There are no reviews yet. Be the first to send feedback to the community and the maintainers!
dissect
Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats, developed by Fox-IT (part of NCC Group).aclpwn.py
Active Directory ACL exploitation with BloodHoundlog4j-finder
Find vulnerable Log4j2 versions on disk and also inside Java Archive Files (Log4Shell CVE-2021-44228, CVE-2021-45046, CVE-2021-45105)cve-2019-1040-scanner
dissect.cstruct_legacy
A no-nonsense c-like structure parsing library for Pythonquantuminsert
Quantum InsertLDAPFragger
mkYARA
Generating YARA rules based on binary codelinux-luks-tpm-boot
A guide for setting up LUKS boot with a key from TPM in LinuxInvoke-CredentialPhisher
bloodhound-import
Python based BloodHound data importerdissect.cobaltstrike
Python library for dissecting and parsing Cobalt Strike related data such as Beacon payloads and Malleable C2 Profilesdanderspritz-evtx
Parse evtx files and detect use of the DanderSpritz eventlogedit modulecryptophp
CryptoPHP Indicators of Compromisecobaltstrike-extraneous-space
Historical list of {Cobalt Strike,NanoHTTPD} serverscobaltstrike-beacon-data
Open Dataset of Cobalt Strike Beacon metadata (2018-2022)OpenSSH-Session-Key-Recovery
Project containing several tools/ scripts to recover the OpenSSH session keys used to encrypt/ decrypt SSH traffic.acquire
acquire is a tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container.OpenSSH-Network-Parser
Project to decrypt and parse SSH trafficbro-scripts
Bro-IDS scriptscisco-ios-xe-implant-detection
Cisco IOS XE implant scanning & detection (CVE-2023-20198, CVE-2023-20273)dissect.cstruct
A Dissect module implementing a parser for C-like structures.operation-wocao
Operation Wocao - Indicators of Compromisedissect.target
The Dissect module tying all other Dissect modules together. It provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets).dll-hijacking-poc
A quick POC on how to embed a meterpreter in Firefox via DLL hijackingcitrix-netscaler-triage
Dissect triage script for Citrix NetScaler devicesDecrypt-TFSSecretVariables
ponmocup
Ponmocup Indicators of Compromisesigned-phishing-email
pcap-broker
PCAP-over-IP server written in Golangmofang
Mofang Indicators of Compromisespookyssl-pcaps
SpookySSL PCAPS and Network Coveragedissect.esedb
A Dissect module implementing a parser for Microsofts Extensible Storage Engine Database (ESEDB), used for example in Active Directory, Exchange and Windows Update.dissect-docs
Dissect documentation projectlog4shell-pcaps
Log4Shell PCAPS and Network Coveragedissect.evidence
A Dissect module implementing a parsers for various forensic evidence file containers, currently: AD1, ASDF and EWF.dissect.ntfs
A Dissect module implementing a parser for the NTFS file system, used by the Windows operating system.dissect.eventlog
A Dissect module implementing parsers for the Windows EVT, EVTX and WEVT log file formats.saitama-server
Server-side implementation for the Saitama implant, useful for detection engineering purposesflow.record
Recordization librarydjango-auth-policy
Django Authentication Policypsixbot
PsiXBot Indicators of Compromisereasm
Extract parts of the malware and re-compile it on linux for decrypting stuff using same malware algorithms.aws-lambda-kinesis-windowseventlog
AWS lambda to transform the json from AWS kinesis agent to useful json documents for elasticsearchdissect.cim
A Dissect module implementing a parser for the Windows Common Information Model (CIM) database, used in the Windows operating system.dissect.hypervisor
A Dissect module implementing parsers for various hypervisor disk, backup and configuration files.dissect.sql
A Dissect module implementing a parsers for the SQLite database file format, commonly used by applications to store configuration data.blister-research
Scripts, YARA and IOCs from our research on the Blister malware 🩹dissect.clfs
A Dissect module implementing a parser for the CLFS (Common Log File System) file system of Windows.dissect.volume
A Dissect module implementing a parser for different disk volume and partition systems, for example LVM2, GPT and MBR.dissect.ole
A Dissect module implementing a parser for the Object Linking & Embedding (OLE) format, commonly used by document editors on Windows operating systems.dissect.vmfs
Dissect module implementing a parser for the VMFS file system, used by VMware virtualization software.dissect.regf
A Dissect module implementing a parser for Windows registry file format, used to store application and OS configuration on Windows operating systems.Invoke-BadPwdCountSprayer
dissect.fat
A Dissect module implementing parsers for the FAT and exFAT file systems, commonly used on flash memory based storage devices and UEFI partitions.dissect.shellitem
A Dissect module implementing a parser for the Shellitem structures, commonly used by Microsoft Windows.dissect.util
A Dissect module implementing various utility functions for the other Dissect modules.dissect.ffs
A Dissect module implementing a parser for the FFS file system, commonly used by BSD operating systems.dissect.xfs
A Dissect module implementing a parser for the XFS file system, commonly used by RedHat Linux distributions.dissect-workflow-templates
Workflow templates for the dissect projectsdissect_legacy
Namespace and collection package for all dissect projectsdissect.extfs
A Dissect module implementing a parser for the ExtFS file system, the native filesystem for Linux operating systems.dissect.btrfs
A Dissect module implementing a parser for the btrfs file system.dissect.etl
A Dissect module implementing a parser for Event Trace Log (ETL) files, used by the Windows operating system to log kernel events.Love Open Source and this site? Check out how you can help us