Every now and then I star a Git repo that looks interesting, has a tool I want to try later, or is something immediately useful. Most times, however, I tend to star them and forget about them. In reviewing some of my more recent ‘stars’, I thought it might be useful to share them with my readers.
[list icon=”chevron-sign-right”]harelba/q[/list]
q is a command line tool that allows direct execution of SQL-like queries on CSVs/TSVs (and any other tabular text files). q treats ordinary files as database tables, and supports all SQL constructs, such as WHERE, GROUP BY, JOINs etc. It supports automatic column name and column type detection, and provides full support for multiple encodings.
[list icon=”chevron-sign-right”]wmetcalf/buildcuckoo-trusty[/list]
A dumb set of scripts for building a cuckoo rig
[list icon=”chevron-sign-right”]ChrisTruncer/EyeWitness[/list]
EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.
Inspiration came from Tim Tomes’s PeepingTom Script. I just wanted to change some things, and then it became a thought exercise to write it myself.
EyeWitness is designed to run on Kali Linux. It will auto detect the file you give it with the -f flag as either being a text file with URLs on each new line, nmap xml output, or nessus xml output. The -t (timeout) flag is completely optional, and lets you provide the max time to wait when trying to render and screenshot a web page. The –open flag, which is optional, will open the URL in a new tab within iceweasel.
[list icon=”chevron-sign-right”]packetloop/packetpig[/list]
An Open Source Big Data Security Analytics tool that analyses pcap files using Apache Pig.
[list icon=”chevron-sign-right”]cure53/Flashbang[/list]
This tool is an open-source Flash-security helper with a very specific purpose: Find the flashVars of a naked SWF and display them, so a security tester can start hacking away without decompiling the code.
Flashbang is built upon Mozilla’s Shumway project. It runs in the browser but has a bunch of requirements to work properly.
[list icon=”chevron-sign-right”]technoskald/maltrieve[/list]
A tool to retrieve malware directly from the source for security researchers.
[list icon=”chevron-sign-right”]guelfoweb/peframe[/list]
PEframe is a open source tool to perform static analysis on (Portable Executable) malware. It’s released under GPL v2. JSON output and SQlite database support are been introduced since version 4.0.
[list icon=”chevron-sign-right”]holman/spark[/list]
Shell script to create spark lines in your shell – e.g. ▁▂▃▅▇
[list icon=”chevron-sign-right”]mlsecproject/combine[/list]
Combine gathers OSINT Threat Intelligence Feeds
[list icon=”chevron-sign-right”]mlsecproject/tiq-test[/list]
Threat Intelligence Quotient Test – Code and data repository for the statistical analysis of TI feeds
[list icon=”chevron-sign-right”]CIRCL/AIL-framework[/list]
AIL is a modular framework to analyze potential information leak from unstructured data source like pastes from Pastebin or similar services. AIL framework is flexible and can be extended to support other functionalities to mine sensitive information.