DFIRJoe

ClickHouse

ClickHouse® is a real-time analytics DBMS

osquery

SQL powered operating system instrumentation, monitoring, and analytics.

ILSpy

.NET Decompiler with support for PDB generation, ReadyToRun, Metadata (&more) - cross-platform!

nuclei

Fast and customizable vulnerability scanner based on simple YAML based DSL.

trufflehog

Find, verify, and analyze leaked credentials

chisel

A fast TCP/UDP tunnel over HTTP

evilginx2

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication

subfinder

Fast passive subdomain enumeration tool.

nuclei-templates

Community curated list of templates for the nuclei engine to find security vulnerabilities.

kbd-audio

🎤⌨️ Acoustic keyboard eavesdropping

awesome-hacker-search-engines

A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

Havoc

The Havoc Framework.

flare-vm

A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.

sshfs-win

SSHFS For Windows

hoaxshell

A Windows reverse shell payload generator and handler that abuses the http(s) protocol to establish a beacon-like reverse shell.

APTSimulator

A toolset to make a system look as if it was the victim of an APT attack

EVTX-ATTACK-SAMPLES

Windows Events Attack Samples

DeepBlueCLI

detection-rules

speakeasy

Windows kernel and user mode emulation.

bulk_extractor

This is the development tree. Production downloads are at:

dissect

Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats, developed by Fox-IT (part of NCC Group).

magento-malware-scanner

Scanner, signatures and the largest collection of Magento malware

DFIRArtifactMuseum

The goal of this repo is to archive artifacts from all versions of various OS's and categorizing them by type. This will help with artifact validation processes as well as increase access to artifacts that may no longer be readily available anymore.

ntfstool

Forensics tool for NTFS (parser, mft, bitlocker, deleted files)

pySigma

Python library to parse and convert Sigma rules into queries (and whatever else you could imagine)

RITA-J

Implementation of RITA (Real Intelligence Threat Analytics) in Jupyter Notebook with improved scoring algorithm.

hayabusa-rules

Curated Windows event log Sigma rules used in Hayabusa and Velociraptor.

sigma-cli

The Sigma command line interface based on pySigma

EvtxHussar

Initial triage of Windows Event logs