Malware Analysis
RATDecoders
- URL: https://github.com/kevthehermit/RATDecoders
Malconf is a python3 library that can be used to statically analyze specific malware families (mostly RATs) and extract the Configuration data that can be used by Incident Responders during an incident. As a library, it can also be installed into automated malware analysis pipelines.
Network Data Analysis
PCredz
- URL: https://github.com/lgandx/PCredz
This tool extracts Credit card numbers, NTLM(DCE-RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc from a pcap file or from a live interface.
Nmap Atlas: Natlas
- URL: https://github.com/natlas/natlas
Natlas is a collection of nmaps in a website. Natlas’ objective is to make it easy to perform continuous scanning and review collected data.
The goal of Natlas is not to identify a bunch of vulnerabilities, necessarily, but rather to identify exposure. Perhaps you want to make sure that no one is running ssh with password auth enabled. Or perhaps you want to look for any exposed nfs, smb, or rsync shares. Maybe you want to look for expiring or expired ssl certificates, or weak ssl ciphers being used. Since Natlas uses the popular nmap port scanner, you can easily use any default nmap scripts in your scans.