##My collection of awesome resources, tools, and other shiny things for cyber security stuffs. 😎 😈

• Automation
• DevSecOps
• Honeypots
• Host-based tools
• Incident Response tools
  • IR management consoles
  • Evidence collection
  • Threat hunting
• Network Security Monitoring (NSM)
• Network perimeter defenses
  • Firewall appliances or distributions
• Operating System distributions
• Preparedness training and wargaming
• Security Information and Event Management (SIEM)
• Service and performance monitoring
• Threat intelligence
• Tor Onion service defenses
• Transport-layer defense
• Windows-based defenses

• Autosnort - Series of bash shell scripts designed to install a fully functional, fully updated stand-alone snort sensor with an IDS event review console of your choice, on a variety of Linux distributions.
• Posh-VirusTotal - PowerShell interface to VirusTotal.com APIs.
• python-dshield - Pythonic interface to the Internet Storm Center/DShield API.
• python-sandboxapi - Minimal, consistent Python API for building integrations with malware sandboxes.
• python-stix2 - Python APIs for serializing and de-serializing Structured Threat Information eXpression (STIX) JSON content, plus higher-level APIs for common tasks.

See also awesome-devsecops.

• Git Secrets - Prevents you from committing passwords and other sensitive information to a git repository.
• Prowler - Tool based on AWS-CLI commands for Amazon Web Services account security assessment and hardening.
• Vault - Tool for securely accessing secrets such as API keys, passwords, or certificates through a unified interface.

See also awesome-honeypots.

• CanaryTokens - Self-hostable honeytoken generator and reporting dashboard; demo version available at CanaryTokens.org.

• Artillery - Combination honeypot, filesystem monitor, and alerting system designed to protect Linux and Windows operating systems.
• Fail2ban - Intrusion prevention software framework that protects computer servers from brute-force attacks.
• Open Source HIDS SECurity (OSSEC) - Fully open source and free, feature-rich, Host-based Instrusion Detection System (HIDS).

See also awesome-incident-response.

• aws_ir - Automates your incident response with zero security preparedness assumptions.

• CIRTKit - Scriptable Digital Forensics and Incident Response (DFIR) toolkit built on Viper.
• Fast Incident Response (FIR) - Cybersecurity incident management platform allowing for easy creation, tracking, and reporting of cybersecurity incidents.
• TheHive - Scalable, free Security Incident Response Platform designed to make life easier for SOCs, CSIRTs, and CERTs, featuring tight integration with MISP.
• threat_note - Web application built by Defense Point Security to allow security researchers the ability to add and retrieve indicators related to their research.

• OSXAuditor - Free macOS computer forensics tool.
• OSXCollector - Forensic evidence collection & analysis toolkit for macOS.
• ir-rescue - Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.
• Margarita Shotgun - Command line utility (that works with or without Amazon EC2 instances) to parallelize remote memory acquisition.

(Also known as hunt teaming.)

• CimSweep - Suite of CIM/WMI-based tools enabling remote incident response and hunting operations across all versions of Windows.
• DeepBlueCLI - PowerShell module for hunt teaming via Windows Event logs.
• GRR Rapid Response - Incident response framework focused on remote live forensics consisting of a Python agent installed on assets and Python-based server infrastructure enabling analysts to quickly triage attacks and perform analysis remotely.
• Hunting ELK (HELK) - All-in-one Free Software threat hunting stack based on Elasticsearch, Logstash, Kafka, and Kibana with various built-in integrations for analytics including Jupyter Notebook.
• Mozilla InvestiGator (MIG) - Platform to perform investigative surgery on remote endpoints.
• PSHunt - PowerShell module designed to scan remote endpoints for indicators of compromise or survey them for more comprehensive information related to state of those systems.
• PSRecon - PSHunt-like tool for analyzing remote Windows systems that also produces a self-contained HTML report of its findings.
• PowerForensics - All in one PowerShell-based platform to perform live hard disk forensic analysis.
• Redline - Freeware endpoint auditing and analysis tool that provides host-based investigative capabilities, offered by FireEye, Inc.
• Scout2 - Security tool that lets Amazon Web Services administrators assess their environment's security posture.

• Bro - Powerful network analysis framework focused on security monitoring.
• ChopShop - Framework to aid analysts in the creation and execution of pynids-based decoders and detectors of APT tradecraft.
• Maltrail - Malicious network traffic detection system.
• Respounder - Detects the presence of the Responder LLMNR/NBT-NS/MDNS poisoner on a network.
• Security Monkey - Monitors your AWS and GCP accounts for policy changes and alerts on insecure configurations.
• Snort - Widely-deployed, Free Software IPS capable of real-time packet analysis, traffic logging, and custom rule-based triggers.
• SpoofSpotter - Catch spoofed NetBIOS Name Service (NBNS) responses and alert to an email or log file.
• Suricata - Free, cross-platform, IDS/IPS with on- and off-line analysis modes and deep packet inspection capabilities that is also scriptable with Lua.
• Wireshark - Free and open-source packet analyzer useful for network troubleshooting or forensic netflow analysis.
• netsniff-ng - Free and fast GNU/Linux networking toolkit with numerous utilities such as a connection tracking tool (flowtop), traffic generator (trafgen), and autonomous system (AS) trace route utility (astraceroute).

• fwknop - Protects ports via Single Packet Authorization in your firewall.

• OPNsense - FreeBSD based firewall and routing platform.
• pfSense - Firewall and router FreeBSD distribution.

• Computer Aided Investigative Environment (CAINE) - Italian GNU/Linux live distribution that pre-packages numerous digital forensics and evidence collection tools.
• Security Onion - Free and open source GNU/Linux distribution for intrusion detection, enterprise security monitoring, and log management.

(Also known as adversary emulation, threat simulation, or similar.)

• APTSimulator - Toolset to make a system look as if it was the victim of an APT attack.
• Atomic Red Team - Library of simple, automatable tests to execute for testing security controls.
• DumpsterFire - Modular, menu-driven, cross-platform tool for building repeatable, time-delayed, distributed security events for Blue Team drills and sensor/alert mapping.
• Metta - Automated information security preparedness tool to do adversarial simulation.
• Network Flight Simulator (flightsim) - Utility to generate malicious network traffic and help security teams evaluate security controls and audit their network visibility.
• RedHunt OS - Ubuntu-based Open Virtual Appliance (.ova) preconfigured with several threat emulation tools as well as a defender's toolkit.

• AlienVault OSSIM - Single-server open source SIEM platform featuring asset discovery, asset inventorying, behavioral monitoring, and event correlation, driven by AlienVault Open Threat Exchange (OTX).
• Prelude SIEM OSS - Open source, agentless SIEM with a long history and several commercial variants featuring security event collection, normalization, and alerting from arbitrary log input and numerous popular monitoring tools.

See also awesome-sysadmin#monitoring.

• Icinga - Modular redesign of Nagios with pluggable user interfaces and an expanded set of data connectors, collectors, and reporting tools.
• Nagios - Popular network and service monitoring solution and reporting platform.
• OpenNMS - Free and feature-rich networking monitoring system supporting multiple configurations, a variety of alerting mechanisms (email, XMPP, SMS), and numerous data collection methods (SNMP, HTTP, JDBC, etc).
• osquery - Operating system instrumentation framework for macOS, Windows, and Linux, exposing the OS as a high-performance relational database that can be queried with a SQL-like syntax.

See also awesome-threat-intelligence.

• Active Directory Control Paths - Visualize and graph Active Directory permission configs ("control relations") to audit questions such as "Who can read the CEO's email?"
• DATA - Credential phish analysis and automation tool that can acccept suspected phishing URLs directly or trigger on observed network traffic containing such a URL.
• Forager - Multi-threaded threat intelligence gathering built with Python3 featuring simple text-based configuration and data storage for ease of use and data portability.
• GRASSMARLIN - Provides IP network situational awareness of industrial control systems (ICS) and Supervisory Control and Data Acquisition (SCADA) by passively mapping, accounting for, and reporting on your ICS/SCADA network topology and endpoints.
• MLSec Combine - Gather and combine multiple threat intelligence feed sources into one customizable, standardized CSV-based format.
• Malware Information Sharing Platform and Threat Sharing (MISP) - Open source software solution for collecting, storing, distributing and sharing cyber security indicators.
• ThreatIngestor - Extendable tool to extract and aggregate IOCs from threat feeds including Twitter, RSS feeds, or other sources.
• Unfetter - Identifies defensive gaps in security posture by leveraging Mitre's ATT&CK framework.
• Viper - Binary analysis and management framework enabling easy organization of malware and exploit samples.

See also awesome-tor.

• OnionBalance - Provides load-balancing while also making Onion services more resilient and reliable by eliminating single points-of-failure.
• Vanguards - Version 3 Onion service guard discovery attack mitigation script (intended for eventual inclusion in Tor core).

• Certbot - Free tool to automate the issuance and renewal of TLS certificates from the LetsEncrypt Root CA with plugins that configure various Web and e-mail server software.
• OpenVPN - Open source, SSL/TLS-based virtual private network (VPN).

See also awesome-windows#security and awesome-windows-domain-hardening.

• HardenTools - Utility that disables a number of risky Windows features.
• NotRuler - Detect both client-side rules and VBScript enabled forms used by the Ruler attack tool when attempting to compromise a Microsoft Exchange server.
• Sticky Keys Slayer - Establishes a Windows RDP session from a list of hostnames and scans for accessibility tools backdoors, alerting if one is discovered.
• Windows Secure Host Baseline - Group Policy objects, compliance checks, and configuration tools that provide an automated and flexible approach for securely deploying and maintaining the latest releases of Windows 10.
• WMI Monitor - Log newly created WMI consumers and processes to the Windows Application event log.

This work is licensed under a Creative Commons Attribution 4.0 International License.