Giters

cudeso / awesome-csirt

Awesome CSIRT is an curated list of links and resources in security and CSIRT daily activities.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

CSIRT Awesome

*Please contribute through pull requests- ;)

Another great list: awesome-incident-response

Books

Links

Hashing

CVEs

  • Some CVEs stuff and links here and in here
  • MikroTik search on shodan.
  • TROMMEL: Sift Through Directories of Files to Identify Indicators That May Contain Vulnerabilities
  • cve_manager: A python script that a) parses NIST NVD CVEs, b) prcoesses and exports them to CSV files, c) creates a postgres database and imports all the data in it, d) provides query capabilities for this CVEs database.
  • dorkbot: Command-line tool to scan Google search results for vulnerabilities.

Malware Analysis

Web Malwares

Samples

Repos

  • A repository of LIVE malwares for your own joy and pleasure: theZoo
  • malware.one is a binary substring searchable malware catalog containing terabytes of malicious code.
  • Beginner Malware Reversing Challenges, by MalwareTech. repo
  • MalwareWorld: Check for Suspicious Domains and IPs. Repo: MalwareWorld: System based on +500 blacklists and 5 external intelligences to detect internet potencially malicious hosts
  • C2Matrix: The goal of this site is to point you to the best C2 framework for your needs based on your adversary emulation plan and the target environment
  • LOLBITS: C2 framework that uses Background Intelligent Transfer Service (BITS) as communication protocol and Direct Syscalls + Dinvoke for EDR user-mode hooking evasion.
  • MalwareBazaar: is a project from abuse.ch with the goal of sharing malware samples with the infosec community, AV vendors and threat intelligence providers.
  • What is MWDB Core? mwdb-core: Malware repository component for samples & static configuration with REST API interface.

Ransomwares

Virus/Anti-Virus

Trojans/Loggers

Malware Articles and Sources

Reverse Engineering

Decompilers

Yara

Ghidra

Frameworks

Patching

  • Did Microsoft Just Manually Patch Their Equation Editor Executable? Why Yes, Yes They Did. (CVE-2017-11882)

Hardening

WebServers

Credentials

Tokens

Secure Programming

Web Training

SAST

Secure Web dev

Formal Analysis

Fuzzing

API

REST

CTFs

CTFs tools

  • CTFs-Exploits
  • nc-chat-ctf: Chat Server for CTF Players wrapped in SSL.
  • thg-framework
  • Super-Guesser-ctf
  • Ciphr: CLI crypto swiss-army knife for performing and composing encoding, decoding, encryption, decryption, hashing, and other various cryptographic operations on streams of data from the command line; mostly intended for ad hoc, infosec-related uses.

Phreak

Archs

Hardware

ARM

Pentesting

  • Seclists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place.
  • Search operating systems on the network: osquery
  • osquery Across the Enterprise
  • fleet: The premier osquery fleet manager.
  • Penetration Testing Cheat Sheet For Windows Machine – Intrusion Detection
  • Zero Day Zen Garden:
    • Windows Exploit Development - Part 0
    • Windows Exploit Development - Part 1
    • Windows Exploit Development - Part 2
    • Windows Exploit Development - Part 3
    • Windows Exploit Development - Part 4
  • Got Meterpreter? PivotPowPY!
  • Pentest Tips and Tricks
  • Script to steal passwords from ssh.
  • Network Infrastructure Penetration Testing Tool
  • tcp connection hijacker
  • "EAST" PENTEST FRAMEWORK
  • Pown.js: is the security testing an exploitation framework built on top of Node.js and NPM.
  • Sandmap is a tool supporting network and system reconnaissance using the massive Nmap engine.
  • trackerjacker: Like nmap for mapping wifi networks you're not connected to, plus device tracking
  • TIDoS-Framework: The offensive web application penetration testing framework.
  • GitMiner: Tool for advanced mining for content on Github
  • DHCPwn: All your IPs are belong to us.
  • badKarma: advanced network reconnaissance toolkit.
  • Danger-zone: Correlate data between domains, IPs and email addresses, present it as a graph and store everything into Elasticsearch and JSON files.
  • go-tomcat-mgmt-scanner: A simple scanner to find and brute force tomcat manager logins
  • IoTSecurity101: From IoT Pentesting to IoT Security
  • IoT Pentesting and IoT-PT: A Virtual environment for Pentesting IoT Devices
  • red_team_telemetry
  • SharpSploitConsole: SharpSploit Console is just a quick proof of concept binary to help penetration testers or red teams with less C# experience play with some of the awesomeness that is SharpSploit.
  • CrackMapExec: A swiss army knife for pentesting networks
  • DarkSpiritz: A penetration testing framework for Linux, MacOS, and Windows systems.
  • proxycannon-ng: A private botnet using multiple cloud environments for pentesters and red teamers. - Built by the community during a hackathon at the WWHF 2018 security conference
  • PentestHardware: Kinda useful notes collated together publicly
  • MarkBaggett’s gists: This is a collection of code snippets used in my Pen Test Hackfest 2018 Presentation.
  • Serverless Toolkit for Pentesters
  • pentest_scripts: scrapes linkedin and generates emails list.
  • Penetration Testing Tools Cheat Sheet ∞: Penetration testing tools cheat sheet, a quick reference high level overview for typical penetration testing engagements. Designed as a quick reference cheat sheet providing a high level overview of the typical commands you would run when performing a penetration test.
  • shellver: Reverse Shell Cheat Sheet TooL
  • IVRE: Network recon framework (github).
  • (pt-br) DomainInformation: Tool para a identificação de arquivos, pastas, servidores DNS, E-mail. Tenta fazer transferência de zona, Busca por subdomínios e por ultimo, procura por portas abertas em cada ip dos subdomínios.. Desfrutem =)
  • GTRS: GTRS - Google Translator Reverse Shell
  • Spawning a TTY Shell: Often during pen tests you may obtain a shell without having tty, yet wish to interact further with the system.
  • LeakLooker: Find Open Databases in Seconds. github
  • pown-recon: A powerful target reconnaissance framework powered by graph theory.
  • Micro8: The Micro8 series is suitable for junior and intermediate security practitioners, Party B security testing, Party A security self-test, network security enthusiasts, etc., enterprise security protection and improvement, the series complies with: Free, free, shared, open source.
  • Payloads All The Things: A list of useful payloads and bypasses for Web Application Security. Feel free to improve with your payloads and techniques!
  • Penetration Test Guide based on the OWASP + Extra: This guid is for the penetration testers seeking for the appropriate test cases required during a penetration test project. I rearranged the OWASP Testing Guide v4 from my point of view including 9 Test Classes and each class has several Test Cases to conduct against the target. Each Test Case covers several OWASP tests which also is useful for the report document. I've also added 15 extra Tests Cases marked by the EXTRA-TEST. I hope it will be useful in both penetration test projects and bug-bounty.
  • OWASP ZAP w2019-10-14 released: pentesting tool for finding vulnerabilities in web applications.
  • Order of the Overflow Proxy Service
  • liffy: Local file inclusion exploitation tool
  • foxyproxy.json: Some of these might be legacy and no longer catching any traffic, but unless you're actually pentesting Mozilla or Google, it shouldn't matter
  • pentest_compilation: Compilation of commands, tips and scripts that helped me throughout Vulnhub, Hackthebox, OSCP and real scenarios.
  • Linux for Pentester: ZIP Privilege Escalation
  • Presentation Clickers: Keystroke injection vulnerabilities in wireless presentation clickers.
  • postwoman: alien API request builder - A free, fast, and beautiful alternative to Postman.
  • Better API Penetration Testing with Postman:
  • DNS and DHCP Recon using Powershell
  • SiteBroker: A cross-platform python based utility for information gathering and penetration testing automation!
  • PENTESTING-BIBLE: This repository was created and developed by Ammar Amer @cry__pto Only. Updates to this repository will continue to arrive until the number of links reaches 10000 links & 10000 pdf files .Learn Ethical Hacking and penetration testing .hundreds of ethical hacking & penetration testing & red team & cyber security & computer science resources.
  • Nikto web server scanner.
  • NetAss2: Network Assessment Assistance Framework.
  • CSS Injection Primitives
  • physical-docs: This is a collection of legal wording and documentation used for physical security assessments. The goal is to hopefully allow this as a template for other companies to use and to protect themselves when conducting physical security assessments.
  • pentest-tools: Custom pentesting tools.
  • HACKING WITH ENVIRONMENT VARIABLES: Interesting environment variables to supply to scripting language interpreters
  • rootend: A *nix Enumerator & Auto Privilege Escalation tool.
  • DroneSploit: Drone pentesting framework console.
  • HAck Tricks(Pentesting Methodology): Here you will find the typical flow that you should follow when pentesting one or more machines.
  • Huawei_Thief: Huawei DG8045 & HG633 Devices Exploitation Tool
  • urldozer: Perform operations on URLs like extracting paths, parameter names and/or values, domain name, host name (without HTTP[s]).
  • Pentesting Cheatsheets
  • Snaffler: a tool for pentesters to help find delicious candy, by @l0ss and @Sh3r4 ( Twitter: @/mikeloss and @/sh3r4_hax )
  • Several ways to download and execute malicious codes (LOLBAS)
  • Jok3r: Network and Web Pentest Automation Framework. site
  • Penetration Testing Cheat Sheet
  • BBT- Bug Bounty Tools
  • P4wnP1 A.L.O.A. by MaMe82 is a framework which turns a Rapsberry Pi Zero W into a flexible, low-cost platform for pentesting, red teaming and physical engagements ... or into "A Little Offensive Appliance".
  • AriaCloud: A Docker container for remote penetration testing.
  • RustScan: The Modern Day Port Scanner.
  • Impacket: is a collection of Python classes for working with network protocols.
  • fiddler: Capturing web traffic logs
  • SecLists: is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
  • 21 - Pentesting FTP
  • PwnWiki.io is a collection TTPs (tools, tactics, and procedures) for what to do after access has been gained. The notes section of the pentesters mind.
  • post-exploitation: Post Exploitation Collection.
  • Proxyjump, the SSH option you probably never heard of
  • GLORP: A CLI-based HTTP intercept and replay proxy
  • Sec4US's cheatsheets: a lot of cheatsheets about shellcoding and bufferoverflow.
  • Pentesting 101: Working With Exploits
  • SMB AutoRelay: SMB Auto Relay provides the automation of SMB/NTLM Relay technique for pentesting and red teaming exercises in active directory environments.
  • Decoder++: An extensible application for penetration testers and software developers to decode/encode data into various formats.
  • SCShell: Fileless lateral movement tool that relies on ChangeServiceConfigA to run command.
  • bulwark: An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.

Reconnaissance

Enumeration

WebShells

ShellCodes

Reporting

OSINT - Open Source INTelligence

OSINT Webscraping

  • OSINT framework focused on gathering information from free tools or resources.
  • h8mail: Password Breach Hunting & Email OSINT tool, locally or using premium services. Supports chasing down related email
  • PwnBin: Python Pastebin Webcrawler that returns list of public pastebins containing keywords
  • ODBParser: OSINT tool to search, parse and dump only the open Elasticsearch and MongoDB directories.
  • pastego: Scrape/Parse Pastebin using GO and expression grammar (PEG)

OSINT Chats

  • chatter: internet monitoring osint telegram bot for windows
  • Slackhound: Slackhound allows red and blue teams to perform fast reconnaissance on Slack workspaces/organizations to quickly search user profiles, locations, files, and other objects.

Vulnerability

WAFs

'';!--"<XSS>=&{()}

<IMG SRC="javascript:alert('XSS');">

<IMG SRC="jav&#x09;ascript:alert('XSS');">

<IMG SRC="jav&#x0A;ascript:alert('XSS');">

<IMG SRC="jav&#x0D;ascript:alert('XSS');">

<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
SELECT-1e1FROM`test`
SELECT~1.FROM`test`
SELECT\NFROM`test`
SELECT@^1.FROM`test`
SELECT-id-1.FROM`test`

Exploits

Bug Bounty

Web Exploitation

Burp Suite

Red Team

Command & Control (C2)

  • Cobalt Strike: is software for Adversary Simulations and Red Team Operations. 4.2 release notes
  • CrossC2: generate CobaltStrike's cross-platform payload
  • Cobalt-Strike-CheatSheet: Some notes and examples for cobalt strike's functionality
  • Octopus: Open source pre-operation C2 server based on python and powershell
  • Covenant: Covenant is a collaborative .NET C2 framework for red teamers.

Purple Team

  • Purple Cloud: An Infrastructure as Code (IaC) deployment of a small Active Directory pentest lab in the cloud. The deployment simulates a semi-realistic corporate enterprise Active Directory with a DC and endpoints. Purple team goals include blue team detection capabilities and R&D for detection engineering new approaches. On kiploit

DNS

Exfiltration

Payloads

Phishing

  • Phishing on Twitter
  • evilginx2: Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication.
  • shellphish: Phishing Tool for 18 social media: Instagram, Facebook, Snapchat, Github, Twitter, Yahoo, Protonmail, Spotify, Netflix, Linkedin, Wordpress, Origin, Steam, Microsoft, InstaFollowers, Gitlab, Pinterest
  • pompa: Fully-featured spear-phishing toolkit - web front-end.
  • ..Modlishka..: Modlishka is a flexible and powerful reverse proxy, that will take your phishing campaigns to the next level (with minimal effort required from your side).
  • Using phishing tools against the phishers — and uncovering a massive Binance phishing campaign.
  • Lure: User Recon Automation for GoPhish
  • PhishingKitTracker: An extensible and freshly updated collection of phishingkits for forensics and future analysis topped with simple stats.

Forensics

  • Cracking Linux Full Disk Encryption (LUKS) with hashcat - The Forensic way!
  • O-Saft: OWASP SSL advanced forensic tool
  • PcapXray - A Network Forensics Tool - To visualize a Packet Capture offline as a Network Diagram including device identification, highlight important communication and file extraction
  • swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics
  • The Sleuth Kit® (TSK) is a library and collection of command line digital forensics tools that allow you to investigate volume and file system data
  • Invoke-LiveResponse
  • Linux Forensics
  • CDQR: The Cold Disk Quick Response (CDQR) tool is a fast and easy to use forensic artifact parsing tool that works on disk images, mounted drives and extracted artifacts from Windows, Linux and MacOS devices
  • mac_apt: macOS Artifact Parsing Tool
  • MacForensics: Repository of scripts for processing various artifacts from macOS (formerly OSX).
  • imago-forensics: Imago is a python tool that extract digital evidences from images.
  • remedi-infrastructure: setup and deployment code for setting up a REMEDI machine translation cluster
  • Tsurugi Linux is a new DFIR open source project that is and will be totally free, independent without involving any commercial brand
  • libelfmaster: Secure ELF parsing/loading library for forensics reconstruction of malware, and robust reverse engineering tools
  • usbrip (derived from "USB Ripper", not "USB R.I.P." 😲) is an open source forensics tool with CLI interface that lets you keep track of USB device artifacts (aka USB event history, "Connected" and "Disconnected" events) on Linux machines.
  • Digital Forensics and Incident Response: This post is inspired by all the hard working DFIR, and more broadly security professionals, who have put in the hard yards over the years to discuss in depth digital forensics and incident response.
  • KAPE - Kroll Artifact Parser And Extractor: Find, collect and process forensically useful artifacts in minutes. blog post. KAPE docs and KAPE Files
  • AVML(Acquire Volatile Memory for Linux).
  • turbinia: Automation and Scaling of Digital Forensics Tools
  • Eric Zimmerman's Tools
  • MacQuisition: A powerful, 4-in-1 forensic imaging software solution for Macs for triage, live data acquisition, targeted data collection, and forensic imaging.
  • Kuiper: Digital Forensics Investigation Platform
  • file Signatures:
  • PowerForensics: PowerForensics provides an all in one platform for live disk forensic analysis. Powershell
  • OfficeForensicTools: A set of tools for collecting forensic information.

Distros

Volatility

Blue Team

Threat Hunting

MISP

  • MISP (core software) - Open Source Threat Intelligence Platform (formely known as Malware Information Sharing Platform)
  • MISP galaxy: Clusters and elements to attach to MISP events or attributes (like threat actors)
  • DigitalSide Threat-Intel: Threat-Intel repository. API
  • MISP-sizer: Sizing your MISP instance.
  • MISP CERT.br
  • misp-warninglist: Warning lists to inform users of MISP about potential false-positives or other information in indicators
  • MISP-maltego: Set of Maltego transforms to inferface with a MISP Threat Sharing instance, and also to explore the whole MITRE ATT&CK dataset.
  • misp-modules: Modules for expansion services, import and export in MISP
  • misp-taxonomies: Taxonomies used in MISP taxonomy system and can be used by other information sharing tool.
  • PyMISP: Python library using the MISP Rest API

APT - Advanced Persistent Threat

IoCs

SIEM

Browsers

Browsers Addons

Operating Systems

UEFI

Windows

Active Directory

Mimikatz

Powershell

Office and O/365

macOS/iOS

Android

Linux/ *Nix

Cloud

AWS

Risk Assessment and Vulnerability Management

Guidelines

ICS (SCADA)

  • GRASSMARLIN: Provides situational awareness of Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) networks in support of network security assessments.

Radio

Satellite

Social Engineering

Tools

IP Reputation

Shell tools

  • Python-Scripts: some scripts for penetration testing.
  • SubEnum: bash script for Subdomain Enumeration
  • password-store: Simple password manager using gpg and ordinary unix directories.

Search Engines

VPN

  • jigsaw project by Alphabet/Google. Outline: VPN Server.
  • SSHuttle: Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.
  • WireGuard: is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPSec, while avoiding the massive headache.
  • Crockford’s base 32 encoding: Crockford’s base 32 encoding is a compromise between efficiency and human legibility.
  • Sputnik -An Open Source Intelligence Browser Extension
  • PCredz: This tool extracts Credit card numbers, NTLM(DCE-RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc from a pcap file or from a live interface.
  • uncaptcha2: defeating the latest version of ReCaptcha with 91% accuracy
  • Nefarious LinkedIn: A look at how LinkedIn spies on its users.
  • ProtonVPN-CLI: Linux command-line client for ProtonVPN. Written in Python.

Secure Sharing

  • CryFS: Keep your data safe in the cloud. code
  • Cryptomator: Multi-platform transparent client-side encryption of your files in the cloud. code
  • VeraCrypt: is a free open source disk encryption software for Windows, Mac OSX and Linux.
  • CipherShed: is a program that can be used to create encrypted files or encrypt entire drives (including USB flash drives and external HDDs). code
  • Boxcryptor: Security for your Cloud.
  • Nextcloud E2E: End-to-end encryption RFC. Some old news about it
  • DiskCryptor is an open encryption solution that offers encryption of all disk partitions, including the system partition. code
  • ProjectSend is a free, open source software that lets you share files with your clients, focused on ease of use and privacy. It supports clients groups, system users roles, statistics, multiple languages, detailed logs... and much more!

General

Configs

Training and Certifications

Conferences and Slides

Sources

Some good places to visit:

Fun

CFPs

2018

Articles

Other Repos

About

Awesome CSIRT is an curated list of links and resources in security and CSIRT daily activities.

License:GNU General Public License v3.0

Languages

Language:C 62.5%Language:Lua 24.6%Language:Python 10.6%Language:PowerShell 2.3%