-data

Official list of .gov domains

108

check-cve-2019-19781

Test a host for susceptibility to CVE-2019-19781

Industrial Control Systems Network Protocol Parsers

105

ICSNPP

104

findcdn

findCDN is a tool created to help accurately identify what CDN a domain is using.

President's Cup Cybersecurity Competition Challenges

prescup-challenges

This is a repository of vendor-agnostic workflows provided for those interested in deploying Security Orchestration, Automation, and Response capabilities within their organizations.

shareable-soar-workflows

parsnip

An Ansible role for installing Cobalt Strike.

ansible-role-cobalt-strike

CISA's space for collaboration on the Cybersecurity Performance Goals.

cybersecurity-performance-goals

The PNT Integrity Library provides users a method to verify the integrity of the received GPS data and ranging signals, thereby improving resiliency against potential GPS signal loss.

PNT-Integrity

C++

join-cisagov

CISA is hiring! We’re looking for candidates passionate about our mission to lead the national effort to understand and manage cyber and physical risk to our critical infrastructure.

Helpful tools for interacting with a GoPhish phishing instance

gophish-tools

Docker container for the gophish phishing framework.

gophish-docker

Search a filesystem for indicators of compromise (IoC).

ioc-scanner

Phishing campaign docker composition for Gophish

pca-gophish-composition

Vulnerability disclosure policies in the US Government's executive branch

vdp-in-fceb

Epsilon

The Epsilon Algorithm Suite provides users a method to verify the integrity of the received GPS data and ranging signals, thereby improving resiliency against potential GPS signal loss.

This utility can help determine if indicators of compromise (IOCs) exist in the log files of a Pulse Secure VPN Appliance for CVE-2019-11510.

check-your-pulse

Docker container with a postfix server designed for use during phishing campaigns

postfix-docker

Homepage for the .gov registry

dotgov-home

SCSS

assessment-reporting-engine

A skeleton project for quickly getting a new cisagov Python library started.

skeleton-python-library

Automated pshtt, trustymail, and sslyze scanning

scanner

AWS infrastructure for Cyber Hygiene and BOD 18-01 scanning

cyhy_amis

A skeleton project for quickly getting a new cisagov Docker container started.

skeleton-docker

Distributed certificate transparency log harvester

admiral

Zeek OPCUA Binary Parser - CISA ICSNPP

icsnpp-opcua-binary

Automated process to build and distribute Posture & Exposure Reports' bi-weekly to customers.

pe-reports

Zeek Ethernet/IP and CIP Parser - CISA ICSNPP

icsnpp-enip

Zeek

icsnpp-bacnet

Zeek BACnet Parser - CISA ICSNPP

Ansible role to install and enable the ClamAV virus scanner

ansible-role-clamav

Generate AWS Lambda environment zip files for use by cisagov/domain-scan

lambda_functions

Zeek S7comm, S7comm-plus, and COTP Parser - CISA ICSNPP

icsnpp-s7comm

The NAVV (Network Architecture Verification and Validation) tool creates a spreadsheet for network traffic analysis from PCAP data and Zeek logs, automating Zeek analysis of PCAP files, the collation of Zeek logs and the dissection of conn.log and dns.log to create a summary or network traffic in an XLSX-formatted spreadsheet.

network-architecture-verification-and-validation

A systemd-enabled Kali Linux Docker image, in the spirit of geerlingguy/docker-debian11-ansible.

docker-kali-ansible

Dockerfile

tic3.0

Collaborating on Trusted Internet Connection 3.0 use cases

icsnpp-genisys

Industrial Control Systems Network Protocol Parsers (ICSNPP) - Genisys over TCP/IP

This extension for the gh CLI provides the ability to easily start new projects from our existing library of skeleton repositories.

gh-skeleton

SVT is a tool that can be used to verify ownership and location of assets during the scoping process of a penetration test.

scoping-validation-tool

Orchestrate gatherer, scanner, saver, and trustymail_reporter

orchestrator

Generate HTTPS reports based on scan data

pshtt_reporter

Email Cyber Hygiene, Trustworthy Email, and HTTPS reports to the appropriate technical or distribution addresses

cyhy-mailer

Generate Trustworthy Email reports based on scan data

trustymail_reporter

Provides pre-commit hooks for Packer projects.

pre-commit-packer

Create machine images containing the Nessus vulnerability scanner

nessus-packer

Flask API for Domain Manager

domain-manager-api

Gather domains as a precursor to scanning

gatherer

Certbot container that stores its configuration in an AWS S3 bucket

certboto-docker

Zeek Modbus Extension Scripts - CISA ICSNPP

icsnpp-modbus

Zeek

ansible-role-kali

An Ansible role for provisioning kali

Synchronize AWS credential profiles from remote sources

aws-profile-sync

Zeek DNP3 Extension Scripts - CISA ICSNPP

icsnpp-dnp3

Zeek

dmarc-import

A tool for parsing DMARC aggregate reports.

Zeek BSAP over IP Parser - CISA ICSNPP

icsnpp-bsap-ip

The CSET, Malcom, Con-PCA suite of tools

CISASuite

A generic skeleton project for quickly getting a new cisagov project started.

skeleton-generic

Zeek Ethercat Parser - CISA ICSNPP

icsnpp-ethercat

C++

Sogu

This script generates a list of possible SOGU filenames based on serial numbers of active drives. It has the added functionality of searching each drive from the generated file list.

PowerShell

PNT-Integrity-Toolkit

The PNT Integrity DIY Toolkit describes how a perspective end-user of the PNT Integrity Library can assemble a demonstrational toolkit with commercial-off-the-shelf (COTS) hardware.

C++

travis-wait-improved

A tool to help long-running, yet reticent, processes avoid death at the hands of Traivs-CI.

API Docker Container for Con-PCA

con-pca-api

Generic set of dotfiles to get you started with a cisagov development environment

.dotfiles

UI for the Domain Manager

domain-manager-ui

A collection of Active Directory, phishing, mobile technology, system, service, web application, and wireless technology weaknesses that may be discovered during a penetration test.

pen-testing-findings

vulnerable-instances

Virtual machines that are set up with a variety of known vulnerabilities.

Contains data used to identify targets for scanning

scan-target-data

Terraform module to create an OpenVPN server instance

openvpn-server-tf-module

An Ansible role for installing Burp Suite Professional

ansible-role-burp-suite-pro

The website source and terraform code for continuous phishing assessment.

con-pca-web

Making government security contacts accessible

security-contact-finder

CSS

con-pca-cicd

continuous phishing main repository

Automate the regular transfer of AIS data into a MISP Server

flare-misp-service

Java

saver

Save scan results to a database

megazord-composition

Ansible role to install an OpenVPN server and configure it to authenticate users certificates against FreeIPA.

ansible-role-openvpn

An Ansible role for installing aws/efs-utils

ansible-role-amazon-efs-utils

Tool to simplify secure shell connections over AWS simple systems manager.

awssh

AWS Lambda function for sslyze

sslyze-lambda

cyhy-core

ncats-data-dictionary

Terraform to deploy an assessment environment to the COOL

100

cool-assessment-terraform