A collection of devsecops tools and resources.
| Tool | Website | Description |
|---|---|---|
| Abuse | https://abuse.ch/ | A platform focused on threat intelligence. |
| DomainTools | https://whois.domaintools.com/ | Provides DNS and IP information on a domain. |
| Talos Intelligence | https://talosintelligence.com/ | A platform focused on threat intelligence provided by Cisco. |
| Censys | https://search.censys.io/ | A search engine for discovering devices and services exposed on the internet, offering insights into vulnerabilities. |
| Shodan | https://www.shodan.io/ | A search engine that scans and indexes devices connected to the internet, used for identifying network vulnerabilities. |
| Mitre Attack | https://attack.mitre.org/ | A comprehensive framework of adversarial tactics and techniques used by cyber attackers. |
| Mitre AEP | https://attack.mitre.org/resources/adversary-emulation-plans/ | Provides adversary emulation plans that simulate cyber threat actors to test and improve security defenses. |
| Mitre CAR | https://car.mitre.org/ | Cyber Analytics Repository that offers security analytics to help detect adversary behaviors on networks. |
| Mitre D3fend | https://d3fend.mitre.org/ | A knowledge base of cybersecurity countermeasures designed to help organizations protect against attacks. |
| Mitre Engage | https://engage.mitre.org/ | A framework designed to guide organizations in planning and executing cyber deception and engagement operations. |
| LOKI | https://github.com/Neo23x0/Loki | A simple scanner that checks for indicators of compromise (IoCs) using YARA rules and other heuristics. |
| THOR (Lite) | https://www.nextron-systems.com/thor-lite/ | A professional-grade forensic scanner that detects advanced threats and malicious activity. |
| Yara | https://virustotal.github.io/yara/ | A tool aimed at helping malware researchers identify and classify malware by writing flexible detection rules. |
| FENRIR | https://github.com/Neo23x0/Fenrir | A simple IOC scanner for Unix-based systems designed to be easily integrated into security incident response processes. |
| yarGen | https://github.com/Neo23x0/yarGen | A tool for generating YARA rules by extracting relevant strings from malware samples. |
| valhalla | https://valhalla.nextron-systems.com/ | A service offering a massive collection of curated YARA rules for detecting malware and threats. |
| YARAify | https://yaraify.abuse.ch/ | Provides a feed of YARA rules and allows scanning of files against YARA rules. |
| OpenCTI | https://www.opencti.io/ | An open-source platform designed to manage, store, and share cyber threat intelligence information. |
| MISP | https://www.misp-project.org/ | An open-source threat intelligence platform for sharing, storing, and correlating indicators of compromise. |
| IPinfo.io | https://ipinfo.io/ | Provides geolocation, ownership details, and privacy detection for IP addresses. |
| URLScan.io | https://urlscan.io/ | A web sandbox that scans and analyzes URLs for threats, generating detailed reports. |
| DomainTools Whois | https://whois.domaintools.com/ | Retrieves domain registration details, including ownership, creation date, and DNS information. |
| VirusTotal | https://www.virustotal.com/gui/ | Analyzes suspicious files and URLs to detect malware and shares findings with the security community. |
| Tool | Website | Description |
|---|---|---|
| Zenmap | https://nmap.org/zenmap/ | The official graphical user interface (GUI) for Nmap. |
| Snort | https://www.snort.org/ | An open-source intrusion detection and prevention system (IDS/IPS). |
| NetworkMiner | https://www.netresec.com/?page=NetworkMiner | A network forensic analysis tool (NFAT) for extracting and analyzing data from network traffic. |
| Wireshark | https://www.wireshark.org/ | A network protocol analyzer used for network troubleshooting, analysis, and protocol development. |
| TShark | https://tshark.dev/ | The command-line version of Wireshark, offering similar functionalities for capturing and analyzing network traffic via CLI. |
| Brim | https://www.brimdata.io | The graphical user interface (GUI) for Zeek. |
| Tool | Website | Description |
|---|---|---|
| TCPView | https://learn.microsoft.com/en-us/sysinternals/downloads/tcpview | Displays active TCP and UDP connections, including process ownership and connection states. |
| Process Explorer | https://learn.microsoft.com/en-us/sysinternals/downloads/process-explorer | Provides detailed information about running processes. |
| Wevtutil.exe | https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/wevtutil | Command-line tool for managing Windows Event Logs, including querying, exporting, and clearing logs. |
| Sysmon | https://learn.microsoft.com/en-us/sysinternals/downloads/sysmon | Monitors and logs detailed system activity to Windows Event Logs for security analysis. |
| Osquery | https://www.osquery.io | Uses SQL-like queries to collect and analyze operating system data for monitoring, compliance, and security. |
| Wazuh | https://wazuh.com/ | A free SIEM platform for threat detection, compliance, and IT security monitoring. |
| Process Hacker | https://processhacker.sourceforge.io/ | Open-source tool for monitoring processes, detecting malicious activity, and troubleshooting. |
| Autoruns | https://learn.microsoft.com/en-us/sysinternals/downloads/autoruns | Shows programs configured to run at system startup or login in detail. |
| Procdump | https://learn.microsoft.com/en-us/sysinternals/downloads/procdump | Captures process dumps during CPU spikes or application crashes for debugging purposes. |
| Splunk | https://www.splunk.com/ | A platform for collecting, indexing, and analyzing machine-generated data in real-time. |
| Tool | Website | Description |
|---|---|---|
| FTK Imager | https://www.exterro.com/digital-forensics-software/ftk-imager | A forensic imaging tool used to preview, image, and analyze digital evidence. |
| RegRipper | https://github.com/keydet89/RegRipper3.0 | Extracts and analyzes Windows registry data using plugins for incident response and forensics. |
| Zimmerman's Registry Explorer | https://ericzimmerman.github.io/ | Parses and analyzes Windows registry hives for forensic artifacts. |
| ShellBagExplorer | https://ericzimmerman.github.io/ | Analyzes ShellBag registry data to track folder access and browsing history. |
| Registry Viewer | https://ericzimmerman.github.io/ | Examines Windows registry files for forensic analysis of keys, values, and settings. |
| Autopsy | https://www.autopsy.com | Open-source digital forensics platform for investigating and analyzing hard drives and files. |
| Redline | https://fireeye.market/apps/211364 | Provides host investigative capabilities to detect malicious activity through memory and file analysis. |
| KAPE | https://www.kroll.com/en/services/cyber-risk/incident-response-litigation-support/kroll-artifact-parser-extractor-kape | Collects and processes forensic artifacts efficiently during investigations. |
| Volatility | https://github.com/volatilityfoundation/volatility | An open-source memory forensics framework for analyzing RAM dumps. |
| Velociraptor | https://docs.velociraptor.app/ | Endpoint monitoring and digital forensics tool. |
| The Hive | https://github.com/TheHive-Project/TheHive | An open-source incident response platform for managing security events collaboratively. |
| PE Tree | https://github.com/blackberry/pe_tree | Visualizes Portable Executable (PE) files to aid malware analysis. |
| Olevba | https://github.com/decalage2/oletools/wiki/olevba | Analyzes Microsoft Office documents to detect and extract malicious VBA macros and indicators of compromise. |
| Tool | Website | Description |
|---|---|---|
| Cuckoo Sandbox | https://cuckoosandbox.org/ | Open-source automated malware analysis system for dynamic analysis of suspicious files and URLs. |
| CAPE Sandbox | https://capev2.readthedocs.io/en/latest/index.html | Malware analysis sandbox focused on unpacking and analyzing malicious payloads and executables. |
| Any.run | https://any.run/ | Interactive online malware sandbox allowing real-time analysis of suspicious files and activities. |
| Hybrid Analysis | https://www.hybrid-analysis.com/ | Free malware analysis service powered by Falcon Sandbox for static and dynamic threat analysis. |
| Tool | Website | Description |
|---|---|---|
| Phish Tool | https://phishtool.com/ | A platform designed for detecting, analyzing, and managing phishing threats. |
| Message Header Analyzer | https://mha.azurewebsites.net/ | Parses and analyzes email headers to trace the path of messages and identify potential issues. |
| Mail Header Analyzer | https://mailheader.org/ | Makes email headers legible by parsing records for detailed analysis of message routing. |
| MXToolbox | https://mxtoolbox.com/ | Provides tools to analyze DNS, MX records, and email server configurations for troubleshooting. |
| PhishTank | https://phishtank.com/ | Community-driven platform to track, verify, and share information about phishing websites. |
| Spamhaus | https://www.spamhaus.org/ | Offers IP and domain reputation services to detect and block spam, malware, and other threats. |
| Google Messageheader | https://toolbox.googleapps.com/apps/messageheader/ | Analyzes email headers to identify delivery delays, their sources, and responsible parties. |
| Phishing IR Playbook | https://github.com/counteractive/incident-response-plan-template/blob/master/playbooks/playbook-phishing.md | A comprehensive playbook for investigating, remediating, and communicating during phishing incidents. |
| Tool | Website | Description |
|---|---|---|
| URL2PNG | https://www.url2png.com/ | Captures snapshots of websites through an intuitive API for integration into apps or workflows. |
| Wannabrowser | https://www.wannabrowser.net/ | Allows viewing HTML source code of websites using different user-agent perspectives to detect cloaking. |
| CVE Crowd | https://cvecrowd.com/ | A platform for discussing and sharing information about CVEs and vulnerabilities. |
| Fedisec Feeds | https://fedisecfeeds.github.io/ | Aggregates security-related data, including CVE updates, in JSON format for easy access. |
| Tool | Website | Description |
|---|---|---|
| GTFOBins | https://gtfobins.github.io/ | GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems. |