Description:
OpenSnitch is a GNU/Linux interactive application firewall inspired by Little Snitch.
Security
Cuckoo Sandbox
Description:
Cuckoo Sandbox is an automated dynamic malware analysis system PLEASE NOTE: Cuckoo Sandbox 2.x is currently unmaintained. Any open issues or pull requests will most likely not be processed, as a current full rewrite of Cuckoo is undergoing and will be announced soon.
Chainsaw
Description:
Chainsaw provides a powerful a first-response capability to quickly identify threats within Windows forensic artefacts such as Event Logs and MFTs. Chainsaw offers a generic and fast method of searching through event logs for keywords, and by identifying threats using built-in support for Sigma detection rules, and via custom Chainsaw detection rules.
Catalyst
Description:
Catalyst is an open source SOAR and ticket system that helps to automate alert handling and incident response processes
Ghidra
Description:
Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate. This framework includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms including Windows, macOS, and Linux. Capabilities include disassembly, assembly, decompilation, graphing, and scripting, along with hundreds of other features. Ghidra supports a wide variety of processor instruction sets and executable formats and can be run in both user-interactive and automated modes. Users may also develop their own Ghidra extension components and/or scripts using Java or Python.
Snapchange
Description:
Lightweight fuzzing of a memory snapshot using KVM
The Hive
Description:
TheHive is a scalable 3-in-1 open source and free Security Incident Response Platform designed to make life easier for SOCs, CSIRTs, CERTs and any information security practitioner dealing with security incidents that need to be investigated and acted upon swiftly. It is the perfect companion to MISP. You can synchronize it with one or multiple MISP instances to start investigations out of MISP events. You can also export an investigation’s results as a MISP event to help your peers detect and react to attacks you’ve dealt with. Additionally, when TheHive is used in conjunction with Cortex, security analysts and researchers can easily analyze tens if not hundred of observables.
Gophish
Description:
Gophish is a powerful, open-source phishing framework that makes it easy to test your organization’s exposure to phishing.
Velociraptor
Description:
Velociraptor is an advanced digital forensic and incident response tool that enhances your visibility into your endpoints.
OpenCanary
Description:
OpenCanary creates a network honeypot allowing you to catch hackers before they fully compromise your systems. As a technical definition, OpenCanary is a daemon that runs several canary versions of services that alerts when a service is (ab)used.