security
Userland API monitor for threat hunting.
Captain is an endpoint monitoring tool that aims at spotting malicious events through API hooking, improving the process of threat hunting analysis . When a new process is created, Captain will inject a dll into it hooking some Windows API functions.
Live hunting of code injection techniques.
Memhunter is an endpoint sensor tool that is specialized in detecing resident malware, improving the threat hunter analysis process and remediation times. The tool detects and reports memory-resident malware living on endpoint processes. Memhunter detects known malicious memory injection techniques. The detection process is performed through live analysis and without needing memory dumps. The tool was designed as a replacement of memory forensic volatility plugins such as malfind and hollowfind. The idea of not requiring memory dumps helps on performing the memory resident malware threat hunting at scale, without manual analysis, and without the complex infrastructure needed to move dumps to forensic environments.
The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.
The OWASP Amass Project has developed a framework to help information security professionals perform network mapping of attack surfaces and external asset discovery using open source intelligence gathering and reconnaissance techniques.
#1 Active Directory security assessment community tool
Active Directory, Azure AD (now called Entra ID), and Okta vulnerabilities can give attackers virtually unrestricted access to your organization’s network and resources. Semperis built Purple Knight—a free AD, Azure AD, and Okta security assessment tool—to help you discover indicators of exposure (IoEs) and indicators of compromise (IoCs) in your hybrid AD environment. Download Purple Knight and dramatically reduce your AD attack surface today.
PowerHuntShares is an audit script designed in inventory, analyze, and report excessive privileges configured on Active Directory domains.
PowerHuntShares is PowerShell tool designed to help cybersecurity teams and penetration testers better identify, understand, attack, and remediate SMB shares in the Active Directory environments they protect.
Sources:
Fully customisable, offensive security reporting solution designed for pentesters, red teamers and other security-related people alike.
SysReptor is a fully customisable, offensive security reporting solution designed for pentesters, red teamers and other security-related people alike. You can create designs based on simple HTML and CSS, write your reports in user-friendly Markdown and convert them to PDF with just a single click, in the cloud or self-hosted!
Free Online Ethical Hacking Course
This course is a perfect starting point for Information Security Professionals who want to learn penetration testing and ethical hacking, but are not yet ready to commit to a paid course. We will teach you how to use Metasploit, in a structured and intuitive manner.
PersistenceSniper is a Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines. It is also available on Powershell Gallery and it is digitally signed with a valid code signing certificate. The tool is under active development with new releases coming out by the week, so make sure to use the up-to-date version. Official Twitter/X account @PersistSniper.
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics. These cheat sheets were created by various application security professionals who have expertise in specific topics.
Velociraptor is an advanced digital forensic and incident response tool that enhances your visibility into your endpoints.
Velociraptor is a tool for collecting host based state information using The Velociraptor Query Language (VQL) queries.
Biometric liveness detection encyclopedia.
Everything you wanted to know about Biometric Security, Liveness Detection, Spoofing Attacks, and Antispoofing Measures.
🕵️♂️ All-in-one OSINT tool for analysing any website. Comprehensive, on-demand open source intelligence for any website.
Get an insight into the inner-workings of a given website: uncover potential attack vectors, analyse server architecture, view security configurations, and learn what technologies a site is using.
Related contents:
Extract, gather and analyze information from an Android Manifest file or an APK.
AMAnDe stands for Android Manifest Anomaly Detector. It's a new tool whose objective is to extract and gather information from an Android Manifest. When we deal with huge Manifests, it is often difficult to get all relevant datas (like deeplink URIs, exported provider, etc.) With AMAnDe all of this information is deeply analyzed and presented to you in a simple manner.
Remote Shellcode Injector.
Remote shellcode injector, based on HWSyscalls by ShorSec, leveraging undetectable (currently) indirect native syscalls to inject shellcode into another process, creating a thread and executing it.
Pentest Report Generator.
PwnDoc is a pentest reporting application making it simple and easy to write your findings and generate a customizable Docx report. The main goal is to have more time to Pwn and less time to Doc by mutualizing data like vulnerabilities between users.
Related contents:
📙 Markdown Templates for Offensive Security OSCP, OSWE, OSCE, OSEE, OSWP exam report .
I created an Offensive Security Exam Report Template in Markdown so LaTeX, Microsoft Office Word, LibreOffice Writer are no longer needed during your Offensive Security OSCP, OSWE, OSEE, OSWP, OSEP, OSED, OSWA, OSDA, OSMR exam!
Rapidly Search and Hunt through Windows Forensic Artefacts.
Chainsaw provides a powerful ‘first-response’ capability to quickly identify threats within Windows forensic artefacts such as Event Logs and MFTs. Chainsaw offers a generic and fast method of searching through event logs for keywords, and by identifying threats using built-in support for Sigma detection rules, and via custom Chainsaw detection rules.
Vous y trouverez l’ensemble des informations pour vous initier à la cybersécurité, approfondir vos connaissances, et ainsi agir efficacement sur la protection de vos outils numériques. Ce dispositif est accessible gratuitement. Le suivi intégral de ce dispositif vous fera bénéficier d’une attestation de réussite.
Wordfence malware scanner command line utility.
Wordfence CLI is a multi-process malware scanner written in Python. It's designed to have low memory overhead while being able to utilize multiple cores for scanning large filesystems for malware. Wordfence CLI uses libpcre over Python's existing regex libraries for speed and compatibility with our signature set.
Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, and case management. It also includes other tools such as Playbook, osquery, CyberChef, Elasticsearch, Logstash, Kibana, Suricata, and Zeek.
An Open Source Network Security Monitoring Tool Zeek (formerly Bro) is the world’s leading platform for network security monitoring.
Flexible, open source, and powered by defenders.
The HackerNoon Library.
THE LEARN REPO orders technology stories by editor determined subject matter and community determined time reading created. It is an open source lever within the HackerNoon Story Classification System.
Helping organizations to better understand and improve their management of cybersecurity risk.
Framework for Improving Critical Infrastructure Cybersecurity
The wargames offered by the OverTheWire community can help you to learn and practice security concepts in the form of fun-filled games.
Cybersecurity hacking e-learning game
The Bandit wargame is aimed at absolute beginners. It will teach the basics needed to be able to play other wargames. If you notice something essential is missing or have ideas for new levels, please let us know!
A CLI tool and Go library for generating a Software Bill of Materials (SBOM) from container images and filesystems.
DFIQ is a collection of Digital Forensics Investigative Questions and the approaches to answering them. The goal of the project is to build a comprehensive catalog of investigative knowledge to help drive consistent, thorough, and explainable investigations.
Lfi Scan Tool.
LFI Space is a robust and efficient tool designed to detect Local File Inclusion (LFI) vulnerabilities in web applications. This tool simplifies the process of identifying potential security flaws by leveraging two distinct scanning methods: Google Dork Search and Targeted URL Scan. With its comprehensive approach, LFI Space assists security professionals, penetration testers, and ethical hackers in assessing the security posture of web applications.
Filter your HTML the standards-compliant way!
HTML Purifier is an HTML filtering solution that uses a unique combination of robust whitelists and aggressive parsing to ensure that not only are XSS attacks thwarted, but the resulting HTML is standards compliant.
HTML Purifier is oriented towards richly formatted documents from untrusted sources that require CSS and a full tag-set. This library can be configured to accept a more restrictive set of tags, but it won't be as efficient as more bare-bones parsers. It will, however, do the job right, which may be more important.
Produces persistent, respawning "super" cookies in a browser, abusing over a dozen techniques. Its goal is to identify users after they've removed standard cookies and other privacy data such as Flash cookies (LSOs), HTML5 storage, SilverLight storage, and others.
The goal of pestudio is to spot artifacts of executable files in order to ease and accelerate Malware Initial Assessment. The tool is used by Computer Emergency Response Teams (CERT), Security Operations Centers (SOC) and Digital-Forensic Labs worldwide.
wholeaked is a file-sharing tool that allows you to find the responsible person in case of a leakage. It's written in Go.
Track C2 over time by framework and location.
C2Live is an open-source project aimed at providing a comprehensive and interactive platform for tracking Command and Control (C2) malicious IP addresses over time.
Merlin is a cross-platform post-exploitation Command & Control server and agent written in Go.
Wolfi is a community Linux OS designed for the container and cloud-native era. Chainguard started the Wolfi project to enable building Chainguard Images, our collection of curated distroless images that meet the requirements of a secure software supply chain. This required a Linux distribution with components at the appropriate granularity and with support for both glibc and musl, something that was not yet available in the cloud-native Linux ecosystem.
OpenBullet is a webtesting suite that allows to perform requests towards a target webapp and offers a lot of tools to work with the results. This software can be used for scraping and parsing data, automated pentesting, unit testing through selenium and much more.
Kismet is a sniffer, WIDS, and wardriving tool for Wi-Fi, Bluetooth, Zigbee, RF, and more, which runs on Linux and macOS.
AirSnort is a wireless LAN (WLAN) tool which cracks encryption keys on 802.11b WEP networks. AirSnort operates by passively monitoring transmissions, computing the encryption key when enough packets have been gathered.
🤖 The Modern Port Scanner 🤖.
RustScan is a modern take on the port scanner. Sleek & fast. All while providing extensive extendability to you.
Not to mention RustScan uses Adaptive Learning to improve itself over time, making it the best port scanner for you.
TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
This is an Internet-scale port scanner. It can scan the entire Internet in under 5 minutes, transmitting 10 million packets per second, from a single machine.
Network recon framework.
IVRE is an open-source framework for network recon. It relies on open-source well-known tools (Nmap, Masscan, ZGrab2, ZDNS and Zeek (Bro)) to gather data (network intelligence), stores it in a database (MongoDB is the recommended backend), and provides tools to analyze it.
Official cross-platform Nmap Security Scanner GUI.
Zenmap is the official Nmap Security Scanner GUI. It is a multi-platform (Linux, Windows, Mac OS X, BSD, etc.) free and open source application which aims to make Nmap easy for beginners to use while providing advanced features for experienced Nmap users. Frequently used scans can be saved as profiles to make them easy to run repeatedly. A command creator allows interactive creation of Nmap command lines. Scan results can be saved and viewed later. Saved scan results can be compared with one another to see how they differ. The results of recent scans are stored in a searchable database.
View the content of Windows Prefetch (.pf) files.
WinPrefetchView is a small utility that reads the Prefetch files stored in your system and displays the information stored in them. By looking in these files, you can learn which files every application is using, and which files are loaded on Windows boot.
Management tool for the information security management system.
To manage the security of their information system, organizations must set up a set of security measures and regularly check that these measures are effective and effective. These regular checks make it possible to guarantee that the security measures implemented place achieve their security objectives.
Deming is a tool for managing, planning, tracking and reporting the effectiveness of security controls.
This management of controls must allow the implementation of adequate and proportionate security. This approach is in line with the recommendations of ISO / IEC 27001:2013, chapter 9 which deals with performance evaluation.
PowerLessShell rely on MSBuild.exe to remotely execute PowerShell scripts and commands without spawning powershell.exe. You can also execute raw shellcode using the same approach.
Two-Factor Authentication for SSH with PAM Support (pam_duo).
Duo Unix includes a PAM module or alternatively a stand alone executable that can be used to protect programs such as SSH or Sudo.
Duo can be easily added to any Unix system to protect remote (SSH) or local logins with the addition of a simple pam_duo PAM module. It has been tested on Linux (RedHat, Fedora, CentOS, Debian, Ubuntu, Amazon Linux), BSD (FreeBSD, NetBSD, OpenBSD), Solaris, and AIX.
Hardened Containers, Faster Teams, Secure Software.
Automatically eliminate unused software components and deploy smaller, faster, more secure workloads.
RedCloud OS is a Debian based Cloud Adversary Simulation Operating System for Red Teams to assess the security of leading Cloud Service Providers (CSPs). It includes tools optimized for adversary simulation tasks within Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP).
Puis-je vous demander une copie de tous vos emails, de vos messages et photos sur Facebook, et de tous les fichiers sur votre ordinateur ? J’aimerais tout savoir sur votre vie privée.
Check NPM packages for manifest confusion.
A python script to check npm packages for manifest mismatches.
Get Active Directory Security at 80% in 20% of the time.
PingCastle is an Active Directory vunerability and misconfiguration scanner.
(Snap)shot SHA256 hashes of wireless access points to determine whether something has changed since your last visit (e.g. rogue AP), plus detect airbase-ng in use.
A highly customized arch-based distro For All Cybersecurity fields.
RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact. PyRDP is a Python Remote Desktop Protocol (RDP) Monster-in-the-Middle (MITM) tool and library.
OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security training. With dozens of vulnerabilities and hints to help the user; this is an easy-to-use web hacking environment designed for labs, security enthusiast, classrooms, CTF, and vulnerability assessment tool targets.
OpenCVE is the easiest way to track CVE updates and be alerted about new vulnerabilities.
OpenCVE is a platform used to locally import the list of CVEs and perform searches on it (by vendors, products, CVSS, CWE...). Users subscribe to vendors or products, and OpenCVE alerts them when a new CVE is created or when an update is done in an existing CVE.
Artica V4 is an appliance based on Debian 10 Operating system. Your can install it on the Hardware or Virtual Machine of your choice and get a Web Gateway appliance within minutes.