Name Type License Developer(s) URL Description Type of Tool
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































aa tool Open-source https://github.com/JPCERTCC/aa-tools/blob/master/LICENSE.txt JPCERT/CC https://github.com/JPCERTCC/aa-tools Artefact analysis tool Artefact Analysis
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































AAPT Open-source
Android Studio https://androidaapt.com/ This tool allows you to view, create, and update Zip-compatible archives (zip, jar, apk). It can also compile resources into binary assets. Development Tool
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Abuse helper Open source MIT License Clarified Networks, CERT -FI, CERT-EE https://github.com/abusesa/abusehelper Automatically processing (standardised) high-volume information from a wide range of sources and finding the owners of reported IP addresses from public databaseses. Information Co-relation
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Abuse.py Open source GPLv3 CERT Société Générale https://pypi.org/project/abuse-finder/ Look for abuse contacts for IP, domain names, email addresses and URLs. Information Co-relation
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































AIL framework Open-source GNU AGPL v3.0: https://github.com/CIRCL/AIL-framework/blob/master/LICENSE CIRCL https://github.com/CIRCL/AIL-framework "AIL is a modular framework to analyse potential information leaks from unstructured data sources like pastes from Pastebin or similar services or unstructured data streams. AIL framework is flexible and can be extended to support other functionalities to mine or process sensitive information (e.g. data leak prevention)." Data Leak Monitoring/Data Mining
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































AIRT (Application for Incident Response Teams) Open-source GNU GPL v2 AIRT development team http://airt.leune.com/ "a web-based application that has been designed and developed to support the day to day operations of a computer security incident response team"
Seems discontinued (last update in 2009)
Mentioned in Trusted Introducer's SIM3 model
Incident Management Tool
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































ALOD Open-source https://github.com/rommelfs/ALOD/blob/master/License.rtf Sascha Rommelfangen, CIRCL, Smile GIE https://github.com/rommelfs/ALOD https://www.circl.lu/pub/tr-08/ "automatic launch object detection for Mac OS X" Application monitoring
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Analysis Pipeline 5.11.3 Open-source GPL SEI, CMU https://tools.netsa.cert.org/analysis-pipeline5/download.html It can now process YAF records and raw IPFIX records. It can do all of the analyses available in version 4.x. A notable enhancement is expansive DNS record processing. Network Threat Detection
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































AndroGuard Open-source Apache 2.0 License Anthony Desnos https://github.com/androguard/androguard Reverse engineering, Malware and goodware analysis of Android applications Mobile Application Analysis Framework
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Android Brute Force Encryption cracking program Freeware (Santoku Community Edition) MIT License Santoku Community https://github.com/santoku/Santoku-Linux/tree/master/tools/android/android_bruteforce_stdcrypto Using command line 'bbruteforce_stdcrypto ~/Desktop/tmp_header ~/Desktop/tmp_footer' to brute force android encryption PIN. Filesystem Recovery
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Android Debug Bridge Open-source https://developer.android.com/studio/terms Android Studio https://developer.android.com/studio/command-line/adb Android Debug Bridge (adb) is a versatile command-line tool that lets you communicate with a device. Process Debugger
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Android emulator Open-source Apache 2.0 License Google https://developer.android.com/studio/run/emulator The Android Emulator simulates Android devices on your computer so that you can test your application on a variety of devices and Android API levels without needing to have each physical device. Emulator
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Android NDK Open-source Apache 2.0 License Google https://developer.android.com/ndk The Android NDK is a toolset that lets you implement parts of your app in native code, using languages such as C and C++. Artefact Analysis
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Anubis Open-source MIT JonLuca De Caro https://github.com/jonluca/Anubis Subdomain enumeration and information gathering tool Information Co-relation
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































apktool Open-source Apache 2.0 License Connor Tumbleson https://ibotpeaches.github.io/Apktool/ A tool for reverse engineering 3rd party, closed, binary Android apps. It can decode resources to nearly original form and rebuild them after making some modifications. Decompiler
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































apullo Open-source MIT License: https://github.com/ninoseki/apullo/blob/master/LICENSE Manabu Niseki https://github.com/ninoseki/apullo "A scanner for taking basic fingerprints." Network Fingerprinting
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Assemblyline Open-source MIT License Canadian Cyber Security Centre https://cyber.gc.ca/en/assemblyline https://github.com/CybercentreCanada?q=assemblyline "Assemblyline is a platform for the analysis of malicious files. It is designed to assist cyber defence teams to automate the analysis of files and to better use the time of security analysts. The tool recognizes when a large volume of files is received within the system, and can automatically rebalance its workload. Users can add their own analytics, such as antivirus products or custom-built software, in to Assemblyline. The tool is designed to be customized by the user and provides a robust interface for security analysts." Malware Detection Framework
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































AtlasFrontend Open-source
Mariano Moreno https://github.com/hedesil/atlas-frontend Web application to manage information in a Security Operations Center (SOC). Code developed in the INCIBE's Hackathon 2019. Vulnerability Management
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































AuRTIR Open-source
INCIBE-CERT
Tool to automate some incident management tasks using RTIR web API. Incident Management Tool
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Autopsy Freeware
Basis Technology https://www.autopsy.com/ Autopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools. It is used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover photos from your camera's memory card. Artefact Analysis
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Aviary Freeware
CISA https://github.com/cisagov/sparrow/releases A dashboard to help visualize and analyze threats from its Sparrow detection tool Artefact Analysis
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































AWARE (Abuse Watch Alerting and Reporting Engine) Free online service
ITU http://aware.impact-alliance.org/ (not accessible any more) "a solution for cyber threats monitoring through various external sources."
Has a public dashboard
Network Threat Monitoring
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































awk Freeware
Alfred Aho, Peter J. Weinberger, Brian Kernighan https://www.gnu.org/software/gawk/manual/gawk.html, https://www.geeksforgeeks.org/awk-command-unixlinux-examples/ a program that you can use to select particular records in a file and perform operations upon them. Text Processing
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Backtrack Open-source
Mati Aharoni, Max Moser https://www.backtrack-linux.org/ BackTrack is a Linux-based distribution dedicated to penetration testing or hacking (depending on how you look at it). It contains more than 300 of the world's most popular open source or freely distributable hacking tools. (Discontinued and run as Kali Linux as of 2013) Penetration Testing
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































bgiparser (backgrounditems.btm parser) Open-source Apache License 2.0: https://github.com/mnrkbys/bgiparser/blob/master/LICENSE Minoru Kobayashi (Internet Initiative Japan) https://github.com/mnrkbys/bgiparser "it serves to parse information about the applications to be executed upon user login , which is stored in backgrounditems.btm in macOS after 10.13 HighSierra." Parsing Tool
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































BGPRanking Open-source https://github.com/CIRCL/bgp-ranking/blob/master/LICENSE
https://github.com/CIRCL/bgpranking-redis-api/blob/master/LICENSE
BGPRanking: Raphaël Vinot, Alexandre Dulaunoy, CIRCL
BGPRanking Python API: Raphaël Vinot, CIRCL
https://bgpranking-ng.circl.lu/ https://circl.lu/projects/bgpranking/ https://github.com/CIRCL/bgp-ranking https://github.com/CIRCL/bgpranking-redis-api BGP ranking is a free software to calculate the security ranking of Internet Service Provider (ASN). Network Monitoring
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Bin Text Freeware
Aldeid https://www.aldeid.com/wiki/BinText A small, very fast and powerful text extractor that will be of particular interest to programmers. Artefact Analysis
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































BinaryEdge API Paid service with a free option Terms and Conditions: https://app.binaryedge.io/terms-and-conditions BinaryEdge https://www.binaryedge.io/ https://app.binaryedge.io/ https://docs.binaryedge.io/ Scan the internet and acquire data that can be transformed into threat intelligence feeds or security reports. Information Correlation
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Binwalk Open-source MIT: https://github.com/keydet89/RegRipper3.0/blob/master/license.txt Craig Heffner https://github.com/ReFirmLabs/binwalk https://tools.kali.org/forensics/binwalk "a fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images" Disk Image Creation Tool
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Bot Checker Script Open source GPL-3.0 INCIBE-CERT https://github.com/felmoltor/INCIBEBotDetect Script to periodically check if there is an infected maching in your LAN Malware Detection
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Bytehist Freeware ISCL: http://en.wikipedia.org/wiki/ISC_license Christian Wojner @ CERT.at https://www.cert.at/en/downloads/software/software-bytehist https://twitter.com/CERTat_Minibis "A tool for generating byte-usage-histograms for all types of files with a special focus on binary executables in PE-format (Windows)." Visualization
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































CAINE (Computer Aided Investigative Environment) Freeware + Open-source (Linux distribution)
Nanni Bassetti (current project manager) http://www.caine-live.net/ "an Italian GNU/Linux live distribution created as a Digital Forensics project" Evidence Collector
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Carl-Hauser Open-source GNU GPL v3.0: https://github.com/CIRCL/carl-hauser/blob/master/LICENSE CIRCL https://github.com/CIRCL/carl-hauser "Open Source Testing Framework for image correlation, distance and analysis." Artefact Analysis
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Censys API Paid service with free quota Terms of Services: https://censys.io/tos Censys https://censys.io/api "The Censys REST API provides programmatic access to the same data accessible through the web interface. API access is governed by our Terms of Service and all scripted access should use this API." Information Correlation
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































CERT-EE Sandbox Free online service Cuckoo Foundation CERT-EE https://cuckoo.cert.ee/ File analysis tool for IT specialists, allowing them
to check in safe mode how operating systems on
various virtual and physical platforms behave when
a suspicious file is opened.
Binary Analysis Framework
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































CERT Bund Report Parser Open source MIT License CERT-Bund https://github.com/manitu-opensource/certbundreport-parser A PHP parser for German CERT Bund email reports. Parsing Tool
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































CERT PRISM Freeware https://www.sei.cmu.edu/legal/index.cfm SEI, CMU https://tools.netsa.cert.org/script-prism/index.html Prism is a tool for visualizing flow data as a time series, broken down into several configurable bins by SiLK's rwfilter tool. Visualisation Tool
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































certspotter-processing Open source GPL-3.0 License CERT.at https://github.com/certat/certspotter-processing A bunch of short scripts used for handing the results of the program certspotter. Parsing Tool
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































CertStream Open-source MIT License: https://github.com/CaliDog/certstream-server/blob/master/LICENSE Cali Dog Security https://certstream.calidog.io/ https://github.com/search?q=org%3ACaliDog+certstream https://github.com/CaliDog/certstream-server-python https://github.com/CaliDog/certstream-python https://github.com/CaliDog/certstream-server https://github.com/CaliDog/certstream-go https://github.com/CaliDog/certstream-js https://github.com/CaliDog/certstream-java "an intelligence feed that gives you real-time updates from the Certificate Transparency Log network, allowing you to use it as a building block to make tools that react to new certificates being issued in real time" Network Monitoring
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































CFF Explorer Freeware
Erik Pistelli https://github.com/cybertechniques/site/blob/master/analysis_tools/cff-explorer/index.md CFF Explorer was designed to make PE editing as easy as possible, but without losing sight on the portable executable’s internal structure. This application includes a series of tools which might help not only reverse engineers but also programmers. PE Editor
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































CHIRP IOC Detection Tool Freeware https://creativecommons.org/publicdomain/zero/1.0/ CISA https://github.com/cisagov/CHIRP CHIRP is a forensics collection tool that CISA developed to help network defenders find indicators of compromise (IOCs) Evidence Collector
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































chkdeface In-house built
JPCERT/CC https://www.first.org/resources/papers/conf2015/first_2015_-_uchiyama-_kobayashi_-_keeping_eyes_on_malicious_websites_20150604.pdf To check for defaced websites online. Malware Detection
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































CIF (Collective Intelligence Framework) Open-source Mozilla Public License 2.0: https://github.com/csirtgadgets/cif-v5/blob/master/LICENSE CSIRT Gadgets, LLC https://csirtgadgets.com/ https://github.com/csirtgadgets A threat intelligence framework Cyber Threat Intelligence Framework
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































CIRCLean - USB key sanitizer Open-source BSD 3-Clause "New" or "Revised" License: https://github.com/CIRCL/Circlean/blob/master/LICENSE CIRCL http://www.circl.lu/projects/CIRCLean/ https://github.com/CIRCL/Circlean CIRCLean is an independent hardware solution to clean documents from untrusted (obtained) USB keys / USB sticks. USB Cleaning
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































class-dump-z Freeware

https://github.com/interference-security/ios-pentest-tools/blob/master/class-dump-z IOS Pentest tool. Penetration Testing
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































cmu-sei/kaiju Open-source https://github.com/cmu-sei/kaiju/blob/main/LICENSE.md CERT/CC-CMU https://github.com/cmu-sei/kaiju CERT Kaiju is a binary analysis framework extension for the Ghidra software reverse engineering suite. This repository is a "mirror" -- please file tickets, bug reports, or pull requests at the upstream home in @CERT/CC. Sandboxing/Reversing Tool
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Cortex Open-source GNU GAPL v3.0: https://github.com/TheHive-Project/CortexDocs/blob/master/LICENSE TheHive Project https://github.com/TheHive-Project/CortexDocs "Cortex solves two common problems frequently encountered by SOCs, CSIRTs and security researchers in the course of threat intelligence, digital forensics and incident response:
How to analyze observables they have collected, at scale, by querying a single tool instead of several?
How to actively respond to threats and interact with the constituency and other teams?"
Information Correlation
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































createfs.py

CERT Polska http://kippo.googlecode.com/svn/trunk/createfs.py (The website is not accessible) A tool from the Kippo
repository to generate a fake filesystem (in python pickle format required by
Kippo) which structure is based on the host filesystem.


























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































CRIT Open-source
Mitre Corporation https://crits.github.io/ CRITs is an open source malware and threat repository that leverages other open source software to create a unified tool for analysts and security experts engaged in threat defense. Cyber Threat Intelligence
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Critical Stack Open-source Apache License v2.0: https://github.com/criticalstack/ui/blob/main/LICENSE Capital One https://www.capitalone.com/tech/solutions/container-orchestration/ https://github.com/criticalstack "enforces the highest level of governance and security standards, enabling teams to efficiently scale containerized applications in the strictest environments"

























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































csirtgadgets/csirtg-domainsml-tf-py Open-source MPL 2.0 CSIRT Gadgets, LLC https://github.com/csirtgadgets/csirtg-domainsml-tf-py simple python/keras/tensorflow library for detecting odd domains in python Network Threat Detection
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































csirtgadgets/csirtg-ipsml-tf Open-source MPL 2.1 CSIRT Gadgets, LLC https://github.com/csirtgadgets/csirtg-ipsml-tf simple library for detecting suspicious connections using TensorFlow Network Threat Detection
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































csirtgadgets/csirtg-urlsml-tf-py Open-source MPL 2.2 CSIRT Gadgets, LLC https://github.com/csirtgadgets/csirtg-urlsml-tf-py simple python/keras/tensorflow library for detecting odd urls in python Network Threat Detection
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































CTI Toolkit Open-source https://github.com/MISP/cti-toolkit/blob/master/LICENSE CERT Australia-ACSC https://github.com/MISP/cti-toolkit This package contains cyber threat intelligence (CTI) tools created by CERT Australia. Cyber Threat Intelligence
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Cuckoo Sandbox Open-source GNU GPL v3.0: https://github.com/cuckoosandbox/cuckoo/blob/master/LICENSE Stichting Cuckoo Foundation https://cuckoosandbox.org/ https://github.com/cuckoosandbox "automated malware analysis system" Sandboxing/Reversing Tool
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































curl Freeware
Daniel Stenberg https://en.wikipedia.org/wiki/CURL#cURL curl is a command-line tool for getting or sending data including files using URL syntax. UNIX Tool
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































cve-search Open-source + Online free service GNU AGPL v3.0: https://github.com/cve-search/cve-search/blob/master/LICENSE CIRCL https://www.cve-search.org/ https://github.com/cve-search/ "a set of free software to support the search, indexing, correlation and management of software vulnerabilities" Vulnerability Management
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Cyber-Ticket-Studio Freeware https://github.com/cmu-sei/Cyber-Ticket-Studio/blob/master/LICENSE.txt SEI CMU https://github.com/cmu-sei/Cyber-Ticket-Studio CTS is a tool that enables users to explore, search, sort, mine, and visualize large numbers of cyber incident tickets (and some other kinds of tickets) at the same time. Incident Management
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































CyberGreen Stats and CyberGreen API Free online services and free API Terms of Use: https://www.cybergreen.net/terms-of-use/ JPCERT/CC (lead) https://stats.cybergreen.net/ https://stats.cybergreen.net/download/ "Cyber Health Statistics"
The website has a visualization engine and the API allows data access.
Visualization
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Cybersecurity Incident Report and Analysis System – Visual Analysis Tool Free online services
ENISA https://www.enisa.europa.eu/topics/incident-reporting/cybersecurity-incident-report-and-analysis-system-visual-analysis/visual-tool An online service showing statistics of cyber incidents in an interactive and visualised manner. Visualization
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Cybobstract Open-source https://github.com/cmu-sei/cyobstract/blob/master/LICENSE.txt CERT/CC-CMU https://github.com/cmu-sei/cyobstract Cyobstract is a cyber observables extraction tool that uses regular expressions on cyber incident reports. It quickly pulls indicators and other cyber information from these reports. It takes free text as input and provides relevant information for incident response (IR) in a structured format as output. Artefact Collector
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































D4 Attack Map Free online services
CIRCL https://map.circl.lu/ "displays realtime SSH bruteforce attacks registered against d4-project's main instance, hosted in Luxembourg." Visualization
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































dc3dd Open-source GNU GPL v3: https://gitlab.com/kalilinux/packages/dc3dd/-/blob/kali/master/COPYING DCCI (dc3dd@dc3.mil) https://sourceforge.net/projects/dc3dd/ https://tools.kali.org/forensics/dc3dd https://gitlab.com/kalilinux/packages/dc3dd "a patched version of GNU dd with added features for computer forensics" Artefact Analysis
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































dd Open-source GPL 3.0 Ken Thompson https://github.com/thefanclub/dd-utility Write and Backup Operating System IMG or ISO files on Memory Card or Disk Disk Image Creation Tool
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































DEFT (Digital Evidence and Forensics Toolkit) Freeware and Open-source? GNU GPL v3
DEFT Linux Core Team
http://na.mirror.garr.it/mirrors/deft/ "a distribution made for Computer Forensics, with the purpose of running live on systems without tampering or corrupting devices (hard disks, pen drives, etc…) connected to the PC where the boot process takes place" Evidence Collector
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































DensityScout Freeware ISCL: http://en.wikipedia.org/wiki/ISC_license Christian Wojner @ CERT.at https://cert.at/en/downloads/software/software-densityscout "This tool calculates density (like entropy) for files of any file-system-path to finally output an accordingly descending ordered list. This makes it possible to quickly find (even unknown) malware on a potentially infected Microsoft Windows driven machine." Malware Detection
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































DetectionLab Open-source MIT License: https://github.com/clong/DetectionLab/blob/master/LICENSE Chris Long https://github.com/clong/DetectionLab "automates the process of building an Active Directory based lab environment on many different platforms and configures the lab hosts for maximum telemetry collection using tools like Sysmon and osquery"
https://jsac.jpcert.or.jp/en/timetable.html#modal-main2
Repository of Scripts
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































DetectLM Open-source
JPCERT/CC https://github.com/JPCERTCC/DetectLM To detect attackers'lateral movement using machine learning Network Threat Detection
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































dig (Domain Information Groper) Open-source
Internet Systems Consortium, Inc. https://linux.die.net/man/1/dig To check if a DNS server is configured as an open resolver allowing recursive queries, you can use the 'dig' tool for sending a DNS request for an arbitrary domain name (the server is not authoritative for) to the IP address of the DNS server in question Domain Name/IP Address Checker
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































dionaea honeypot Open-source GNU GPL v2.0: https://github.com/DinoTools/dionaea/blob/master/LICENSE dionaea community https://dionaea.readthedocs.io/ https://github.com/DinoTools/dionaea, https://github.com/GovCERT-CZ/dionaea, https://github.com/GovCERT-CZ/DionaeaFR "a nepenthes successor, embedding python as scripting language, using libemu to detect shellcodes, supporting ipv6 and tls" Honeypot
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Distorm3 Open-source https://github.com/gdabah/distorm/blob/master/COPYING Gil Dabah https://github.com/gdabah/distorm diStorm3 is really a decomposer, which means it takes an instruction and returns a binary structure which describes it rather than static text, which is great for advanced binary code analysis. Artefact Analysis
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































dnscat2 Open-source BSD 3 Clause License
https://github.com/iagox86/dnscat2 This tool is designed to create an encrypted command-and-control (C&C) channel over the DNS protocol, which is an effective tunnel, out of almost every network. Penetration Testing
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































DNScheck Free online service
MAHER-CERT https://dnscheck.cert.ir/ DNS review system to check for dns vulnerabilities in a network.
Domain Name/IP Address Checker
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































dnstwist Open-source Apache License v2.0: http://www.apache.org/licenses/LICENSE-2.0 Marcin Ulikowski https://dnstwist.it/ https://github.com/elceef/dnstwist "Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation " Domain Name/IP Address Checker
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































do-portal Open-source
CERT.at https://github.com/certat/do-portal This is a web-based application for managing contact information with network information, self-administration and statistics integration. It is used by CERT.at/GovCERT.at/Austrian Energy CERT to maintain contact information for customers and network owners Contact Portal
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Douglas-Quaid Open-source GNU GPL v3.0: https://github.com/CIRCL/douglas-quaid/blob/master/LICENSE CIRCL https://github.com/CIRCL/douglas-quaid "Open source software for image correlation, distance and analysis." Disk Image Analysis
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































DumpIt (Moonsols standalone programme or part of Comae-Toolkit/Stardust?) Freeware or Open-source?
Comae or Moonsols? https://www.comae.com/dumpit-memory-forensics-malware-analysis/ https://github.com/comaeio/comae-cli http://qpdownload.com/dumpit/ http://www.moonsols.com/wp-content/plugins/download-monitor/download.php?id=7 [broken] Memory acquisition
"Comae-Toolkit is free for personal usage. Registration is required."
Some CSIRTs referred to Moonsols as the developer and some referred to Comae. It is unclear if Comae inherited Dumpit from Moonsols and developed it further. It is however clear that Comae's Dumpit is more recent and still being actively maintained.
Memory Analysis Tool
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































dynamic_ips

CERT.at https://github.com/certat/dynamic_ips A mapping of (IP address -> is a dynamic IP (Y/N)?) Information Co-relation
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































ElasticSearch Freeware https://github.com/elastic/elasticsearch/blob/master/LICENSE.txt Elastic NV https://github.com/elastic/elasticsearch Elasticsearch is a search engine based on the Lucene library. It provides a distributed, multitenant-capable full-text search engine with an HTTP web interface and schema-free JSON documents. Search Engine
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































EmoCheck Open-source https://github.com/JPCERTCC/EmoCheck/blob/master/LICENSE.txt JPCERT/CC https://github.com/JPCERTCC/EmoCheck Emotet detection tool for Windows OS Artefact Collector
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Encrypted Disk Detector: EDD Freeware
MAGNET https://www.magnetforensics.com/resources/encrypted-disk-detector/ "a command-line tool that can quickly and non-intrusively check for encrypted volumes on a computer system during incident response" Disk Image Analysis
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































ENISA CSIRT maturity self-assessment tool Free online service
ENISA https://www.enisa.europa.eu/topics/csirts-in-europe/csirt-capabilities/csirt-maturity/csirt-maturity-self-assessment-survey "helps CSIRTs to self-assess their team’s maturitylogo maturity in terms of 44 parameters of the SIM3 model" Incident Management
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































ENISA interactive CSIRT Inventory Free online service
ENISA https://www.enisa.europa.eu/topics/csirts-in-europe/csirt-inventory https://www.enisa.europa.eu/topics/csirts-in-europe/csirt-inventory/certs-by-country-interactive-map "The European CSIRT Inventory gives an overview of the actual situation concerning CSIRT teams in Europe. It provides a list of publicly listed incident response teams that can be visualised by the interactive mapping tool." Incident Management
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































exchange_webshell_detection Open-source
CERT.lv https://github.com/cert-lv/exchange_webshell_detection Detect webshells dropped on Microsoft Exchange servers exploited through "proxylogon" group of vulnerabilites (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065) (This project is discontinued) Artefact Collector
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Exeinfo PE Freeware
A.S.L Soft https://exeinfo-pe.en.uptodown.com/windows Exeinfo PE is a program that lets you verify .exe files and check out all their properties. You can also change the file name, directly open the .exe, or simply delete it. Artefact Analysis
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































ExifTool Open-source Perl license: https://exiftool.org/#license Phil Harvey https://exiftool.org/ https://en.wikipedia.org/wiki/ExifTool Extracting metadata of files, including PE (exe) file header info Information Reader/Writer
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Falcon Sandbox Public API and API connectors Open-source Terms and Conditions of Use: https://www.hybrid-analysis.com/terms
GNU GPL v3.0: https://github.com/PayloadSecurity/VxAPI/blob/master/LICENSE.md
MIT License: https://github.com/picatz/falconz/blob/master/LICENSE.txt
Falcon Sandbox & VxAPI Python connector: Hybrid Analysis
Ruby connector: Kent 'picat' Gruber
https://www.hybrid-analysis.com/docs/api/v2 https://github.com/PayloadSecurity/VxAPI https://github.com/picatz/falconz "Falcon Sandbox has a powerful and simple API that can be used to submit files/URLs for analysis, pull report data, but also perform advanced search queries. The API is open and free to the entire IT-security community." Sandboxing/Reversing Tool
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































FastIR Open-source GPL 3.0 Sekoia Lab https://github.com/SekoiaLab/Fastir_Collector This tool collects different artefacts on live Windows and records the results in csv or json files. With the analyses of these artefacts, an early compromission can be detected. FastIR Collector is no longer maintained. We recommend using our new FastIR Artifacts collector instead Evidence Collector
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Filebeat-module-for-Squid


https://github.com/rhpenguin/Filebeat-module-for-Squid Config example and Filebeat module for Squid based on JPCERT/CC report. Logfile Monitoring
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































flubot Open-source ISC License NCSC-NL https://github.com/NCSC-NL/flubot This repository contains lists of domains generated by the Flubot DGA. Repository of Domains from Flubot DGA
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































FollowTcpStream

CERT.at https://github.com/certat/FollowTcpStream A command-line tool written in Python influenced by Wiresharks "Follow TCP stream" functionality enhanced by some fancy and useful features like un-chunking, un-gzipping, etc. Network Monitoring Tool
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































foremost Open-source Public domain UG Government http://foremost.sourceforge.net/ https://tools.kali.org/forensics/foremost https://gitlab.com/kalilinux/packages/foremost "a forensic program to recover lost files based on their headers, footers, and internal data structures" File Recovery Tool
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































FTK Imager (and FTK Imager Lite) Freeware
Access Data https://accessdata.com/product-download/ftk-imager-version-4.2.0 https://accessdata.com/product-download/ftk-imager-lite-version-3-1-1 Memory and disk acquisition Disk Image Creation Tool
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































gabriel Open source GPL-3.0 License CERT-GOV-GE https://github.com/CERT-GOV-GE A DDoS detection plugin for NfSen
"*** Development of this plugin has been stopped. Currently it has some false positives and does not work as it should. ***"
DDOS Detection Plugin
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Ghidra Open-source Apache License v2.0: https://github.com/NationalSecurityAgency/ghidra/blob/master/LICENSE National Security Agency, USA https://ghidra-sre.org/ https://github.com/NationalSecurityAgency/ghidra "a software reverse engineering (SRE) framework" Sandboxing/Reversing Tool
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Glastopf Open-source GNU GPL v3.0: https://github.com/mushorg/glastopf/blob/master/GPL Lukas Rist https://github.com/mushorg/glastopf http://glastopf.org/ "a Python web application honeypot" Honeypot
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































GMER Freeware
Przemysław Gmerek http://www.gmer.net/?m=0 GMER is a software tool written by a Polish researcher Przemysław Gmerek, for detecting and removing rootkits. Malware Detection
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































GoUtils2.0 Open-source No license Egor Zaytsev https://gitlab.com/zaytsevgu/GoUtils2.0/ https://github.com/sibears/IDAGolangHelper (new version) https://gitlab.com/zaytsevgu/goutils (old version) "Set of IDA Pro scripts for parsing GoLang types information stored in compiled binary" Sandboxing/Reversing Tool
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































grep Open-source
Ken Thompson https://en.wikipedia.org/wiki/Grep a command-line utility for searching plain-text data sets for lines that match a regular expression. Its name comes from the ed command g/re/p (globally search for a regular expression and print matching lines), which has the same effect. Command-line Search Utility
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Guymager

CERT-EU https://guymager.sourceforge.io/ Disk acquisition Disk Image Creation Tool
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































HoneyViz Open-source
Honeynet Project https://www.honeynet.org/2011/08/27/honeyviz-demo-is-out-for-your-viewing-pleasure/ An interactive honeynet visualization tool (Slide 23 of https://www.itu.int/en/ITU-D/Cybersecurity/Documents/Services.pdf)
May be discontinued as could not be found on Google
Honeypot
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Hook Analysis Freeware (form filling needed) Own license (see LICENSE.txt in the downloaded software compression package file) Beenu Arora
https://www.beenu.com/
http://www.hookanalyser.com/ https://drive.google.com/file/d/0B4eYJx0xZdQAM3B2aklEa0NTcm8/view [after filling form] "A Freeware Malware Analysis and Cyber Threat Intelligence Software"
Freeware, but does not seem open source. Downloading requires a form filled.
Author identified via screenshots of the software on its website.
Cyber Threat Intelligence
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Icinga2 Open-source GNU GPL v2: https://github.com/Icinga/icinga2/blob/master/COPYING https://github.com/Icinga/icinga2/blob/master/AUTHORS https://icinga.com/ https://github.com/Icinga/icinga2 "computer system and network monitoring application ... originally created as a fork of the Nagios system monitoring application in 2009." Network Monitoring Tool
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































IDA Freeware / IDA Free Freeware NA Hex-Rays SA https://www.hex-rays.com/products/ida/support/download_freeware/ "an interactive, programmable, extensible, multi-processor disassembler hosted on Windows, Linux, or Mac OS X"
Freeware version has limited features and technical support.
Sandboxing/Reversing Tool
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































IFAS (Information Feed Analysis System) Open-source Apache License v2.0: https://www.apache.org/licenses/LICENSE-2.0.txt HKCERT and CSIRT Foundry http://samuelandamanda.life/ifas/ IFAS is designed to gather security event logs from many public sources, normalise them to similarly-structured event data, store them, and allow searching and analysis of events. Artefact Collector
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Immunity Debugger Open-source https://github.com/kbandla/ImmunityDebugger/blob/master/1.85/LICENSE.txt Immunity Inc. https://www.immunityinc.com/products/debugger/ https://github.com/kbandla/ImmunityDebugger "a powerful new way to write exploits, analyze malware, and reverse engineer binary files" Sandboxing/Reversing Tool
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































impfuzzy, pyimpfuzzy, impfuzzy for Neo4j, impfuzzy for Volatility, impfuzzy for Volatility3 Open-source
JPCERT/CC https://github.com/JPCERTCC/impfuzzy/ https://github.com/JPCERTCC/impfuzzy/tree/master/pyimpfuzzy https://github.com/JPCERTCC/impfuzzy/tree/master/impfuzzy_for_Neo4j https://github.com/JPCERTCC/impfuzzy/tree/master/impfuzzy_for_Volatility/ https://github.com/JPCERTCC/impfuzzy/tree/master/impfuzzy_for_Volatility3/ "Fuzzy Hash calculated from import API of PE files"
"Python script for clustering malware based on fuzzy hash and importing/visualizing the result using Neo4j."
Memory Analysis Tool
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































ImpREC Open-source Apache License, Version 2.0 Dr. Markus Borg https://github.com/mrksbrg/ImpRec Advanced artefact analysis tool. Artefact Analysis
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Indicator of Compromise Scanner for CVE-2019-19781 Open-source Apache License v2.0: https://github.com/citrix/ioc-scanner-CVE-2019-19781/blob/master/LICENSE.txt Citrix https://github.com/citrix/ioc-scanner-CVE-2019-19781/ "a utility for detecting compromises of Citrix ADC Appliances related to CVE-2019-19781. The utility, and its resources, encode indicators of compromise collected during FireEye Mandiant investigations." Scanner
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































INetSim Open-source
Thomas Hungenberg & Matthias Eckert https://www.inetsim.org/downloads.html INetSim is a software suite for simulating common internet services in a lab environment, e.g. for analyzing the network behaviour of unknown malware samples. Simulator Software Suite
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Inf-tools Open-source GNU GPL v3.0: https://github.com/CIRCL/lnf-tools/blob/master/LICENSE CIRCL https://github.com/CIRCL/lnf-tools "to analyze and process large set of Netflow records" Network Data Analyser
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































IntelMQ and other related tools Open-source IntelMQ & Contact DB - GNU AGPL v3.0: https://github.com/certtools/intelmq/blob/develop/LICENSE
IntelMQ Manager - Multiple: https://github.com/certtools/intelmq-manager/tree/develop/LICENSES
CERT.pt and CERT.at http://certtools.github.io/ https://github.com/certtools/intelmq/ https://github.com/certtools/intelmq-manager https://github.com/certtools/contactdb IntelMQ is a solution for IT security teams (CERTs & CSIRTs, SOCs, abuse departments, etc.) for collecting and processing security feeds (such as log files) using a message queuing protocol. It's a community driven initiative called IHAP (Incident Handling Automation Project) which was conceptually designed by European CERTs/CSIRTs during several InfoSec events. Its main goal is to give to incident responders an easy way to collect & process threat intelligence thus improving the incident handling processes of CERTs. Incident Management Tool
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































intelmq-docker

CERT.at https://github.com/certat/intelmq-docker This docker image is not docker compliant. THIS is just for beta usage & information gathering. Do not run this software in production, it might break. Incident Management
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































intelmq-fody

CERT.at https://github.com/certat/intelmq-fody Web interface to IntelMQ Incident Management
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































intelmq-fody-backend

CERT.at https://github.com/certat/intelmq-fody-backend A backend to serve intelmq-cb-mailgen data for the webapp fody. Incident Management
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































intelmq-webinput-csv

CERT.at https://github.com/certat/intelmq-webinput-csv This is a Flask-based web interface allowing the user to insert CSV data into intelmq's pipelines interactively with preview from the CSV parser. Incident Management Solution
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































internet-inventory

CERT.at https://github.com/certat/internet-inventory Collection of datasets representing an "Internet Inventory" - metadata on IPs and networks and ASNs on the net WHOIS
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































IOC Editor Freeware
FireEye https://www.fireeye.com/services/freeware/ioc-editor.html provides an interface for managing data and manipulating the logical structures of IOCs. Artefact Collector
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































IOC-DB API Free API
InQuest Labs https://labs.inquest.net/iocdb A free API for accessing IOC-DB programmatically. API
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































iocextract Open-source GNU GPL v2.0: https://github.com/InQuest/python-iocextract/blob/master/LICENSE Inquest, LLC https://github.com/InQuest/python-iocextract "extracts URLs, IP addresses, MD5/SHA hashes, email addresses, and YARA rules from text corpora. It includes some encoded and "defanged" IOCs in the output, and optionally decodes/refangs them." Artefact Collector
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































iodine Open-source ISC License Erik Ekman,Bjorn Andersson https://github.com/yarrick/iodine This is a piece of software that lets you tunnel IPv4 data through a DNS server. This can be usable in different situations where internet access is firewalled, but DNS queries are allowed. Penetration Testing
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































IOT Tracker In-house built
CERT Polska https://www.cert.pl/en/uploads/docs/Report_CP_2019.pdf a simple and effective tool for monitoring infected IoT devices in Polish address space. IoT Tracker collects information about malware infected IoT devices from several different sources of data Evidence Collector
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































IP-ASN-History (IP to ASN Mapping Service with History) Open-source GNU AGPL v3.0: https://github.com/D4-project/IPASN-History/blob/master/LICENSE CIRCL http://www.circl.lu/services/ip-asn-history/ https://github.com/D4-project/IPASN-History To look up IP addresses announcements in the past. Domain Name/IP Address Checker
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































ip2nat Open-source AGPL 3.0 CERT.at https://github.com/certat/ip2nat source code for extracting a mapping of IP address to NAT (yes/no?) property Domain Name/IP Address Checker
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































iPhone Backup Analyser 2 Open-source MIT License Mario Piccinelli https://github.com/PicciMario/iPhone-Backup-Analyzer-2 This software allows the user to browse through the content of an iPhone/iPad backup made by iTunes (or other software able to perform iOS devices' backup). Artefact Analysis
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































JVN (Japan Vulnerability Notes) Free online service
JPCERT/CC, IPA (Information-technology Promotion Age, Japan) http://jvn.jp/en/ "a vulnerability information portal site designed to help ensure Internet security by providing vulnerability information and their solutions for software products used in Japan" Vulnerability Database
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Kaitai Struct Open source GPL 3.0 Kaitai Project https://kaitai.io/ Kaitai Struct is a general-purpose declarative language for describing binary data structures. With it we can parse binary file formats, in-memory data structures, network packets, etc. Parsing Tool
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Kali Linux Open-source NA Kali Linux http://cdimage.kali.org/kali-latest/amd64/ A Linux distribution with many security tools such as for disk acquisition as recommended by CIRCL. Penetration Testing
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Kamerka / ꓘamerka Open-source
Wojciech (www.offensiveosint.io) https://github.com/woj-ciech/Kamerka-GUI https://github.com/woj-ciech/kamerka "an open-source intelligence (OSINT) gathering tool that indexes information about sensitive internet-connected devices and plots their approximate location on a map."
It seems the author recommends the GUI version now and invalidated the old version.
Cyber Threat Intelligence
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Kansa Open-source Apache License 2.0: https://github.com/davehull/Kansa/blob/master/LICENSE Dave Hull https://github.com/davehull/Kansa "A modular incident response framework in Powershell. It's been tested in PSv2 / .NET 2 and later and works mostly without issue." Artefact Collector
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Karton Freeware https://github.com/CERT-Polska/karton/blob/master/LICENSE CERT Polska https://github.com/CERT-Polska/karton Karton is a robust framework for creating flexible and lightweight malware analysis backends. Malware Analysis
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































keyfinder Open-source https://github.com/CERTCC/keyfinder/blob/master/LICENSE.md CMU CERT/CC https://github.com/CERTCC/keyfinder A tool for finding and analyzing private (and public) key files, including support for Android APK files. Scanner Tool
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Kippo Open-source
Upi Tamminen https://github.com/desaster/kippo "a medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker" Honeypot
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Kippo-Graph Open-source https://github.com/ikoniaris/kippo-graph/blob/master/LICENSE.txt Ioannis Koniaris https://github.com/ikoniaris/kippo-graph "a full featured script to visualize statistics for a Kippo based SSH honeypot" Visualisation Tool
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































KVM (Kernel-based Virtual Machine) Open-source
Avi Kivity and other contributors https://www.linux-kvm.org/ "a full virtualization solution for Linux on x86 hardware containing virtualization extensions (Intel VT or AMD-V)", part of Linux kernel
"The kernel component of KVM is included in mainline Linux, as of 2.6.20. The userspace component of KVM is included in mainline QEMU, as of 1.3. "
Visualisation Tool
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































libevt (including tools such as evtexport) Open-source GNU LGPL v3.0: https://github.com/libyal/libevt/blob/main/COPYING Joachim Metz https://github.com/libyal/libevt "a library to access the Windows Event Log (EVT) format" Log Analysis
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































libvshadow/vshadowinfo Open-source
Joachim Metz https://github.com/libyal/libvshadow/ "a library to access the Volume Shadow Snapshot (VSS) format" Volume Shadow Snapshot (VSS) Reader
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































LiME Open-source GPL 2.0 Joe Sylve https://github.com/504ensicsLabs/LiME LiME (formerly DMD) is a Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices, such as those powered by Android. Memory Analysis Tool
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































linux_arp Open-source GPL 2.0 Linus Torvalds https://manpages.ubuntu.com/manpages/xenial/man7/arp.7.html It is used to convert between Layer2 hardware addresses and IPv4 protocol addresses on directly connected networks. The user normally doesn't interact directly with this module except to configure it; instead it provides a service for other protocols in the kernel. Network Utility
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































linux_ifconfig Open-source GPL 2.0 Linus Torvalds https://man7.org/linux/man-pages/man8/ifconfig.8.html ifconfig(interface configuration) command is used to configure the kernel-resident network interfaces. It is used at the boot time to set up the interfaces as necessary. After that, it is usually used when needed during debugging or when you need system tuning. Also, this command is used to assign the IP address and netmask to an interface or to enable or disable a given interface. Network Management
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































linux_mount Open-source GPL 2.0 Linus Torvalds https://man7.org/linux/man-pages/man2/mount.2.html mount() attaches the filesystem specified by sourc (which is
often a pathname referring to a device, but can also be the
pathname of a directory or file, or a dummy string) to the
location (a directory or file) specified by the pathname in
target.
Disk Image Creation Tool
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































linux_proc_maps Open-source GPL 2.0 Linus Torvalds https://man7.org/linux/man-pages/man5/proc.5.html The proc filesystem is a pseudo-filesystem which provides an interface to kernel data structures. It is commonly mounted at /proc. Artefact Collector
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































linux_pslist Open-source GPL 2.0 Linus Torvalds http://manpages.ubuntu.com/manpages/impish/man1/pslist.1.html Pslist is a simple utility to list the process IDs (PIDs) of a process and all its children, and its children's children, and so on. Process Enumerator
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































linux_route_cache

Linus Torvalds http://linux-ip.net/html/routing-cache.html The routing cache stores recently used routing entries in a fast and convenient hash lookup table, and is consulted before the routing tables. If the kernel finds a matching entry during route cache lookup, it will forward the packet immediately and stop traversing the routing tables. Network Utility
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































LogonTracer Open-source https://github.com/JPCERTCC/LogonTracer/blob/master/LICENSE.txt JPCERT/CC https://github.com/JPCERTCC/LogonTracer, https://github.com/likescam/LogonTracer_jpcert "LogonTracer is a tool to investigate malicious logon by visualizing and analyzing Windows Active Directory event logs. This tool associates a host name (or an IP address) and account name found in logon-related events and displays it as a graph. This way, it is possible to see in which account login attempt occurs and which host is used." Artefact Analysis
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































macApfsMounter Open-source GNU GPL v3.0: https://github.com/Recruit-CSIRT/macApfsMounter/blob/master/LICENSE moniik / Takaya Kawasaki (Recruit Technologies) https://github.com/Recruit-CSIRT/macApfsMounter "A small tool to easily mount APFS image on macOS." Disk Image Creation Tool
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































macOS Artifact Collector (macosac) Open-source Apache License 2.0: https://github.com/mnrkbys/macosac/blob/master/LICENSE Minoru Kobayashi (Internet Initiative Japan) https://github.com/mnrkbys/macosac "a DFIR tool for collecting artifact files on macOS." Artefact Collector
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































macOS Triage Tool Open-source GNU GPL v3.0: https://github.com/Recruit-CSIRT/macOSTriageTool/blob/master/LICENSE moniik / Takaya Kawasaki (Recruit Technologies) https://github.com/Recruit-CSIRT/macOSTriageTool "A DFIR tool to collect artifacts on macOS" Artefact Collector
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































MacRipper Open-source GNU GPL v3.0: https://github.com/Recruit-CSIRT/MacRipper/blob/master/LICENSE.txt moniik / Takaya Kawasaki (Recruit Technologies) https://github.com/Recruit-CSIRT/MacRipper "A DFIR tool to analyze artifacts on macOS" Artefact Analysis
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































MalConfScan Open-source https://github.com/JPCERTCC/MalConfScan/blob/master/LICENSE.txt JPCERT/CC https://github.com/JPCERTCC/MalConfScan This tool searches for malware in memory images and dumps configuration data. In addition, this tool has a function to list strings to which malicious code refers Memory Analysis Tool
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































MalConfScan with Cuckoo Open-source https://github.com/JPCERTCC/MalConfScan-with-Cuckoo/blob/master/LICENSE.txt JPCERT/CC https://github.com/JPCERTCC/MalConfScan-with-Cuckoo Cuckoo Sandbox plugin for extracts configuration data of known malware Memory Analysis Tool
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Malware Hunter Free online service
Shodan https://malware-hunter.shodan.io/ "a crawler that scans the Internet regularly to identify botnet command and control (C&C) servers for various malware and botnets." Malware Detection
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Malwr


https://malwr.com/ "Automated Malware Analysis Sandboxes and Services". NOTE: Currently the site is not accessible. Sandboxing/Reversing Tool
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































mass_mail.py In-house built
NCSC-FI https://www.first.org/resources/papers/conference2014/first_2014_-_huopio-_kauto_-_your_assistance_is_required_20140613.pdf Automated script for mass mailing Mass Mailer Tool
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































md5sum Open-source GNU GPL v3 Ulrich Drepper, Scott Miller, and David Madore https://linux.die.net/man/1/md5sum "calculates and verifies 128-bit MD5 hashes, as described in RFC 1321."
Core command-line utility tool in Linux.
MD5 Checker
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































mdd Open-source GPL 2.0
https://sourceforge.net/projects/mdd/ MDD is a physical memory acquisition tool for imaging Windows based computers created by the innovative minds at ManTech International Corporation. MDD is capable of acquiring memory images from Win2000, XP, Vista and Windows Server. Disk Imaging Tool
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Mejiro Free online service
JPCERT/CC https://www.jpcert.or.jp/english/mejiro/index.html "Mejiro is an Internet risk visualization service that collects data on risk factors existing on the Internet and visualizes risks based on indexes calculated by country or region(hereafter "region"). ... Mejiro builds on the basic principles of the Cyber Green Project, which JPCERT/CC has been working on since FY2014, and it visualizes Internet risks based on our unique approach." Visualisation Tool
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































MeliCERTes CSP (Core Service Platform) Open-source EUPL v1.2: https://github.com/melicertes/csp/blob/develop/LICENSE MeliCERTes project team: ENISA, CERT.at, CERT.EE, CERT.pl, CIRCL, SK-CERT https://github.com/melicertes/csp "a modular platform that interlaces various services that not only offers a complete security incident management solution but also allows CSIRTs to share information and collaborate with each other within verified Trust Circles. Each module specialises in a task essential to security incident management." Information Sharing Platform
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Merovingio Open source
INCIBE-CERT https://github.com/INTECOCERT/merovingio Merovingio is an applications analyser that determines whether these are legitimate or malicious. App Verification Tool
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Microsoft PowerShell-based Tool Freeware
Microsoft https://www.kyberturvallisuuskeskus.fi/en/varoitus-exchangen-hyvaksikaytetty-haavoittuvuus, https://docs.microsoft.com/en-us/powershell/scripting/overview?view=powershell-7.1 PowerShell is a cross-platform task automation solution made up of a command-line shell, a scripting language, and a configuration management framework. Artefact Analysis
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































mihari Open-source MIT License: https://github.com/ninoseki/mihari/blob/master/LICENSE Manabu Niseki https://github.com/ninoseki/mihari "a helper to run queries & manage results continuously. Mihari can be used for C2, landing page and phishing hunting"
"makes a query against Shodan, Censys, VirusTotal, SecurityTrails, etc. and extracts artifacts (IP addresses, domains, URLs and hashes) from the results."
Scanner
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Minibis Freeware ISCL: http://en.wikipedia.org/wiki/ISC_license Christian Wojner @ CERT.at http://procdot.com/
https://cert.at/en/downloads/software/software-minibis
"Software and tips to easily build up an automated malware analysis station based on a concept introduced in the paper "Mass Malware Analysis: A Do-It-Yourself Kit"." Malware Analysis
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































MISP (Open Source Threat Intelligence Platform) Open-source GNU AGPL v3.0: https://github.com/MISP/MISP/blob/2.4/LICENSE CIRCL, Belgian Defense and NATO Computer Incident Response Capability http://www.misp-project.org/
https://github.com/MISP/
http://www.circl.lu/services/misp-malware-information-sharing-platform/
A platform for sharing, storing and correlating Indicators of Compromises of targeted attacks but also threat intelligence such as threat actor information, financial fraud information and many more Cyber Threat Intelligence
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Mitmproxy Open-source MIT MITM Core Team https://github.com/mitmproxy mitmproxy is your swiss-army knife for debugging, testing, privacy measurements, and penetration testing. Penetration Testing
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































MITRE ATT&CK Free
MITRE Corporation https://attack.mitre.org The MITRE ATT&CK® framework is a globally accessible knowledge base of adversary tactics and techniques based on real-world observations. Cyber Threat Intelligence
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Mobile Sandbox

MobileSandbox https://mobilesandbox.com/ This isolates apps from each other and protects apps and the system from malicious apps. To do this, Android assigns a unique user ID (UID) to each Android application and runs it in its own process. The sandbox is simple, auditable, and based on decades-old UNIX-style user separation of processes and file permissions Sandboxing/Reversing Tool
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































MONARC Open-source GNU AGPL v3.0 Lëtzebuerg (SMILE) g.i.e. https://www.monarc.lu/ https://github.com/monarc-project "a tool and a method allowing an optimised, precise and repeatable risk assessment" Risk Assessment Tool
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































mtracker In-house built
CERT Polska https://www.cert.pl/en/uploads/docs/Report_CP_2019.pdf to track botnet activity based on reverse engineering of their com-
munication protocols
Sandboxing/Reversing Tool
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































mwdb-core Open-source GNU AGPL v3.0: https://github.com/CERT-Polska/mwdb-core/blob/master/LICENSE CERT Polska https://github.com/CERT-Polska/mwdb-core Aggregating various feeds and malware collection in well-organized model that allows to discover relations between samples, families and campaigns Cyber Threat Intelligence
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































mwdblib Open-source MIT CERT Polska https://github.com/CERT-Polska/mwdblib API bindings for mwdb.cert.pl service or your own instance of MWDB, supporting both Python 2.x/3.x versions. Use it if you want to automate data uploading/fetching from MWDB or have some ipython-based CLI. Security API
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































n6 Open-source GNU AGPL v3.0: https://github.com/CERT-Polska/n6/blob/master/LICENSE.txt CERT Polska https://n6.cert.pl/en/ https://github.com/CERT-Polska/n6 "a system designed to collect, process and share information about network events and possible security incidents" Network Fingerprinting
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Nagios Open-source GNU GPL v2: https://github.com/NagiosEnterprises/nagioscore/blob/master/LICENSE Nagios Enterprises, LLC https://www.nagios.org/ "monitors systems, networks and infrastructure" Network Monitoring Tool
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Ncat Open-source
Avian Research https://nmap.org/ncat/ Ncat is a feature-packed networking utility which reads and writes data across networks from the command line. Network Utility
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Net-SNMP Open-source http://net-snmp.sourceforge.net/about/license.html Net-SNMP community http://net-snmp.sourceforge.net/ "... a widely used protocol for monitoring the health and welfare of network equipment (eg. routers), computer equipment and even devices like UPSs. Net-SNMP is a suite of applications used to implement SNMP v1, SNMP v2c and SNMP v3 using both IPv4 and IPv6." Network Utility
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































NetFlow Tool Free version
Paessler https://www.paessler.com/netflow_monitoring?gclid=CjwKCAjw9uKIBhA8EiwAYPUS3C_C9QY1ZZJ3u64P4dzP-L9wXzCjCEkoCyJD7BpzLXE1AiCyaLQwdRoCPKkQAvD_BwE NetFlow Analyzer PRTG lets you check and monitor your bandwidth and determine, for example, the amount of network traffic caused by IP addresses, protocols, or programs. Network Utility
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































netsh firewall show config Freeware Microsoft Corporation Microsoft Corporation https://docs.microsoft.com/en-us/troubleshoot/windows-server/networking/netsh-advfirewall-firewall-control-firewall-behavior To view state of
the firewall and the list of exceptions
Network Utility
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































netstat open-source GPLv2 Various open source and commercial developers https://en.wikipedia.org/wiki/Netstat To list and view open ports or active connections in systems Network Utility
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































nfdump open-source BSD Peter Haag https://github.com/phaag/nfdump The nfdump tools collect and process netflow data on the command line Netflow Reader
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































nfsen
BSD SWITCH CERT http://nfsen.sourceforge.net/ Provides graphical overview over your netflow data. Network Monitoring Tool
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Nmap Open-source NPSL: https://nmap.org/npsl/ Gordon Lyon https://nmap.org/ "for network discovery and security auditing" Network Mapper
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Norimaci Open-source Apache License 2.0: https://github.com/mnrkbys/norimaci/blob/master/LICENSE Minoru Kobayashi (Internet Initiative Japan) https://github.com/mnrkbys/norimaci "a simple and lightweight malware analysis sandbox for macOS" Sandboxing
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































oledump.py Open-source
Didier Stevens https://blog.didierstevens.com/programs/oledump-py/ "a program to analyze OLE files (Compound File Binary Format)" Artefact Analysis
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































OllyDbg Shareware NA Oleh Yuschuk http://www.ollydbg.de/ "a 32-bit assembler level analysing debugger for Microsoft® Windows®"
"This software is a shareware. To use this program on a permanent basis or for commercial purposes, you should register it by sending filled registration form to Ollydbg@t-online.de. The registration is free of charge and assumes no financial or other obligations from either side ..."
Reversing Tool
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Onion Indexer Open-source MIT Marcrabadan https://github.com/marcrabadan/onion-indexer Onion Indexer is developed in Python, onion indexer involves gathering all info about deep web pages applying Azure Batch (HPC) with the purpose of analysis and processing data gathered. Web Information Gathering Tool
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Open DNS Resolver Check Site + a command-line tool Free online service
JPCERT/CC http://www.openresolver.jp/en/
http://www.openresolver.jp/cli/check.html
http://www.openresolverproject.org
"offers an easy and simple method to check open DNS resolvers just by accessing the site and giving a few clicks" Domain Name/IP Address checker
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Opensource Spam Assasin Open source Apache License Community-Led Development https://spamassassin.apache.org/ Spam filtering tool Spam Filter
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































OSINT OPSEC Tool Open-source GNU GPL v3.0: https://github.com/AxelSeg/osint-opsec-tool/blob/master/LICENCE Brendan Jamieson https://github.com/AxelSeg/osint-opsec-tool "monitors multiple 21st Century OSINT sources real-time for keywords, then analyses the results, generates alerts, and maps trends of the data, finding all sorts of info" OSINT Framework
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































osTicket Community Edition Open-source GNU GPL v2.0: https://github.com/osTicket/osTicket/blob/develop/LICENSE.txt Enhancesoft https://osticket.com/
https://github.com/osTicket
"a widely-used open source support ticket system. It seamlessly integrates inquiries created via email, phone and web-based forms into a simple easy-to-use multi-user web interface" Incident Management Tool
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































OTOOL Open-source Apple Public
Source License Version 1.1
Apple Computer, Inc. https://www.unix.com/man-page/osx/1/otool/ The otool command displays specified parts of object files or libraries. If the, -m option is not used, the file arguments may be of the
form libx.a(foo.o), to request information about only that object file and not the entire library. (Typically thisargument mustbe
quoted, ``libx.a(foo.o)'', to get it past the shell.)
System Fingerprint
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































OTRS (originally Open-Source Ticket Request System) Open-source / Dual-license GNU GPL v3.0: https://github.com/OTRS/otrs/blob/rel-6_0/COPYING OTRS AG https://otrs.com/
https://github.com/OTRS/otrs
https://en.wikipedia.org/wiki/OTRS
"one of the most flexible web-based ticketing systems used for Customer Service, Help Desk, IT Service Management. Please note that ((OTRS)) Community Edition offers limited OTRS functionality"
Mentioned in Trusted Introducer's SIM3 model
Incident Management Tool
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Pastelyzer Open-source zlib license: https://github.com/cert-lv/pastelyzer/blob/master/LICENSE CERT.LV https://github.com/cert-lv/pastelyzer/ To swiftly identify any data leaks containing Latvian IP addresses, bank card numbers, e-mail and social networking service information to inform the organizations and internet users Web Data Mining Tool
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































pcapdj Open-source GNU AGPL v3.0: https://github.com/CIRCL/pcapdj/blob/master/LICENSE CIRCL https://github.com/CIRCL/pcapdj A pcap file dispatcher for processing very large set of pcap files. Network Utility
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































pdfid.py and pdf-parser.py Open-source
Didier Stevens https://blog.didierstevens.com/programs/pdf-tools/ pdf-parser.py: "parse a PDF document to identify the fundamental elements used in the analyzed file."
pdfid.py: "scan a file to look for certain PDF keywords, allowing you to identify PDF documents that contain (for example) JavaScript or execute an action when opened."
Parsing Tool
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































PDFrankenstein Open-source GNU General Public License CERT/CC-CMU https://github.com/cmu-sei/pdfrankenstein PDFrankenstein is a Python tool for bulk malicious PDF feature extraction. Malware Detection
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































PEF Open-source Apache 2.0 License NCSC-NL https://github.com/NCSC-NL/PEF A research prototype application demonstrating network traffic pseudonymization using a model-driven engineering approach. Network Utility
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































PEiD Freeware
Snaker http://www.softpedia.com/get/Programming/Packers-Crypters-Protectors/PEiD-updated.shtml PEiD detects most common packers, cryptors and compilers for PE files.
It can currently detect more than 470 different signatures in PE files.
It seems that the official website (www.peid.info) has been discontinued. Hence, the tool is no longer available from the official website but it still hosted on other sites.
Artefact Collector
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































PEview Freeware

http://wjradburn.com/software/PEview.zip, https://github.com/dwfault/PEView PEView is a tool that helps identify the structure of PE files. Artefact Collector
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































pfsense Freeware ( pfSense Community Edition) Apache 2.0 licens Rubicon Communications, LLC. https://www.pfsense.org/ pfSense® software is a free, open source customized distribution of FreeBSD specifically tailored for use as a firewall and router that is entirely managed via web interface. Firewall
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































pharos Open-source https://github.com/cmu-sei/pharos/blob/master/LICENSE.md enhancesoft https://github.com/cmu-sei/pharos Automated static analysis tools for binary programs Reversing Tool
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Phishing Catcher Open-source GNU GPL v3.0: https://github.com/x0rz/phishing_catcher/blob/master/LICENSE x0rz https://github.com/x0rz/phishing_catcher Catch possible phishing domains in near real time by looking for suspicious TLS certificate issuances reported to the Certificate Transparency Log (CTL) via the CertStream API. Security API
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































PhotoRec Open-source GNU GPL v2.0: https://www.gnu.org/licenses/old-licenses/gpl-2.0.html Christophe GRENIER https://www.cgsecurity.org/wiki/PhotoRec "file data recovery software designed to recover lost files including video, documents and archives from hard disks, CD-ROMs, and lost pictures (thus the Photo Recovery name) from digital camera memory" File Recovery Tools
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































PhpMyAdmin Freeware GPL 2.0 PhpMyAdmin Project https://www.phpmyadmin.net/ phpMyAdmin is a free software tool written in PHP, intended to handle the administration of MySQL over the Web. phpMyAdmin supports a wide range of operations on MySQL and MariaDB. Web Administration Tool
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































PIL Open-source MIT License Steven Shrewsbury https://github.com/stshrewsburyDev/PIL-Tools/ An extension module for Pillow to add functions that help simplify some processes. Disk Imaging Tool










Di












































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































PlainSight Freeware + Open-source?
PlainSight http://www.plainsight.info/ “a versatile computer forensics environment that allows inexperienced forensic practitioners perform common tasks using powerful open source tools” Artefact Analysis
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































potiron Open-source
CIRCL https://github.com/CIRCL/potiron Normalise, index and Visualise Network Capture Network Data Analyser
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































ProcDOT Freeware https://cert.at/media/files/downloads/software/procdot/files/license.txt Christian Wojner @ CERT.at https://cert.at/en/downloads/software/software-procdot "This tool processes Sysinternals Process Monitor (Procmon) logfiles and PCAP-logs (Windump, Tcpdump) to generate a graph via the GraphViz suite. This graph visualizes any relevant activities (customizable) and can be interactively analyzed." Malware Detection
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Process Explorer Freeware
Microsoft https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer Process Explorer is a freeware task manager and system monitor for Microsoft Windows created by SysInternals Artefact Collector
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Process Hacker Freeware GPL 3.0
https://processhacker.sourceforge.io/ A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware. Artefact Collector
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Process Monitor Open source (The Linux version) MIT Microsoft https://github.com/Sysinternals/ProcMon-for-Linux The tool monitors and displays in real-time all file system activity on a Microsoft Windows or Unix-like operating system Artefact Collector
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































PyCIRCLean Open-source BSD 3 Clause License
https://github.com/CIRCL/PyCIRCLean An open-source USB key and document sanitizer File Checker
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































PyCrypto Open-source Public domain Dwayne Litzenberger https://pypi.org/project/pycrypto/ Python cryptography toolkit. Cryptography Toolkit
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Python for Volatility Freeware GPL 2.0 Volatility Foundation https://github.com/volatilityfoundation/volatility An advanced memory forensics framework Memory Analysis Tool
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































QuasarRAT-Analysis Open-source
JPCERT/CC https://github.com/JPCERTCC/QuasarRAT-Analysis "analysis tools for Quasar and the Quasar family" Malware Detection
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Redmine Open-source GNU GPL v2: http://www.gnu.org/licenses/old-licenses/gpl-2.0.html Jean-Philippe Lang https://www.redmine.org/ "a flexible project management web application" Incident Management
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Referral Whois (RWhois) Open-source GNU GPL v2.0: https://github.com/arineng/rwhoisd/blob/master/rwhoisd/LICENSE Network Solutions, Incorporated, Directory Services group http://projects.arin.net/rwhois/
https://github.com/arineng/rwhoisd
"a reference implementation of the server side of the RWhois protocol, first described in RFC 1714" Domain Name/IP Address checker
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































RegEx Open-source MIT License
https://github.com/ziishaned/learn-regex To find common incident data types in the free text of incident reports, including IP addresses (v4 and v6), domain names ("original" top-level domains (TLDs)), email addresses, file names, file paths, and file hash values. Regular Expression Engine
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































RegRipper Open-source MIT License: https://github.com/keydet89/RegRipper3.0/blob/master/license.txt H. Carvey https://github.com/keydet89/RegRipper3.0 Windows Registry reader and more. Artefact Collector
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Regshot Open-source LGPL 2.0
https://sourceforge.net/projects/regshot/ Regshot is an open-source (LGPL) registry compare utility that allows you to quickly take a snapshot of your registry and then compare it with a second one - done after doing system changes or installing a new software product. Registry Comparison Utility
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































REMnux Free distro
Zeltser Security Corp https://remnux.org/
https://github.com/REMnux
"a Linux toolkit for reverse-engineering and analyzing malicious software. REMnux provides a curated collection of free tools created by the community. Analysts can use it to investigate malware without having to find, install, and configure the tools. " Sandboxing/Reversing Tool
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Resource Hacker Freeware
Angus Johnson http://www.angusj.com/resourcehacker/ Resource Hacker is a free resource extraction utility and resource compiler for Windows. It can be used to add, modify or replace most resources within Windows binaries including strings, images, dialogs, menus, VersionInfo and Manifest resources. Artefact Collector
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































RIPS Open-source GNU GPL v3.0 Johannes Dahse http://rips-scanner.sourceforge.net/
https://sourceforge.net/projects/rips-scanner/
"A static source code analyser for vulnerabilities in PHP scripts"
"A complete rebuilt solution is available from RIPS Technologies that overcomes these limitations and performs state-of-the-art security analysis." [https://www.ripstech.com/]
Code Analysis Tool
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































ROSE Compiler
(called Compass/ROSE in a CMU CERT/CC report)
Open-source Revised BSD License: https://github.com/rose-compiler/rose/blob/release/COPYRIGHT Lawrence Livermore National Laboratory http://rosecompiler.org/
https://github.com/rose-compiler/
"a robust, open source, compiler-based infrastructure for building source to source program transformation and analysis tools" Reverse Engineering
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































rr_decoder Open-source MIT License: https://github.com/nao-sec/rr_decoder/blob/master/LICENSE nao_sec https://github.com/nao-sec/rr_decoder "to decode Royal Road RTF Weaponizer 8.t object" Reverse Engineering
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































rtfdump Open-source Public domain Didier Stevens https://blog.didierstevens.com/2016/07/29/releasing-rtfdump-py/ Analysis tool for malicious RTF documents. Artefact Analysis
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































rtir -scripts

CERT.at https://github.com/certat/rtir-scripts Various small scripts that make life easier with RT(IR) Incident Management
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































RTIR (Request Tracker for Incident Response) Open-source GNU GPL v2 Best Practical Solutions, LLC https://bestpractical.com/rtir
https://github.com/bestpractical/rtir
"industrial-grade incident-handling tool designed to provide a simple, effective workflow for members of CERT and CSIRT teams."
Related to another freeware RI (http://www.bestpractical.com/rt/), produced by the same vendor.
Mentioned in Trusted Introducer's SIM3 model
Incident Management
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































SANS SIFT Freeware + Open-source
SANS https://digital-forensics.sans.org/community/downloads "a group of free open-source incident response and forensic tools designed to perform detailed digital forensic examinations in a variety of settings" Linux Distribution Tool
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































sawp open-source MIT License Canada Cyber Security Centre https://github.com/CybercentreCanada/sawp This library contains parsers for various wire protocols, and is intended to be used in network security sensors. Network Utility
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Security Onion3 Linux distribution Open-source GPL 2.0 Security Onion Solutions, LLC https://securityonionsolutions.com/ free and open platform for threat hunting, network security monitoring, and log management. Linux Distribution Tool
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































sed Freeware GNU GPL 3.0 Free Software Foundation, Inc. https://www.gnu.org/software/sed/ sed (stream editor) is a non-interactive command-line text editor. Text Editor
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































sfsimage Open-source MIT License Bruce Nikkel http://digitalforensics.ch/sfsimage/ "uses the squashfs read-only compressed filesystem as a digital forensic evidence container" Evidence Collector
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































sha1sum Open-source GNU GPL v3 Ulrich Drepper, Scott Miller, and David Madore https://linux.die.net/man/1/sha1sum "compute and check SHA1 message digest"
Core command-line utility tool in Linux.
File Integrity Checker
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































sha256sum Open-source https://help.ubuntu.com/community/License Ulrich Drepper, Scott Miller, and David Madore https://linux.die.net/man/1/sha256sum The program sha256sum is designed to verify data integrity using the SHA-256 (SHA-2 family with a digest length of 256 bits). SHA-256 hashes used properly can confirm both file integrity and authenticity. File Integrity Checker
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Shiva Open-source GPL 3.0 Sumit Sharma, Rahul Binjve https://github.com/shiva-spampot/shiva a high interaction SMTP
honeypot specifically designed for spam collection and analysis
Honeypot
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Shockpot-Frontend Freeware GPLv3+ GovCERT.CZ https://github.com/GovCERT-CZ/Shockpot-Frontend Shockpot-Frontend is a full featured script to visualize statistics from a Shockpot honeypot. Visualisation Tool




































Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend Shockpot-Frontend
Shockpot Freeware GPLv3+ GovCERT.CZ https://github.com/GovCERT-CZ/shockpot WebApp Honeypot for detecting Shell Shock exploit attempts Visualisation Tool
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Shodan API and Shodan Command-Line Interface Paid service with a free option Terms of Service: https://account.shodan.io/terms Shodan https://www.shodan.io/
https://developer.shodan.io/
https://cli.shodan.io/
https://developer.shodan.io/api/clients (with GitHub links)
"the world's first search engine for Internet-connected devices"
"All Shodan accounts come with a free API plan. Simply sign-up for a free Shodan account and you will be able to start using the API."
Search Engine
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































SiLK 3.19.1 Freeware GPL SEI, CMU https://tools.netsa.cert.org network flow collection and storage infrastructure that will accept flow data from a variety of sensors. Network Utility
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































SNARE Open-source GPL 3.0
https://github.com/mushorg/snare SNARE is a web honeypot for monitoring of incoming attacks. Honeypot
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Snorby Open-source https://github.com/Snorby/snorby/blob/master/LICENSE Threat Stack, Inc https://github.com/Snorby/ "a ruby on rails web application for network security monitoring that interfaces with current popular intrusion detection systems (Snort, Suricata and Sagan)" Network Monitoring Tool
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Snort Open-source GNU General Public License Version 2 Snort Community https://www.snort.org/ Snort is an open-source, free and lightweight network intrusion detection system (NIDS) software for Linux and Windows to detect emerging threats. IDS
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Sparrow Freeware https://github.com/cisagov/Sparrow/blob/develop/LICENSE CISA https://github.com/cisagov/Sparrow helps network defenders detect possible compromised accounts and applications in the Azure/M365 environment. Evidence Collector
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Squid Analysis Report Generator (SARG) Open-source GPL 2.0 Frédéric Marchal https://sourceforge.net/projects/sarg/ SARG is an open source tool that allows you to analyse the squid log files and generates beautiful reports in HTML format with informations about users, IP addresses, top accessed sites, total bandwidth usage, elapsed time, downloads, access denied websites, daily reports, weekly reports and monthly reports. Artefact Analysis
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Squid Client Open-source GNU GPL 2.0 Duane Wessels http://www.squid-cache.org/ Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages. Squid has extensive access controls and makes a great server accelerator. Artefact Analysis
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Squid Server Open-source GNU GPL 2.1 Duane Wessels http://www.squid-cache.org/ Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages. Squid has extensive access controls and makes a great server accelerator. Artefact Analysis
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































ssdeep / libfuzzy Open-source GNU GPL v2.0: https://github.com/ssdeep-project/ssdeep/blob/master/COPYING ssdeep Project http://ssdeep.sourceforge.net/
https://github.com/ssdeep-project/ssdeep
"computing context triggered piecewise hashes (CTPH)"
Used by JPCERT/CC in its impfuzzy tool.
Hashing Programs
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































stats-portal Open-source AGPL 3.0 CERT.at https://github.com/certat/stats-portal The stats portal is a component in the certtools series. It connectes to the eventDB (the database of all incident events which got processed by IntelMQ). Incident Management
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Strings Freeware Microsoft Corporation Microsoft Corporation https://docs.microsoft.com/en-us/sysinternals/downloads/strings Strings just scans the file you pass it for UNICODE (or ASCII) strings of a default length of 3 or more UNICODE (or ASCII) characters. Artefact Collector
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































super_mediator 1.8.0 Freeware
SEI, CMU https://tools.netsa.cert.org/super_mediator/download.html It collects and filters YAF output data to various IPFIX collecting processes and/or csv files Network Data Analyser
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Sysinternal TCPView Freeware Microsoft Microsoft https://docs.microsoft.com/en-us/sysinternals/downloads/tcpview The Sysinternals TCPView tool is a graphical interface that displays all of the active connections on a host. Artefact Collector
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Sysinternals Suite Freeware
Microsoft https://docs.microsoft.com/en-us/sysinternals/downloads/sysinternals-suite "a collection of native Microsoft tool which are very useful when performing ‘Live Analysis’. The entire set of Sysinternals tools are collected in a single archive." Artefact Analysis
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Sysmon Freeware Microsoft Microsoft https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon Tool to record various Windows OS operations application such as applications, registry entries, communication. System Fingerprint
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































SysmonSearch Open-source https://github.com/JPCERTCC/SysmonSearch/blob/master/LICENSE.txt JPCERT/CC https://github.com/JPCERTCC/SysmonSearch "make event log analysis more effective and less time consuming, by aggregating event logs generated by Microsoft's Sysmon" System Fingerprint
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































T-Pot Open-source GNU GPL v3.0: https://github.com/telekom-security/tpotce/blob/master/LICENSE Deutsche Telekom Security GmbH http://github.security.telekom.com/honeypot.html
https://github.com/telekom-security/tpotce
A honeypot platform Honeypot
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































tag2domain Open-source AGPL 3.0 CERT.at https://github.com/certat/tag2domain A mapping project between tags (annotations, labels) and domain names Domain Name/IP Address Checker
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































TANNER Open-source GPL 3.0
https://github.com/mushorg/tanner TANNER is used to control the behaviour of multiple SNARE instances and aggregate the information that is collected. SNARE is a web honeypot for monitoring of incoming attacks. Honeypot
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Taranis Open-source EUPL v1.2: https://github.com/NCSC-NL/taranis3/blob/release-3.6/LICENCE NCSC-NL https://github.com/NCSC-NL/taranis3 "an information processing tool … to manage the process of creating useful alerts based on a multitude of information sources." News Feeds Analysis
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































tcpdump Open-source BSD: https://github.com/the-tcpdump-group/tcpdump/blob/master/LICENSE Tcpdump Group http://www.tcpdump.org/
https://github.com/the-tcpdump-group/tcpdump
Network acquisition Network Utility
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































The Sleuth Kit Open-source Multiple licenses: http://sleuthkit.org/sleuthkit/licenses.php sleuthkit.org http://sleuthkit.org/sleuthkit/
https://github.com/sleuthkit/sleuthkit/
Open source digital forensics Artefact Analysis
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































TheHive Open-source GNU AGPL v3.0: https://github.com/TheHive-Project/TheHive/blob/master/LICENSE Nabil Adouani, Thomas Franco, Saâd Kadhi, Jérôme Leonard @ CERT-BDF https://github.com/TheHive-Project/TheHive A Scalable, Open Source and Free Security Incident Response Platform Incident Management Tool
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































ThreatIngestor Open-source GNU GPL v2.0: https://github.com/InQuest/ThreatIngestor/blob/master/LICENSE Inquest, LLC https://github.com/InQuest/ThreatIngestor "An extendable tool to extract and aggregate IOCs from threat feeds"
"Integrates out-of-the-box with ThreatKB and MISP, and can fit seamlessly into any existing worflow with SQS, Beanstalk, and custom plugins."
"can be configured to watch Twitter, RSS feeds, or other sources, extract meaningful information such as malicious IPs/domains and YARA signatures, and send that information to another system for analysis."
Artefact Analysis
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Thug Open-source GPL 2.0 Angelo Dell'Aera https://github.com/buffer/thug Thug is a Python low-interaction honeyclient aimed at mimicking the behavior of a web browser in order to detect and emulate malicious contents. Honeypot
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Tiuku Open-source MIT NCSC-FI https://github.com/ncsc-fi/tiuku Tiuku is a tool for scanning various kinds of systems and environments for security related information and displaying the results in a browser-based user interface Scanner
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































ToolAnalysisResultSheet Open-source
JpCERT/CC https://github.com/JPCERTCC/ToolAnalysisResultSheet This repository summarizes the results of examining logs recorded in Windows upon execution of the 49 tools which are likely to be used by the attacker that has infiltrated a network. Log Analysis
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































torexitnodes_simple Open-source AGPL 3.0 CERT.at https://github.com/certat/torexitnodes_simple Simple version of the tor exit node list DB. Part of the Internet Inventory project. Network Utility
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































traceroute-circl Open-source GNU GPL v3.0: https://github.com/CIRCL/traceroute-circl/blob/master/LICENSE CIRCL https://github.com/CIRCL/traceroute-circl Traceroute improved wrapper for CSIRT and CERT operators Domain Name/IP Address Checker
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































tshark Freeware GNU GPLv2 The Wireshark Team https://www.wireshark.org/docs/wsug_html_chunked/AppToolstshark.html TShark is a network protocol analyzer. It lets you capture packet data from a live network, or read packets from a previously saved capture file, either printing a decoded form of those packets to the standard output or writing the packets to a file. Network Data Analyser
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































tuency
Constituency Portal [predcessor]
Open-source GNU AGPL v3.0: https://github.com/certtools/intelmq/blob/develop/LICENSE
https://gitlab.com/intevation/tuency/tuency/-/tree/master/LICENSES
Intevation GmbH (partner of CERT.at) https://gitlab.com/intevation/tuency/tuency
https://github.com/certat/do-portal [predcessor]
The “Constituency-Portal” (tuency) is a contact data management tool featuring self-service functionality and is directly integrated with the authentication solution Keycloak. This allows us to use the contact data for authentication in other linked applications. The software further enhances and extends our possibilities to better address and configure our daily e-mail notifications for network owners regarding issues in their networks. Domain Name/IP Address Checker
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Unix commands Open-source GNU GPL FreeBSD, Ken Thompson, Nokia Bell Labs, https://en.wikipedia.org/wiki/List_of_Unix_commands Unix commands are inbuilt programs that can be invoked in multiple ways. Unix Tool
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Upx Open-source https://github.com/upx/upx/blob/devel/LICENSE Markus Franz Xaver, Johannes Oberhumer https://github.com/upx/upx the Ultimate Packer for eXecutables Executable Packer
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































URL Abuse Open-source GNU AGPL v3.0: https://github.com/CIRCL/url-abuse/blob/master/LICENSE CIRCL https://circl.lu/services/urlabuse/
https://github.com/CIRCL/url-abuse
This is a public-facing free service CIRCL runs. It is made open-source so other CSIRTs can use it, too. Malware Detection
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































URLhaus API Free API Terms of Services: https://urlhaus.abuse.ch/api/#tos abuse.ch https://urlhaus.abuse.ch/api/ "sharing malicious URLs that are being used for malware distribution" Malware Detection API
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































urlquery Python API Open-source https://github.com/CIRCL/urlquery_python_api/blob/master/LICENSE CIRCL https://github.com/CIRCL/urlquery_python_api "API to access urlquery"
urlquery seems to have been discontinued.
Security API
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































urlscan.io Free online service
urlscan GmbH https://urlscan.io/ "A free service to scan and analyse websites"
"urlscan.io itself is a free service, but we also offer commercial products for heavy users and organisations that need additional insight."
Malware Detection
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































VB Decompiler Free Lite Freeware NA DotFix Software https://www.vb-decompiler.org/download.htm Decompiler for VB applications
This is just one of many free VB decompilers.
Reverse Engineering
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Vega Open-source Multiple: https://github.com/subgraph/Vega/tree/develop/licenses Subgraph https://subgraph.com/vega/
https://github.com/subgraph/Vega
"a free and open source web security scanner and web security testing platform to test the security of web applications" Penetration Testing
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































vFeed: The Correlated Vulnerability and Threat Intelligence Database Wrapper Open-source https://github.com/toolswatch/vFeed/blob/master/LICENSE.md ToolsWatch Org https://github.com/toolswatch/vFeed/ "a CVE, CWE, and OVAL Compatible naming scheme concept that provides extra structured detailed third-party references and technical characteristics for a CVE entry through an extensible XML/JSON schema"
"Any organization based in Luxembourg that could use the data feeds in order to improve security (for their own benefit or their customers’) can request an access."
Vulnerability and Threat Intelligence Feed
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Viper Open-source BSD 3-clause license: https://github.com/viper-framework/viper/blob/master/LICENSE Claudio Guarnieri https://github.com/viper-framework/viper "a binary analysis and management framework. Its fundamental objective is to provide a solution to easily organize your collection of malware and exploit samples as well as your collection of scripts you created or found over the time to facilitate your daily research." Sandboxing/Reversing Tool
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Virtualbox Open-source GNU GPL v2 Oracle https://www.virtualbox.org/ "a general-purpose full virtualizer for x86 hardware, targeted at server, desktop and embedded use" Virtualisation Tool
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































VirusTotal tools Open-source GNU GPL v3.0: https://github.com/CIRCL/vt-tools/blob/master/LICENSE CIRCL https://github.com/CIRCL/vt-tools "A set of tools to interact with the services from VirusTotal" Malware Detection
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































VirusTotal.com Free online service Chronicle LLC Chronicle LLC https://www.virustotal.com/ Analyze suspicious files and URLs to detect types of malware Malware Detection
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































VMMap Tool Freeware Microsoft Corporation Microsoft Corporation https://docs.microsoft.com/en-us/sysinternals/downloads/vmmap VMMap is a process virtual and physical memory analysis utility. It shows a breakdown of a process's committed virtual memory types as well as the amount of physical memory (working set) assigned by the operating system to those types. Memory Analysis Tool
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Volatility Open-source GNU GPL v2.0: https://github.com/volatilityfoundation/volatility/blob/master/LICENSE.txt Volatility Foundation https://www.volatilityfoundation.org/
https://github.com/volatilityfoundation/volatility
https://en.wikipedia.org/wiki/Volatility_(memory_forensics)
Memory forensics Memory Analysis Tool
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































VolatilityBot Open-source MIT License Martin Gustavo Korman https://github.com/mkorman90/VolatilityBot "an automation tool for researchers cuts all the guesswork and manual tasks out of the binary extraction phase, or to help the investigator in the first steps of performing a memory analysis investigation. Not only does it automatically extract the executable (exe), but it also fetches all new processes created in memory, code injections, strings, IP addresses, etc." Memory Analysis Tool
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































wc Open-source
Joe Ossanna https://www.geeksforgeeks.org/wc-command-linux-examples/ The program reads either standard input or a list of computer files and generates one or more of the following statistics: newline count, word count, and byte count. If a list of files is provided, both individual file and total statistics follow. Word Count Statistsic
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































wget Open source GPLv3+ Giuseppe Scrivano, Tim Rühsen, Darshit Shah http://www.gnu.org/software/wget/ A command line tool to check if a computer is running open DNS resolver File Retrieval
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Whois services Free online services NA domaintools.com
whois.com
whois
https://whois.domaintools.com/
https://www.whois.com/whois
https://who.is/
To find ownership of IPs and domains Domain Name/IP address Checker
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































winpmem (part of Pmem Memory acquisition Suite) Open-source Apache License 2.0: https://github.com/Velocidex/c-aff4/blob/master/LICENSE Michael Cohen / Google Inc. https://github.com/Velocidex/c-aff4/tree/master/tools/pmem
[https://github.com/Velocidex/c-aff4/releases/download/3.1.rc1/winpmem_3.1.rc3.exe]
https://github.com/google/rekall/tree/master/tools/pmem
[https://github.com/google/rekall/releases/download/v1.3.1/winpmem_1.6.2.exe]
Memory acquisition Memory Analysis Tool
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































WireShark Open-source GNU GPL v2: https://www.wireshark.org/docs/wsug_html/#AppGPL Gerald Combs https://www.wireshark.org/ "the world’s foremost and widely-used network protocol analyzer" Network Data Analyser
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Wordpot-Frontend Freeware GPLv3+ GovCERT.CZ https://github.com/GovCERT-CZ/Wordpot-Frontend Wordpot-Frontend is a full featured script to visualize statistics from a Wordpot honeypot Visualisation Tool
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Wordpot Freeware GPLv3+ GovCERT.CZ https://github.com/GovCERT-CZ/wordpot A wordpress honeypot Honeypot
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































wrestool (part of icoutils) Open-source GNU GPL: https://github.com/rwmjones/icoutils Colin Watson, Oskar Liljeblad https://github.com/rwmjones/icoutils/tree/master/wrestool "extract resources from Microsoft Windows(R) binaries" Artefact Analysis
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































wxHexEditor Open-source GPL 2.0
https://github.com/EUA/wxHexEditor wxHexEditor is another Hex Editor, build because of there is no good hex editor for Linux system, specially for big files. Hex Editor
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































X-ISAC Free online service
CIRCL https://www.x-isac.org/ "the supporting Information Sharing and Analysis Center for other ISACs, information sharing communities or CSIRT networks which provides core software, cross-sector threat intelligence, taxonomies and open standards."
MISP is a founding member of this platform.
Information Sharing
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































xxd Open-source "Distribute freely and credit me,
make money and share with me,
lose money and don't ask me."
Juergen Weigert https://linux.die.net/man/1/xxd "make a hexdump or do the reverse"
Part of many Linux/UNIX distributions
Hexdump Creator
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































YAF 2.12.1 Freeware
SEI, CMU https://tools.netsa.cert.org/yaf/index.html Yet Another Flow Sensor (YAF) processes packet data into bidirectional flow records that can be used as input to an IPFIX Collecting Process. Network Data Analyser
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































YARA Open-source BSD 3-Clause "New" or "Revised" License: https://github.com/VirusTotal/yara/blob/master/COPYING Google Inc. etc.
https://github.com/VirusTotal/yara/blob/master/AUTHORS
http://virustotal.github.io/yara/
https://github.com/virustotal/yara
Helping malware researchers to identify and classify malware samples. Malware Detection
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































Yara Rules Open-source MIT License: https://github.com/nao-sec/yara_rules/blob/master/LICENSE nao_sec https://github.com/nao-sec/yara_rules "For malware research" Malware Detection
























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































ZMap Open-source Apache License v2.0: https://github.com/zmap/zmap/blob/master/LICENSE ZMap Project https://zmap.io/
https://github.com/zmap/zmap
"a fast single-packet network scanner optimized for Internet-wide network surveys … can scan the entire public IPv4 address space in under 45 minutes" Network Scanner