cyberstars
cyberstars / purpose / forensics

Tools for forensics

Incident response and evidence collection.

88 tools indexed

PCILeech

Direct Memory Access attack toolkit.

ExploitInterceptEndpointsBinaries
CGPL-3.0

PhoneInfoga

OSINT framework for phone numbers.

ReconWeb apps
GoGPL-3.0

Plaso

Super-timelining for forensics.

AnalyzeEndpointsBinaries
PythonApache-2.0

PowerForensics

Live PowerShell disk forensics.

AnalyzeEndpoints
C#MIT

REstringer

JavaScript deobfuscator.

AnalyzeSource codeWeb apps
JavaScriptApache-2.0

Security Onion

Open SOC distribution.

MonitorAnalyzeNetworksEndpoints
ShellCustom

Sherlock

Hunt usernames across social networks.

ReconWeb apps
PythonMIT

Sigma Rules

Vendor-agnostic detection rules.

MonitorAnalyzeEndpointsNetworks
PythonDRL-1.1

Snort 3

Open-source IPS, next generation.

MonitorInterceptNetworks
C++GPL-2.0

Social Analyzer

Find a profile across 1000+ networks.

ReconWeb apps
PythonAGPL-3.0

Speakeasy

Windows kernel + user-mode emulator.

AnalyzeBinaries
PythonMIT

Suricata

High-performance IDS / IPS.

MonitorInterceptNetworks
CGPL-2.0

T-Pot

All-in-one honeypot platform.

MonitorAnalyzeNetworksEndpoints
PythonGPL-3.0

TShark

Wireshark on the command line.

InterceptAnalyzeNetworks
CGPL-2.0

The Sleuth Kit

Filesystem forensics library.

AnalyzeEndpointsBinaries
CCustom

TheHive

Open-source SIRP for incident response.

AutomateMonitorEndpointsNetworks
ScalaAGPL-3.0

UAC

Unix-like artifact collector.

AnalyzeMonitorEndpoints
ShellApache-2.0

UPX

Ultimate Packer for eXecutables.

AnalyzeBinaries
C++GPL-2.0

Velociraptor

Endpoint visibility and DFIR.

MonitorAnalyzeEndpoints
GoAGPL-3.0

Volatility 3

Memory forensics framework.

AnalyzeEndpointsBinaries
PythonVSL

WHIDS

Open-source EDR for Windows.

MonitorAnalyzeEndpoints
GoGPL-3.0

Wazuh

Open-source XDR and SIEM.

MonitorScanEndpointsCloud
CAGPL-3.0