99 Open Source Blueteam Software Projects
Free and open source blueteam code projects including engines, APIs, generators, and tools.
Gtfobins.github.io 6200 ⭐
GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems
Infosec_reference 4205 ⭐
An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.
Logontracer 1937 ⭐
Investigate malicious Windows logon by visualizing and analyzing Windows event log
Rita 1754 ⭐
Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis.
Ultimateapplockerbypasslist 1374 ⭐
The goal of this repository is to document the most common techniques to bypass AppLocker.
Slackpirate 606 ⭐
Slack Enumeration and Extraction Tool - extract sensitive information from a Slack Workspace
Repo Supervisor 548 ⭐
Scan your code for security misconfiguration, search for passwords and secrets. :mag:
Pidense 396 ⭐
🍓📡🍍Monitor illegal wireless network activities. (Fake Access Points), (WiFi Threats: KARMA Attacks, WiFi Pineapple, Similar SSID, OPN Network Density etc.)
Bxss 353 ⭐
bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.
Remote Desktop Caching 190 ⭐
This tool allows one to recover old RDP (mstsc) session information in the form of broken PNG files. These PNG files allows Red Team member to extract juicy information such as LAPS passwords or any sensitive information on the screen. Blue Team member can reconstruct PNG files to see what an attacker did on a compromised host. It is extremely useful for a forensics team to extract timestamps after an attack on a host to collect evidences and perform further analysis.
Flerken 148 ⭐
A Solution For Cross-Platform Obfuscated Commands Detection presented on CIS2019 China. 动静态Bash/CMD/PowerShell命令混淆检测框架 - CIS 2019大会
Cypheroth 218 ⭐
Automated, extensible toolset that runs cypher queries against Bloodhound's Neo4j backend and saves output to spreadsheets.
Malwarepersistencescripts 110 ⭐
A collection of scripts I've written to help red and blue teams with malware persistence techniques.
Threathunt 107 ⭐
ThreatHunt is a PowerShell repository that allows you to train your threat hunting skills.
Information Security Tasks 133 ⭐
This repository is created only for infosec professionals whom work day to day basis to equip ourself with uptodate skillset, We can daily contribute daily one hour for day to day tasks and work on problem statements daily, Please contribute by providing problem statements and solutions
Opensquat 209 ⭐
Detection of phishing domains and domain squatting. Supports permutations such as homograph attack, typosquatting and bitsquatting.
T0thkr1s Gtfo 88 ⭐
Search for Unix binaries that can be exploited to bypass system security restrictions.
Qradar 41 ⭐
Unofficial third-party scripts, playbooks, and content for IBM QRadar & QRadar Community Edition.
Bootsy 30 ⭐
Designed to be installed on a fresh install of raspbian on a raspberry pi, by combining Respounder (Responder detection) and Artillery (port and service spoofing) for network deception, this tool allows you to detect an attacker on the network quickly by weeding out general noisy alerts with only those that matter.
Opensource Endpoint Monitoring 25 ⭐
This repository contains all the config files and scripts used for our Open Source Endpoint monitoring project.
Secsuite Production 13 ⭐
A public repository for the #Secsuite project. Created & maintained by @ghostinthecable.
Kathe 17 ⭐
A GUI/REST interface to find similarities in large sets (think: binaries). Based on ssdeep.
X33fcon 31 ⭐
Supporting material for my presentation "Adversarial Threat Modelling — A Practical Approach to Purple Teaming in the Enterprise"
Cpldropper 29 ⭐
A Control Panel Applet dropper project. It has a high success rate on engagements since nobody cares about .CPL files and you can just double click them.
Bank_mitigations 14 ⭐
Anti keylogger, anti screen logger... Strategy to protect with hookings or improve your sandbox with spyware detection... - Demo
Defaultcreds Cheat Sheet 2128 ⭐
One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
Awesome Security Hardening 935 ⭐
A collection of awesome security hardening guides, tools and other resources
Microsoftwontfixlist 851 ⭐
A list of vulnerabilities or design flaws that Microsoft does not intend to fix. Since the number is growing, I decided to make a list. This list covers only vulnerabilities that came up in July 2021 (and SpoolSample ;-))
Wadcoms.github.io 679 ⭐
WADComs is an interactive cheat sheet, containing a curated list of offensive security tools and their respective commands, to be used against Windows/AD environments.
Boobsnail 212 ⭐
BoobSnail allows generating Excel 4.0 XLM macro. Its purpose is to support the RedTeam and BlueTeam in XLM macro generation.
Exchange_webshell_detection 96 ⭐
Detect webshells dropped on Microsoft Exchange servers exploited through "proxylogon" group of vulnerabilites (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065)
Evileye 82 ⭐
A BeaconEye implement in Golang. It is used to detect the cobaltstrike beacon from memory and extract some configuration.
Packetsiftertool 75 ⭐
PacketSifter is a tool/script that is designed to aid analysts in sifting through a packet capture (pcap) to find noteworthy traffic. Packetsifter accepts a pcap as an argument and outputs several files.
Etwprocessmon2 55 ⭐
ETWProcessMon2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detection by VirtualMemAlloc Events (in-memory) etc.
Viralmaniar Murmurhash 54 ⭐
This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.
Nist To Tech 44 ⭐
An open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework (CSF)
Blue Team Tools 34 ⭐
A collection of scripts, tools. and configs for various OS'es and applications, all free and or open-source, to assist in impromptu Blue-Team defense under an active threat.
Btps Secpack 25 ⭐
This repository contains a collection of PowerShell tools that can be utilized to protect and defend an environment based on the recommendations of multiple cyber security researchers at Microsoft. These tools were created with a small to medium size enterprise environment in mind as smaller organizations do not always have the type of funding available to overly spend on security. The goal of this project is to help add value to an smaller organizations security by creating more visibility for the average IT Administrator. Organizations with 1,000’s of devices may find that this entire suite does not apply to them.
Dummydll 18 ⭐
Utility for hunting UAC bypasses or COM/DLL hijacks that alerts on the exported function that was consumed.
Bluesploit 20 ⭐
BlueSploit is a DFIR framework with the main purpose being to quickly capture artifacts for later review.
Etwnetmonv3 19 ⭐
ETWNetMonv3 is simple C# code for Monitoring TCP Network Connection via ETW & ETWProcessMon/2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detection by VirtualMemAlloc Events (in-memory) etc.
Securityinbits Cheatsheet 18 ⭐
These are some of the commands which I use frequently during Malware Analysis and DFIR.
Cobaltstrike Tools 15 ⭐
Tools for playing w/ CobaltStrike config - extractin, detection, processing, etc...
Pooroperationalsecuritypractices 11 ⭐
Deceptive tradecraft should be fun and light, not stern and stressful. It is cool to be cute.
Strikewriter 10 ⭐
Looks up details on a public IPV4 address against ip-info and blacklist-search sites. Providing a reputation check.
Psget Domain Mailinfo 10 ⭐
PowerShell script to get domain mail info and control status such as MX, SPF, DKIM, DMARC and StartTLS.
Bluelay 23 ⭐
Searches online paste sites for certain search terms which can indicate a possible data breach.
Ad Privileged Audit 20 ⭐
Provides various Windows Server Active Directory (AD) security-focused reports.
365 10 ⭐
OSINT, Threat Hunting, Network and Web Recon, Discovery, Enumeration, Vulnerability Mapping, Exploitation, Reporting
Pyc2bytecode 64 ⭐
A Python Bytecode Disassembler helping reverse engineers in dissecting Python binaries by disassembling and analyzing the compiled python byte-code(.pyc) files across all python versions (including Python 3.10.*)