FAT filesystems explore, extract, repair, and forensic tool
Support
Quality
Security
License
Reuse
Cobalt Strike BOF that spawns a sacrificial process, injects it with shellcode, and executes payload. Built to evade EDR/UserLand hooks by spawning sacrificial process with Arbitrary Code Guard (ACG), BlockDll, and PPID spoofing.
Support
Quality
Security
License
Reuse
Exploiting DLL Hijacking by DLL Proxying Super Easily
Support
Quality
Security
License
Reuse
Extract WhatsApp private key from any non-rooted Android device (Android 7+ supported)
Support
Quality
Security
License
Reuse
TRAM is an open-source platform designed to advance research into automating the mapping of cyber threat intelligence reports to MITRE ATT&CK®.
Support
Quality
Security
License
Reuse
The Simplistic Information Gathering Engine | Find Advanced Information on a Username, Website, Phone Number, etc.
Support
Quality
Security
License
Reuse
A proof-of-concept Android application to detect and defeat some of the Cellebrite UFED forensic toolkit extraction techniques.
Support
Quality
Security
License
Reuse
PE loader with various shellcode injection techniques
Support
Quality
Security
License
Reuse
The OWASP ZAP Heads Up Display (HUD)
Support
Quality
Security
License
Reuse
cut version of rensenware
Support
Quality
Security
License
Reuse
Amplify network visibility from multiple POV of other hosts
Support
Quality
Security
License
Reuse
MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR
Support
Quality
Security
License
Reuse
Simple pytorch implementation of FGSM and I-FGSM
Support
Quality
Security
License
Reuse
BOF and Shellcode for full DLL unhooking using dynamic syscalls
Support
Quality
Security
License
Reuse
C++ application that uses memory and code hooks to detect packers
Support
Quality
Security
License
Reuse
airpwn-ng
Support
Quality
Security
License
Reuse
virus collection source code
Support
Quality
Security
License
Reuse
An easy to use PowerShell script to collect memory and disk forensics for DFIR investigations.
Support
Quality
Security
License
Reuse
Some DLL Injection techniques in C++ implemented for both x86 and x64 windows OS processes
Support
Quality
Security
License
Reuse
Simple C++ DLL Manual Map Injector For x86 and x64
Support
Quality
Security
License
Reuse
DFF (Digital Forensics Framework) is a Forensics Framework coming with command line and graphical interfaces. DFF can be used to investigate hard drives and volatile memory and create reports about user and system activities.
Support
Quality
Security
License
Reuse
Active Directory forensic framework
Support
Quality
Security
License
Reuse
Imago is a python tool that extract digital evidences from images.
Support
Quality
Security
License
Reuse
AWS Inventory and Compliance Framework
Support
Quality
Security
License
Reuse
Automated Tactics Techniques & Procedures
Support
Quality
Security
License
Reuse
A collection of tools for forensic analysis
Support
Quality
Security
License
Reuse
User guide of MISP
Support
Quality
Security
License
Reuse
Raw Packet Injection tool
Support
Quality
Security
License
Reuse
Shellcode runner in GO that incorporates shellcode encryption, remote process injection, block dlls, and spoofed parent process
Support
Quality
Security
License
Reuse
Java-Web-Security - Sichere Webanwendungen mit Java entwickeln
Support
Quality
Security
License
Reuse
ChimeraPE (a PE injector type - alternative to: RunPE, ReflectiveLoader, etc) - a template for manual loading of EXE, loading imports payload-side
Support
Quality
Security
License
Reuse
汇总了目前可以找到的所有的进程注入的方式,完成了x86/x64下的测试,不断更新中
Support
Quality
Security
License
Reuse
A portable OSINT Swiss Army Knife for DFIR/OSINT professionals 🕵️ 🕵️ 🕵️
Support
Quality
Security
License
Reuse
The Secure Coding Dojo is a platform for delivering secure coding training.
Support
Quality
Security
License
Reuse
Hide Process From Task Manager using Usermode API Hooking
Support
Quality
Security
License
Reuse
A .NET Core middleware for injecting the Owasp recommended HTTP Headers for increased security
Support
Quality
Security
License
Reuse
Chrome/Chromium Forensic Tool : Parses History, Visited Links, Downloaded Files and Cache
Support
Quality
Security
License
Reuse
A collection of injection via vc++ in ring3
Support
Quality
Security
License
Reuse
Using DInvoke to patch AMSI.dll in order to bypass AMSI detections triggered when loading .NET tradecraft via Assembly.Load().
Support
Quality
Security
License
Reuse
Python toolkit for injecting DLL files into running processes on Windows
Support
Quality
Security
License
Reuse
a set of free software to protect you from Internet hijacking
Support
Quality
Security
License
Reuse
Pseudo-malicious usermode memory artifact generator kit designed to easily mimic the footprints left by real malware on an infected Windows OS.
Support
Quality
Security
License
Reuse
Graph Visualization for windows event logs
Support
Quality
Security
License
Reuse
Run Capture the Flags and Security Trainings with OWASP Juice Shop
Support
Quality
Security
License
Reuse
A :zap: lightweight Go package to parse, analyze and extract metadata from Portable Executable (PE) binaries. Designed for malware analysis tasks and robust against PE malformations.
Support
Quality
Security
License
Reuse
Crusader Kings II double byte patch /production : 3.3.4 /dev : 3.3.4
Support
Quality
Security
License
Reuse
A dashboard for a real-time overview of threat intelligence from MISP instances
Support
Quality
Security
License
Reuse
Command line utility to inject and eject DLLs
Support
Quality
Security
License
Reuse
RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.
Support
Quality
Security
License
Reuse
G
GWT-Penetration-Testing-Toolsetby GDSSecurity
Python 
181 Version:Current
License: No License (No License)
License: No License (No License)A set of tools made to assist in penetration testing GWT applications. Additional details about these tools can be found on my OWASP Appsec DC slides available here: http://www.owasp.org/images/7/77/Attacking_Google_Web_Toolkit.ppt
Support
Quality
Security
License
Reuse
f
fatcatby Gregwar
FAT filesystems explore, extract, repair, and forensic tool
C++ 263Updated: 2 y ago License: Permissive (MIT)
263Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
s
spawnby boku7
Cobalt Strike BOF that spawns a sacrificial process, injects it with shellcode, and executes payload. Built to evade EDR/UserLand hooks by spawning sacrificial process with Arbitrary Code Guard (ACG), BlockDll, and PPID spoofing.
C 263Updated: 4 y ago License: No License (No License)
263Updated: 4 y ago License: No License (No License)Support
Quality
Security
License
Reuse
d
dll-hijack-by-proxyingby tothi
Exploiting DLL Hijacking by DLL Proxying Super Easily
C 261Updated: 2 y ago License: No License (No License)
261Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
W
WhatsDumpby MarcoG3
Extract WhatsApp private key from any non-rooted Android device (Android 7+ supported)
Python 253Updated: 2 y ago License: Weak Copyleft (LGPL-3.0)
253Updated: 2 y ago License: Weak Copyleft (LGPL-3.0)Support
Quality
Security
License
Reuse
t
tramby center-for-threat-informed-defense
TRAM is an open-source platform designed to advance research into automating the mapping of cyber threat intelligence reports to MITRE ATT&CK®.
HTML 252Updated: 2 y ago License: Permissive (Apache-2.0)
252Updated: 2 y ago License: Permissive (Apache-2.0)Support
Quality
Security
License
Reuse
S
Scyllaby DoubleThreatSecurity
The Simplistic Information Gathering Engine | Find Advanced Information on a Username, Website, Phone Number, etc.
Python 247Updated: 4 y ago License: Permissive (MIT)
247Updated: 4 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
l
lockupby mbkore
A proof-of-concept Android application to detect and defeat some of the Cellebrite UFED forensic toolkit extraction techniques.
Java 246Updated: 4 y ago License: Permissive (CC0-1.0)
246Updated: 4 y ago License: Permissive (CC0-1.0)Support
Quality
Security
License
Reuse
P
PELoaderby Hagrid29
PE loader with various shellcode injection techniques
C++ 246Updated: 2 y ago License: No License (No License)
246Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
z
zap-hudby zaproxy
The OWASP ZAP Heads Up Display (HUD)
Java 243Updated: 2 y ago License: Permissive (Apache-2.0)
243Updated: 2 y ago License: Permissive (Apache-2.0)Support
Quality
Security
License
Reuse
r
rensenware-cutby 0x00000FF
cut version of rensenware
C# 242Updated: 2 y ago License: Strong Copyleft (GPL-3.0)
242Updated: 2 y ago License: Strong Copyleft (GPL-3.0)Support
Quality
Security
License
Reuse
c
cornershotby zeronetworks
Amplify network visibility from multiple POV of other hosts
Python 242Updated: 2 y ago License: Permissive (Apache-2.0)
242Updated: 2 y ago License: Permissive (Apache-2.0)Support
Quality
Security
License
Reuse
M
MemProcFS-Analyzerby evild3ad
MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR
PowerShell 241Updated: 2 y ago License: Strong Copyleft (GPL-3.0)
241Updated: 2 y ago License: Strong Copyleft (GPL-3.0)Support
Quality
Security
License
Reuse
F
FGSMby 1Konny
Simple pytorch implementation of FGSM and I-FGSM
Python 240Updated: 2 y ago License: No License (No License)
240Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
S
SyscallPackby cube0x0
BOF and Shellcode for full DLL unhooking using dynamic syscalls
C 235Updated: 2 y ago License: No License (No License)
235Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
P
PackerAttackerby BromiumLabs
C++ application that uses memory and code hooks to detect packers
C++ 234Updated: 4 y ago License: Strong Copyleft (GPL-2.0)
234Updated: 4 y ago License: Strong Copyleft (GPL-2.0)Support
Quality
Security
License
Reuse
a
Support
Quality
Security
License
Reuse
m
malwareby kaiserfarrell
virus collection source code
C++ 233Updated: 4 y ago License: No License (No License)
233Updated: 4 y ago License: No License (No License)Support
Quality
Security
License
Reuse
C
CyberPipeby dwmetz
An easy to use PowerShell script to collect memory and disk forensics for DFIR investigations.
PowerShell 231Updated: 2 y ago License: Permissive (MIT)
231Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
W
Windows-DLL-Injectorby KooroshRZ
Some DLL Injection techniques in C++ implemented for both x86 and x64 windows OS processes
C++ 229Updated: 2 y ago License: No License (No License)
229Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
S
Simple-Manual-Map-Injectorby TheCruZ
Simple C++ DLL Manual Map Injector For x86 and x64
C++ 225Updated: 2 y ago License: Permissive (MIT)
225Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
d
dffby arxsys
DFF (Digital Forensics Framework) is a Forensics Framework coming with command line and graphical interfaces. DFF can be used to investigate hard drives and volatile memory and create reports about user and system activities.
Python 221Updated: 2 y ago License: Strong Copyleft (GPL-2.0)
221Updated: 2 y ago License: Strong Copyleft (GPL-2.0)Support
Quality
Security
License
Reuse
n
ntdsxtractby csababarta
Active Directory forensic framework
Python 220Updated: 4 y ago License: Strong Copyleft (GPL-3.0)
220Updated: 4 y ago License: Strong Copyleft (GPL-3.0)Support
Quality
Security
License
Reuse
i
imago-forensicsby redaelli
Imago is a python tool that extract digital evidences from images.
Python 218Updated: 2 y ago License: Permissive (MIT)
218Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
a
antiopeby turnerlabs
AWS Inventory and Compliance Framework
Python 218Updated: 2 y ago License: Permissive (Apache-2.0)
218Updated: 2 y ago License: Permissive (Apache-2.0)Support
Quality
Security
License
Reuse
A
AutoTTPby jymcheong
Automated Tactics Techniques & Procedures
Python 217Updated: 4 y ago License: No License (No License)
217Updated: 4 y ago License: No License (No License)Support
Quality
Security
License
Reuse
F
Forensic-Toolsby MonroCoury
A collection of tools for forensic analysis
Python 215Updated: 4 y ago License: Permissive (MIT)
215Updated: 4 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
m
Support
Quality
Security
License
Reuse
P
Pinjectby OffensivePython
Raw Packet Injection tool
Python 212Updated: 4 y ago License: Permissive (MIT)
212Updated: 4 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
G
Go4aRunby D00MFist
Shellcode runner in GO that incorporates shellcode encryption, remote process injection, block dlls, and spoofed parent process
Go 212Updated: 2 y ago License: Permissive (BSD-3-Clause)
212Updated: 2 y ago License: Permissive (BSD-3-Clause)Support
Quality
Security
License
Reuse
J
Java-Web-Securityby dschadow
Java-Web-Security - Sichere Webanwendungen mit Java entwickeln
Java 211Updated: 2 y ago License: Permissive (Apache-2.0)
211Updated: 2 y ago License: Permissive (Apache-2.0)Support
Quality
Security
License
Reuse
c
chimera_peby hasherezade
ChimeraPE (a PE injector type - alternative to: RunPE, ReflectiveLoader, etc) - a template for manual loading of EXE, loading imports payload-side
C 208Updated: 2 y ago License: No License (No License)
208Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
P
Process-Injectionby Gality369
汇总了目前可以找到的所有的进程注入的方式,完成了x86/x64下的测试,不断更新中
C++ 208Updated: 2 y ago License: Strong Copyleft (GPL-3.0)
208Updated: 2 y ago License: Strong Copyleft (GPL-3.0)Support
Quality
Security
License
Reuse
p
pockintby netevert
A portable OSINT Swiss Army Knife for DFIR/OSINT professionals 🕵️ 🕵️ 🕵️
Python 205Updated: 4 y ago License: Permissive (MIT)
205Updated: 4 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
S
SecureCodingDojoby trendmicro
The Secure Coding Dojo is a platform for delivering secure coding training.
PHP 205Updated: 4 y ago License: Proprietary (Proprietary)
205Updated: 4 y ago License: Proprietary (Proprietary)Support
Quality
Security
License
Reuse
P
ProcessHiderby kernelm0de
Hide Process From Task Manager using Usermode API Hooking
C 204Updated: 2 y ago License: No License (No License)
204Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
O
OwaspHeaders.Coreby GaProgMan
A .NET Core middleware for injecting the Owasp recommended HTTP Headers for increased security
C# 203Updated: 2 y ago License: Permissive (MIT)
203Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
C
Chromagnonby JRBANCEL
Chrome/Chromium Forensic Tool : Parses History, Visited Links, Downloaded Files and Cache
Python 202Updated: 4 y ago License: Proprietary (Proprietary)
202Updated: 4 y ago License: Proprietary (Proprietary)Support
Quality
Security
License
Reuse
I
InjectCollectionby AzureGreen
A collection of injection via vc++ in ring3
C++ 201Updated: 2 y ago License: No License (No License)
201Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
N
NoAmciby med0x2e
Using DInvoke to patch AMSI.dll in order to bypass AMSI detections triggered when loading .NET tradecraft via Assembly.Load().
C# 200Updated: 2 y ago License: No License (No License)
200Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
p
python-dll-injectionby infodox
Python toolkit for injecting DLL files into running processes on Windows
Python 199Updated: 4 y ago License: No License (No License)
199Updated: 4 y ago License: No License (No License)Support
Quality
Security
License
Reuse
h
hijackfilterby vfreex
a set of free software to protect you from Internet hijacking
C 194Updated: 4 y ago License: Strong Copyleft (GPL-3.0)
194Updated: 4 y ago License: Strong Copyleft (GPL-3.0)Support
Quality
Security
License
Reuse
a
artifacts-kitby forrest-orr
Pseudo-malicious usermode memory artifact generator kit designed to easily mimic the footprints left by real malware on an infected Windows OS.
C++ 192Updated: 2 y ago License: Strong Copyleft (GPL-3.0)
192Updated: 2 y ago License: Strong Copyleft (GPL-3.0)Support
Quality
Security
License
Reuse
e
epagneulby jurelou
Graph Visualization for windows event logs
Python 192Updated: 2 y ago License: No License (No License)
192Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
m
multi-juicerby iteratec
Run Capture the Flags and Security Trainings with OWASP Juice Shop
JavaScript 189Updated: 2 y ago License: Permissive (Apache-2.0)
189Updated: 2 y ago License: Permissive (Apache-2.0)Support
Quality
Security
License
Reuse
p
peby saferwall
A :zap: lightweight Go package to parse, analyze and extract metadata from Portable Executable (PE) binaries. Designed for malware analysis tasks and robust against PE malformations.
Go 188Updated: 2 y ago License: Permissive (MIT)
188Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
C
CK2dllby matanki-saito
Crusader Kings II double byte patch /production : 3.3.4 /dev : 3.3.4
C++ 187Updated: 4 y ago License: Permissive (MIT)
187Updated: 4 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
m
misp-dashboardby MISP
A dashboard for a real-time overview of threat intelligence from MISP instances
JavaScript 184Updated: 2 y ago License: Strong Copyleft (AGPL-3.0)
184Updated: 2 y ago License: Strong Copyleft (AGPL-3.0)Support
Quality
Security
License
Reuse
I
Injectorby nefarius
Command line utility to inject and eject DLLs
C++ 182Updated: 4 y ago License: No License (No License)
182Updated: 4 y ago License: No License (No License)Support
Quality
Security
License
Reuse
R
RdpCacheStitcherby BSI-Bund
RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.
C++ 182Updated: 2 y ago License: No License (No License)
182Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
G
GWT-Penetration-Testing-Toolsetby GDSSecurity
A set of tools made to assist in penetration testing GWT applications. Additional details about these tools can be found on my OWASP Appsec DC slides available here: http://www.owasp.org/images/7/77/Attacking_Google_Web_Toolkit.ppt
Python 181Updated: 4 y ago License: No License (No License)
181Updated: 4 y ago License: No License (No License)Support
Quality
Security
License
Reuse