~Open Source Security Tool of the Day~

urlhaus-filter

A blocklist of malicious websites that are being used for malware distribution, based on the **Database dump (CSV)** of Abuse.ch. Blocklist is updated twice a day.

gitlab.com/curben/urlhaus-filt

~Open Source Security Tool of the Day~

`dnspeep` lets you spy on the DNS queries your computer is making.
It uses `libpcap` to capture packets on port 53, and then matches up DNS request and response packets so that it can show the request and response together on the same line.

github.com/jvns/dnspeep

~Open Source Security Tool of the Day~

The nzyme project uses WiFi adapters in monitor mode to scan the frequencies for suspicious behavior, specifically rogue access points and known WiFi attack platforms. Each recorded wireless frame is parsed and optionally sent to a [Graylog](graylog.org/) log management system for long-term storage that allows you to perform forensics and incident response.

github.com/lennartkoopmann/nzy

~Open Source Security Tool of the Day~

ScriptSafe

A browser extension that gives users control of the web and more secure browsing while emphasizing simplicity and intuitiveness.

github.com/andryou/scriptsafe

~Open Source Security Tool of the Day~

eBPFSnitch is a Linux Application Level Firewall based on eBPF and NFQUEUE. It is inspired by OpenSnitch, and Douane, but utilizing modern kernel abstractions, without a kernel module.

github.com/harporoeder/ebpfsni

~Open Source Security Tool of the Day~

Arkime (formerly Moloch) is a large scale, open source, indexed packet capture and search system.Arkime augments your current security infrastructure to store and index network traffic in standard PCAP format, providing fast, indexed access. An intuitive and simple web interface is provided for PCAP browsing, searching, and exporting.

github.com/arkime/arkime

~Open Source Security Tool of the Day~

Tracee: Linux Runtime Security and Forensics using eBPF

Tracee is a Runtime Security and forensics tool for Linux. It is using Linux eBPF technology to trace your system and applications at runtime, and analyze collected events to detect suspicious behavioral patterns.

github.com/aquasecurity/tracee

~Open Source Security Tool of the Day~

Cloudlist is a multi-cloud tool for getting Assets (Hostnames, IP Addresses) from Cloud Providers. This is intended to be used by the blue team to augment Attack Surface Management efforts by maintaining a centralized list of assets across multiple clouds with very little configuration efforts.

github.com/projectdiscovery/cl

~Open Source Security Tool of the Day~

The Modern Hash Identification System

Have you ever come across a hash such as `5f4dcc3b5aa765d61d8327deb882cf99` and wondered what type of hash that is?

Name-that-hash will name that hash type!

github.com/HashPals/Name-That-

~Open Source Security Tool of the Day~

CALDERA™ is a cyber security framework designed to easily run autonomous breach-and-simulation exercises. It can also be used to run manual red-team engagements or automated incident response.

github.com/mitre/caldera

~Open Source Security Tool of the Day~

Dagobah is an open source tool written in python to automate the internal threat intelligence generation, inventory collection and compliance check from different AWS resources. Dagobah collects information and save the state into an elasticsearch index.

github.com/cloud-sniper/dagoba

~Open Source Security Tool of the Day~

APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity . this tool will make a good use of the windows event logs collected and make sure to not miss critical events configured to be detected.

github.com/ahmedkhlief/APT-Hun

~Open Source Security Tool of the Day~

Leapp is a DevTool Desktop App designed to **manage and secure Cloud Access in multi-account environments.**

The App is designed to work with Cloud Providers APIs, CLIs, and SDKs.

It's a tool that securely stores your access information in a secure place and generates temporary credential sets to access your Cloud from your local machine.

leapp.cloud/

~Open Source Security Tool of the Day~

proxify

Swiss Army Knife Proxy for rapid deployments. Supports multiple operations such as request/response dump, filtering and manipulation via DSL language, upstream HTTP/Socks5 proxy. Additionally a replay utility allows to import the dumped traffic (request/responses with correct domain name) into burp or any other proxy by simply setting the upstream proxy to proxify.

github.com/projectdiscovery/pr

~Open Source Security Tool of the Day~

Mandiant Azure AD Investigator

Together with the report, FireEye researchers have also released a free tool on GitHub named Azure AD Investigator that they say can help companies determine if the SolarWinds hackers (also known as UNC2452) used any of these techniques inside their networks.

github.com/fireeye/Mandiant-Az

~Open Source Security Tool of the Day~

Wireguard Manager

Self-hosted Wireguard Manager. Installs and configures a ready-to-use WireGuard Interface.

github.com/complexorganization

~Open Source Security Tool of the Day~

Tamper Dev

A browser extension that lets you edit HTTP(S) requests and responses without a proxy. So like Burp Suite/ZAP, but just your browser.

tamper.dev/

~Open Source Security Tool of the Day~

Hawk

Powershell Based tool for gathering information related to O365 intrusions and potential Breaches. The Hawk module has been designed to ease the burden on O365 administrators who are performing a forensic analysis in their organization.

github.com/T0pCyber/hawk

~Open Source Security Tool of the Day~

OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. It has been created in order to structure, store, organize and visualize technical and non-technical information about cyber threats.

The structuration of the data is performed using a knowledge schema based on the STIX2 standards.

opencti.io/en/

~Open Source Security Tool of the Day~

A pentesting tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner. tracy should be used during the mapping-the-application phase of the pentest to identify sources of input and their corresponding outputs. tracy can use this data to intelligently find vulnerable instances of XSS, especially with web applications that use lots of JavaScript.

github.com/nccgroup/tracy

Show older

Scott Mortimer's choices:

Infosec Exchange

A Mastodon instance for info/cyber security-minded people.