sof-elk. Configuration files for the SOF-ELK VM
1.7kip2geo. Script to perform bulk local GeoIP lookups (ASN and geo) for IP addresses
103for572-scripts. A completely unsupported set of scripts used in SANS FOR572, Advanced Network Forensics and Analysis
29vmware-snapcompare. VMware Snapshot Forensic Comparison Scripts
25timeshift. A python script to shift the timestamp on syslog data. Useful for forensicators combating time skew.
22ltc-fuzzy-keyword-suggestions. YOURLS plugin to alleviate typos in short URLs
4geoip-bootstraps. Shell
3Cybersecurity-Pathfinders.
3passivedns. A network sniffer that logs all DNS server replies for use in a passive DNS setup
2web-traffic-generator. A quick and dirty HTTP/S "organic" traffic generator.
2sansfor509. Public script from SANS FOR509 Enterprise Cloud Incident Response
2hassh. HASSH is a network fingerprinting standard which can be used to identify specific Client and Server SSH implementations. The fingerprints can be easily stored, searched and shared in the form of a small MD5 fingerprint.
1fail2ban. Daemon to ban hosts that cause multiple authentication errors
1daylight_tracker. Python
1ja3-aggregator. Aggregate and normalize JA3 hash databases from multiple sources
1freq. This is a repository for freq.py and freq_server.py
1sift-bootstrap. SANS Investigative Forensics Toolkit Bootstrap Script
1arkime. Arkime (formerly Moloch) is an open source, large scale, full packet capturing, indexing, and database system.
1yersinia-web. Yersinia Web
1arkimeweb. The website for arkime.com
1pptxindex. Create a MS Word index file from PowerPoint notes and slides
1