This is your work, valued
sslsplit. Transparent SSL/TLS interception
★ 1.9kxnumon. monitor macOS for malicious activity
★ 237acefile. read/test/extract ACE 1.0 and 2.0 archives in pure python
★ 79example.kext. Makefile for building macOS kernel extensions
★ 72hopper-scripts. Scripts for Hopper Disassembler
★ 54binja-blocks. Apple Blocks Plugin for Binary Ninja
★ 33sqlite-hexhammdist. Hamming distance between hex strings in SQLite
★ 25fiked. IPsec IKEv1 PSK+XAUTH MitM attack daemon
★ 24sslsniff. A tool for automated MITM attacks on SSL connections.
★ 22rosefs. ROck-Solid Encrypted File System
★ 9aspsms. Ruby ASPSMS - aspsms.com short message service gateway library and client
★ 5sctp-services. Mock SCTP network services for testing port scanners and clients
★ 3torpy. Pure python Tor client implementation
★ 2dwarfcorp. An open-source 3D colony management game for PC, Mac and Linux
★ 1zcw. Inofficial fork of CyberAbuse Whois by Philippe Bourcier
★ 1uvnav. UV Navigator - Auswertungsvisualisierung fuer Universum V
★ 1zmap. ZMap is a fast single packet network scanner designed for Internet-wide network surveys.
★ 1ClearSword. C
★ 36macchk. 🎤 mic check! checksec for Mach-O executables
★ 31OTABase. OTABase is an over-the-air testing framework for detecting memory crashes in commercial LTE basebands.
★ 11usbip-macos. A USB/IP client for macOS
★ 16Thirteen. Header only minimalist interface to graphics, inspired by the olden days of mode 13h
★ 242BGPalerter. BGP and RPKI monitoring tool. Pre-configured for real-time detection of visibility loss, RPKI invalid announcements, hijacks, ROA misconfiguration, and more.
★ 1kKDU. Kernel Driver Utility
★ 2.6kOpenEmuXPCCommunicator. Framework allowing applications to establish XPC communications between the main app and background processes
★ 69pysiphash. SipHash in Python
★ 46flexdecrypt. Decrypt iOS Apps and Mach-O binaries
★ 733apple-tools. A collection of tools for working with Apple software/hardware
★ 296UnFairPlay. Decrypt FairPlay encrypted executable binaries on macOS
★ 217FEX. A fast usermode x86 and x86-64 emulator for Arm64 Linux
★ 7.7kdynarmic. An ARM dynamic recompiler.
★ 78books. Free Accounting Software
★ 4.8ksandblaster_26. Extract sandbox profiles from the sandbox kernel extension
★ 21aarch64_kernel. A kernel for aarch64
★ 17aarch64_bootloader. A bootloader for my aarch64 kernel
★ 2unicorn. Unicorn CPU emulator framework (ARM, AArch64, M68K, Mips, Sparc, PowerPC, RiscV, S390x, TriCore, X86)
★ 9.1kmarko. A markdown parser with high extensibility.
★ 461continuity. Apple Continuity Protocol Reverse Engineering and Dissector
★ 663kernelhook. Windows inline hooking tool.
★ 309spytrap-wifi. Test a phone for stalkerware using a wifi hotspot and deep packet inspection
★ 15spytrap-adb. Test a phone for stalkerware using adb and usb debugging to scan for suspicious apps and configuration
★ 146simulator-trainer. Simulator tweak injection and helpers
★ 192liblpm. A high-performance C library for Longest Prefix Match (LPM) lookups, supporting both a multi-bit trie of 8-bit stride for IPv4 and a wide multi-level 16-bit stride for IPv6, featuring runtime dynamic SIMD dispatching (SSE2, SSE4.2, AVX, AVX2, AVX512F) for optimal performance and throughput on any CPU architecture.
★ 23libdnet. libdnet provides a simplified, portable interface to several low-level networking routines.
★ 187rxtls. rxtls is a hyper-optimized, per-core Certificate Transparency (CT) log processor built for one purpose: to extract and process 100,000+ X.509 certificates per second from the global CT ecosystem with zero GC, zero blocking, and total CPU saturation.
★ 59ctail. Tail Certificate Transparency logs and extract hostnames
★ 132x64dbg. An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.
★ 49kJonMon-Lite. C++
★ 51iometa. arm64 IOKit class dumper
★ 292bn-objc-extras. Experimental improvements to Objective-C analysis for Binary Ninja
★ 44qemu-xnu. Integration fork of QEMU focusing on XNU platforms (arm, aarch64, etc)
★ 14ios-resources. Useful resources for iOS hacking
★ 2kinsert_dylib. Command line utility for inserting a dylib load command into a Mach-O binary
★ 2.1kpypush. Python APNs and iMessage client
★ 3.8kDyldExtractor. Extract Binaries from Apple's Dyld Shared Cache
★ 470securitytxt. Swisscom security contacts according to RFC 9116
★ 5lldbinit. A gdbinit clone for LLDB
★ 464chomper. A lightweight emulation framework for emulating security algorithms in iOS executables and libraries.
★ 611libprejailbreak. A pre-jailbreak library for devices running iOS 12 - 14.
★ 47optool. Command Line Tool for interacting with MachO binaries on OSX/iOS
★ 1.3kdiaphora. Diaphora, the most advanced Free and Open Source program diffing tool.
★ 4.3kMachOView. MachOView fork
★ 2.9kgit-backdate. Backdate a commit or range of commit to a date or range of dates.
★ 340qiling. A True Instrumentable Binary Emulation Framework
★ 6kbinwalk. Firmware Analysis Tool
★ 14kladybird. Truly independent web browser
★ 65kobjc-kb. Notes on the Objective-C ABI and related topics
★ 52binja-blocks. Apple Blocks Plugin for Binary Ninja
★ 33XMachOViewer. XMachOViewer is a Mach-O viewer for Windows, Linux and MacOS
★ 949CTI. Random Cyber Threat Intelligence
★ 57mcrit. The MinHash-based Code Relationship & Investigation Toolkit (MCRIT) is a framework created to simplify the application of the MinHash algorithm in the context of code similarity.
★ 102pytricia. A library for fast IP address lookup in Python.
★ 250HookCase. Tool for reverse engineering macOS/OS X
★ 835siegfried. signature-based file format identification
★ 269zmap. ZMap is a fast single packet network scanner designed for Internet-wide network surveys.
★ 6.3knetmap. Automatically exported from code.google.com/p/netmap
★ 2kPongoOS. pongoOS
★ 2.7kiphone_backup_decrypt. Decrypt an encrypted local iOS backup on Windows or MacOS
★ 378whoisit. A Python library to RDAP WHOIS-like services for internet resources such as ASNs, IPs, CIDRs and domains
★ 129ipsw. iOS/macOS Research Swiss Army Knife
★ 3.6kdyn-dns-list. This repository contains a comprehensive list of over 30k dynamic DNS domains as of 2024. The list is provided for informational purposes only and can be used for a variety of purposes, including blocking malicious domains, filtering content, and enhancing privacy and security.
★ 114ssldump. ssldump - (de-facto repository gathering patches around the cyberspace)
★ 258stalkerware-indicators. Indicators of stalkerware apps
★ 368Crescendo. Crescendo is a swift based, real time event viewer for macOS. It utilizes Apple's Endpoint Security Framework.
★ 1.1kdistorm. Powerful Disassembler Library For x86/AMD64
★ 1.3kbinee. Binee: binary emulation environment
★ 532apple_bleee. Apple BLE research
★ 2.2kgithub-do-not-ban-us. GitHub do not ban us from open source world :iran:
★ 12kplyara. Parse YARA rules and operate over them more easily.
★ 195what_is_this_c2. For all these times you're asking yourself "what is this panel again?"
★ 262MalConfScan. Volatility plugin for extracts configuration data of known malware
★ 497ghidra_scripts. Scripts for the Ghidra software reverse engineering suite.
★ 1.2kecfs. extended core file snapshot format
★ 229ghidra. Ghidra is a software reverse engineering (SRE) framework
★ 71kCVE-2018-20250. exp for https://research.checkpoint.com/extracting-code-execution-from-winrar
★ 492Evil-WinRAR-Gen. Generator of malicious Ace files for WinRAR < 5.70 beta 1
★ 122YARA-rules. Some YARA rules i will add from time to time
★ 70python-exe-unpacker. A helper script for unpacking and decompiling EXEs compiled from python code.
★ 1kyara-forensics. Set of Yara rules for finding files using magics headers
★ 142emotet_research. C
★ 136Windows-Kernel-Explorer. A free but powerful Windows kernel research tool.
★ 2.7kvti-dorks. Awesome VirusTotal Intelligence Search Queries
★ 334Scylla. Imports Reconstructor
★ 1.4kbuild-your-own-x. Master programming by recreating your favorite technologies from scratch.
★ 524kAD-Attack-Defense. Attack and defend active directory using modern post exploitation adversary tradecraft activity
★ 4.8kNamed-Pipe-Sniffer. Mario & Luigi - Tools for sniffing Windows Named Pipes communication
★ 129CobaltStrikeForensic. Toolset for research malware and Cobalt Strike beacons
★ 210mermaid. Generation of diagrams like flowcharts or sequence diagrams from text in a similar manner as markdown
★ 89kurh. Universal Radio Hacker: Investigate Wireless Protocols Like A Boss
★ 13khopper-scripts. Scripts for Hopper Disassembler
★ 54python-netflow-v9-softflowd. PyPI "netflow" package. NetFlow v9 parser, collector and analyzer implemented in Python 3. Developed and tested with softflowd
★ 119aa-tools. Artifact analysis tools by JPCERT/CC Analysis Center
★ 464dissect.cstruct_legacy. A no-nonsense c-like structure parsing library for Python
★ 240auditd. Best Practice Auditd Configuration
★ 1.9kveles. Binary data analysis and visualization tool
★ 1.2kdwarfcorp. An open-source 3D colony management game for PC, Mac and Linux
★ 623sslyze. Fast and powerful SSL/TLS scanning library.
★ 3.8kDetours. Detours is a software package for monitoring and instrumenting API calls on Windows. It is distributed in source code form.
★ 6.3krosenbridge. Hardware backdoors in some x86 CPUs
★ 2.4kFLIRTDB. A community driven collection of IDA FLIRT signature files
★ 1.4kcsrstat. Command line tool to get the active System Integrity Protection status
★ 47SCTP_NKE_HighSierra. A version of the SCTP NKE running on Mac OS X 10.13 (High Sierra)
★ 17SCTP_NKE_ElCapitan. A version of the SCTP NKE running on Mac OS X 10.11 (El Capitan)
★ 55PowerSponse. PowerSponse is a PowerShell module focused on targeted containment and remediation during incident response.
★ 40URLhaus. Open platform for sharing malware distribution sites
★ 66sctp-services. Mock SCTP network services for testing port scanners and clients
★ 3misp-book. User guide of MISP
★ 292yarp. Yet another registry parser
★ 138cutter. Free and Open Source Reverse Engineering Platform powered by rizin
★ 19kzydis. Fast and lightweight x86/x86-64 disassembler and code generation library
★ 4.3kVBscriptInternals. Scripts for disassembling VBScript p-code in the memory to aid in exploits analysis
★ 86Manalyze. A static analyzer for PE executables.
★ 1.1kmalware_configs. Various config files obtained during malware analysis
★ 68HexFiend. A fast and clever hex editor for macOS
★ 5.9kexample.kext. Makefile for building macOS kernel extensions
★ 72xnumon. monitor macOS for malicious activity
★ 237fsmon. Filesystem monitor tool for Linux/Android iOS/macOS
★ 1kmac_apt. macOS (& ios) Artifact Parsing Tool
★ 1.1kosquery-configuration. A repository for using osquery for incident detection and response
★ 897pypykatz. Mimikatz implementation in pure Python
★ 3.3kml. ml runs linux binaries on osx
★ 6mach_inject. interprocess code injection for Mac OS X
★ 832angr. A powerful and user-friendly binary analysis platform!
★ 8.9kLnkParse. Windows Shortcut file (LNK) parser
★ 137edb-debugger. edb is a cross-platform AArch32/x86/x86-64 debugger.
★ 2.9kmisp-warninglists. Warning lists to inform users of MISP about potential false-positives or other information in indicators
★ 639msoffcrypto-tool. Python tool and library for decrypting and encrypting MS Office files using passwords or other keys
★ 616portal. Ops-Trust Platform - Portal
★ 21windows-event-forwarding. A repository for using windows event forwarding for incident detection and response
★ 1.3kurlhaus. Python
★ 28amsiscanner. A C/C++ implementation of Microsoft's Antimalware Scan Interface
★ 182yq. Command-line YAML, XML, TOML processor - jq wrapper for YAML/XML/TOML documents
★ 3kopensnitch. OpenSnitch is a GNU/Linux interactive application firewall inspired by Little Snitch.
★ 14kasciisciit. ASCII Art, Video, and Plotting Toolbox
★ 89mistune. A fast yet powerful Python Markdown parser with renderers and plugins.
★ 3.1kOLEPackagerFormat. OLE Package Format Documentation
★ 23patat. Terminal-based presentations using Pandoc
★ 2.7kvimdeck. VIM as a presentation tool
★ 1.4kmdp. A command-line based markdown presentation tool.
★ 5.3kmacOS-Security-Updates. Notifies the user when macOS Security components like Gatekeeper and XProtect have been updated
★ 61openbsm. OpenBSM open audit implementation
★ 169pe-sieve. Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).
★ 3.8kupvote_py2. A multi-platform binary whitelisting solution
★ 449yara. The pattern matching swiss knife
★ 9.7kmalware-ioc. Indicators of Compromises (IOC) of our various investigations
★ 2kRoyal_APT. Royal APT - APT15 - Related Information from NCC Group Cyber Defense Operations Research
★ 53retefe. Artefacts from various retefe campaigns
★ 10regf. Windows registry file format specification
★ 364pentest-wiki. PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.
★ 3.7kSticky-Keys-Slayer. Scans for accessibility tools backdoors via RDP
★ 347otool-ng. Some improvements to Apple's otool.
★ 101EvilOSX. An evil RAT (Remote Administration Tool) for macOS / OS X.
★ 2.4kmap-macro. A recursive C preprocessor macro which performs an operation on each element of a list
★ 350flightsim. A utility to safely generate malicious network traffic patterns and evaluate controls.
★ 1.4kDetectionLab. Automate the creation of a lab environment complete with security tooling and logging best practices
★ 5krex_versus_the_romans. Anti Hacking Team TrustedBSD module
★ 27python-rsa. Python-RSA is a pure-Python RSA implementation.
★ 489darling. Darwin/macOS emulation layer for Linux
★ 13ksanta. A binary authorization and monitoring system for macOS
★ 4.5ktommyds. A C library of hashtables and tries designed to store objects with high performance
★ 245OfficeBrute. OfficeBrute - brute force protected word documents
★ 23h2spec. A conformance testing tool for HTTP/2 implementation.
★ 730misp-objects. Definition, description and relationship types of MISP objects
★ 110mitmproxy. An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
★ 44kmultidiff. Binary data diffing for multiple objects or streams of data
★ 308SadMacScreenSaver. Sad Mac Screen Saver
★ 89bsmtrace. BSM based intrusion detection system
★ 41jq. Command-line JSON processor
★ 35kfilewatcher. A simple auditing utility for macOS
★ 290TheHive. TheHive is a Collaborative Case Management Platform, now distributed as a commercial version
★ 3.9kawesome-incident-response-pro-bono. This repository is a curated list of pro bono incident response entities.
★ 21misp-taxonomies. Taxonomies used in MISP taxonomy system and can be used by other information sharing tool.
★ 302MISP-RPM. RPM packages for MISP
★ 41DrK. The DrK Attack - Proof of concept
★ 349neopg. The multiversal cryptoengine!
★ 218pop-nedry. x86-64 Windows shellcode that recreates the Jurassic Park hacking scene (Ah, ah, ah... you didn't' say the magic word!)
★ 86atomic-red-team. Small and highly portable detection tests based on MITRE's ATT&CK.
★ 12ksigma. Main Sigma Rule Repository
★ 11kXXEinjector. Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.
★ 1.8kTrickBot-Toolkit. A collection of tools for dealing with TrickBot
★ 205malware. Python
★ 45asn1js. JavaScript generic ASN.1 parser
★ 647trickbot_configs. A collection of all the Trickbot banking trojan configurations that I've collected so far
★ 9javalang. Pure Python Java parser and tools
★ 797adwind-decryptor. Simple decrypter for Java AdWind, jRAT, jBifrost trojan
★ 17Loki. Loki - Simple IOC and YARA Scanner
★ 3.8kResponder. Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.
★ 4.9ksflock. Sample staging & detonation utility to be used in combination with Cuckoo Sandbox.
★ 85CVE-2017-8759. CVE-2017-8759 - A vulnerability in the SOAP WDSL parser.
★ 176mosh. Mobile Shell
★ 41plasma. Plasma is an interactive disassembler for x86/ARM/MIPS. It can generates indented pseudo-code with colored syntax.
★ 3.1kPowerGRR. PowerGRR is an API client library in PowerShell working on Windows, Linux and macOS for GRR automation and scripting.
★ 57bokeh. Interactive Data Visualization in the browser, from Python
★ 20kyarasigs. Various Yara signatures (possibly to be included in a release later).
★ 87mispy. Another MISP module for Python
★ 18morphHTA. morphHTA - Morphing Cobalt Strike's evil.HTA
★ 530phishery. An SSL Enabled Basic Auth Credential Harvester with a Word Document Template URL Injector
★ 1k