Sandbox

License: AGPLv3


Description:

Sandwich is a multi-platform, multi-language, open-source library that provides a simple unified API for developers to use (multiple) cryptographic libraries in their applications.

Bloodhound CE

License: Apache 2


Description:

BloodHound is a monolithic web application composed of an embedded React frontend with Sigma.js and a Go based REST API backend. It is deployed with a Postgresql application database and a Neo4j graph database, and is fed by the SharpHound and AzureHound data collectors. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory or Azure environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory or Azure environment. BloodHound CE is created and maintained by the BloodHound Enterprise Team. The original BloodHound was created by @_wald0, @CptJesus, and @harmj0y.

Warpgate

License: Apache 2


Description:

Warpgate is a smart SSH, HTTPS and MySQL bastion host for Linux that doesn’t need special client apps. Set it up in your DMZ, add user accounts and easily assign them to specific hosts and URLs within the network. Warpgate will record every session for you to view (live) and replay later through a built-in admin web UI. Not a jump host – forwards your connections straight to the target instead. Native 2FA and SSO support (TOTP & OpenID Connect) Single binary with no dependencies. Written in 100% safe Rust.

Cuckoo Sandbox

License: GPLv3


Description:

Cuckoo Sandbox is an automated dynamic malware analysis system PLEASE NOTE: Cuckoo Sandbox 2.x is currently unmaintained. Any open issues or pull requests will most likely not be processed, as a current full rewrite of Cuckoo is undergoing and will be announced soon.

Chainsaw

License: GPLv3


Description:

Chainsaw provides a powerful a first-response capability to quickly identify threats within Windows forensic artefacts such as Event Logs and MFTs. Chainsaw offers a generic and fast method of searching through event logs for keywords, and by identifying threats using built-in support for Sigma detection rules, and via custom Chainsaw detection rules.

Ghidra

License: Apache 2


Description:

Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate. This framework includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms including Windows, macOS, and Linux. Capabilities include disassembly, assembly, decompilation, graphing, and scripting, along with hundreds of other features. Ghidra supports a wide variety of processor instruction sets and executable formats and can be run in both user-interactive and automated modes. Users may also develop their own Ghidra extension components and/or scripts using Java or Python.