cyberstars
cyberstars / purpose / blue-team

Tools for blue team

Defensive monitoring, detection and response.

95 tools indexed

PMapper

Evaluate IAM permissions in AWS.

AnalyzeReconCloud
PythonAGPL-3.0

PcapPlusPlus

C++ library for packet capture and crafting.

InterceptAnalyzeNetworks
C++Unlicense

PingCastle

Active Directory health audit.

ScanHardenActive Directory
C#Proprietary

PlumHound

BloodHound reporting for defenders.

AnalyzeAutomateActive Directory
PythonGPL-3.0

PowerForensics

Live PowerShell disk forensics.

AnalyzeEndpoints
C#MIT

Prowler

Multi-cloud security posture.

ScanHardenCloud
PythonApache-2.0

Red Team Automation

Endgame's ATT&CK simulation framework.

AutomateExploitEndpoints
PythonCustom

SafeLine

Self-hosted open-source WAF.

MonitorHardenWeb apps
GoApache-2.0

Scapy

Python packet manipulation library.

InterceptAnalyzeNetworksWireless
PythonGPL-2.0

ScoutSuite

Multi-cloud security auditing.

ScanHardenCloud
PythonGPL-2.0

Security Onion

Open SOC distribution.

MonitorAnalyzeNetworksEndpoints
ShellCustom

ShellHub

Remote SSH for the edge.

HardenMonitorNetworksEndpoints
TypeScriptApache-2.0

Shuffle

Open-source SOAR.

AutomateMonitorNetworksEndpoints
JavaScriptAGPL-3.0

Sigma Rules

Vendor-agnostic detection rules.

MonitorAnalyzeEndpointsNetworks
PythonDRL-1.1

Snort 3

Open-source IPS, next generation.

MonitorInterceptNetworks
C++GPL-2.0

SploitScan

CVE intelligence and exploit lookup CLI.

ReconAnalyzeNetworksEndpoints
PythonMIT

Splunk Attack Range

Build vulnerable instrumented labs.

AutomateExploitEndpointsNetworks
PythonApache-2.0

Suricata

High-performance IDS / IPS.

MonitorInterceptNetworks
CGPL-2.0

T-Pot

All-in-one honeypot platform.

MonitorAnalyzeNetworksEndpoints
PythonGPL-3.0

TShark

Wireshark on the command line.

InterceptAnalyzeNetworks
CGPL-2.0

Teleport

Zero-trust access for SSH, K8s and more.

HardenMonitorNetworksCloud
GoAGPL-3.0