Code Monkey home page Code Monkey logo

awesome-csirt's Introduction

CSIRT Awesome

*Please contribute through pull requests- ;)

Another great list: awesome-incident-response





  • Some CVEs stuff and links here and in here
  • MikroTik search on shodan.
  • TROMMEL: Sift Through Directories of Files to Identify Indicators That May Contain Vulnerabilities
  • cve_manager: A python script that a) parses NIST NVD CVEs, b) prcoesses and exports them to CSV files, c) creates a postgres database and imports all the data in it, d) provides query capabilities for this CVEs database.
  • dorkbot: Command-line tool to scan Google search results for vulnerabilities.
  • NotQuite0DayFriday: This is a repo which documents real bugs in real software to illustrate trends, learn how to prevent or find them more quickly.

Malware Analysis

Web Malwares

Malware Samples


  • A repository of LIVE malwares for your own joy and pleasure: theZoo
  • is a binary substring searchable malware catalog containing terabytes of malicious code.
  • Beginner Malware Reversing Challenges, by MalwareTech. repo
  • MalwareWorld: Check for Suspicious Domains and IPs. Repo: MalwareWorld: System based on +500 blacklists and 5 external intelligences to detect internet potencially malicious hosts
  • C2Matrix: The goal of this site is to point you to the best C2 framework for your needs based on your adversary emulation plan and the target environment
  • LOLBITS: C2 framework that uses Background Intelligent Transfer Service (BITS) as communication protocol and Direct Syscalls + Dinvoke for EDR user-mode hooking evasion.
  • MalwareBazaar: is a project from with the goal of sharing malware samples with the infosec community, AV vendors and threat intelligence providers.
  • What is MWDB Core? mwdb-core: Malware repository component for samples & static configuration with REST API interface.
  • Malpedia: The primary goal of Malpedia is to provide a resource for rapid identification and actionable context when investigating malware. Openness to curated contributions shall ensure an accountable level of quality in order to foster meaningful and reproducible research.




Malware Articles and Sources

Reverse Engineering






  • Did Microsoft Just Manually Patch Their Equation Editor Executable? Why Yes, Yes They Did. (CVE-2017-11882)





Secure Programming

Web Training


Secure Web dev

Formal Analysis





CTFs tools

  • CTFs-Exploits
  • nc-chat-ctf: Chat Server for CTF Players wrapped in SSL.
  • thg-framework
  • Super-Guesser-ctf
  • Ciphr: CLI crypto swiss-army knife for performing and composing encoding, decoding, encryption, decryption, hashing, and other various cryptographic operations on streams of data from the command line; mostly intended for ad hoc, infosec-related uses.








  • linux-smart-enumeration: Linux enumeration tool for pentesting and CTFs with verbosity levels
  • Ethical Hacking Course: Enumeration Theory
  • Sublist3r: Fast subdomains enumeration tool for penetration testers
  • subscraper: External pentest tool that performs subdomain enumeration through various techniques. In addition, SubScraper will provide information such as HTTP & DNS lookups to aid in potential next steps.
  • massh-enum: OpenSSH 7.x Mass Username Enumeration.
  • LinEnum: Scripted Local Linux Enumeration & Privilege Escalation Checks
  • linpostexp: Linux post exploitation enumeration and exploit checking tools
  • Social Mapper - A Social Media Enumeration & Correlation Tool. github repo
  • The art of subdomain enumeration: This repository contains all the supplement material for the book "The art of sub-domain enumeration".
  • social_mapper: A Social Media Enumeration & Correlation Tool by Jacob Wilkin(Greenwolf)
  • LEGION - Automatic Enumeration Tool
  • discover - Custom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit.
  • Z/OS System Enumeration Scripts: PoC REXX Script to Help with z/OS System enumeration via OMVS/TSO/JCL.
  • WPExploitation: simples scripts to help windows enumeration.
  • CTFR does not use neither dictionary attack nor brute-force, it just abuses of Certificate Transparency logs.
  • feroxbuster: A fast, simple, recursive content discovery tool written in Rust.
  • grinder: Python framework to automatically discover and enumerate hosts from different back-end systems (Shodan, Censys)
  • Admin-Scanner: This tool is to design to find admin panel of websites.
  • Virtual host scanner: A script to enumerate virtual hosts on a server.
  • vhost-brute: A PHP tool to brute force vhost configured on a server.
  • grab_beacon_config: nmap strip to get beacon info.
  • assetfinder: Find domains and subdomains related to a given domain.
  • Wordlists:




OSINT - Open Source INTelligence

OSINT Webscraping

  • OSINT framework focused on gathering information from free tools or resources.
  • h8mail: Password Breach Hunting & Email OSINT tool, locally or using premium services. Supports chasing down related email
  • PwnBin: Python Pastebin Webcrawler that returns list of public pastebins containing keywords
  • ODBParser: OSINT tool to search, parse and dump only the open Elasticsearch and MongoDB directories.
  • pastego: Scrape/Parse Pastebin using GO and expression grammar (PEG)
  • Instagram Scraper: Scrapes an instagram user's photos and videos
  • galer: A fast tool to fetch URLs from HTML attributes by crawl-in.
  • How to bypass CloudFlare bot protection ?


  • chatter: internet monitoring osint telegram bot for windows
  • Slackhound: Slackhound allows red and blue teams to perform fast reconnaissance on Slack workspaces/organizations to quickly search user profiles, locations, files, and other objects.
  • ail-feeder-telegram: External telegram feeder for AIL framework.
  • signald: unofficial daemon for interacting with Signal
  • Telegram messenger CLI: telegram-cli for Telegram IM.
  • OSINT-Discord-resources: Some OSINT Discord resources.




<IMG SRC="javascript:alert('XSS');">

<IMG SRC="jav&#x09;ascript:alert('XSS');">

<IMG SRC="jav&#x0A;ascript:alert('XSS');">

<IMG SRC="jav&#x0D;ascript:alert('XSS');">

<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
  • CloudFlare XSS Bypass:



Bug Bounty

curl -s URL | grep -Po "(\/)((?:[a-zA-Z\-_\:\.0-9\{\}]+))(\/)*((?:[a-zA-Z\-_\:\.0-9\{\}]+))(\/)((?:[a-zA-Z\-_\/\:\.0-9\{\}]+))" | sort -u
  • BugBountyScanner: A Bash script and Docker image for Bug Bounty reconnaissance. Intended for headless use.

Web Exploitation

Burp Suite

Red Team

Command & Control (C2)

Purple Team

  • Purple Cloud: An Infrastructure as Code (IaC) deployment of a small Active Directory pentest lab in the cloud. The deployment simulates a semi-realistic corporate enterprise Active Directory with a DC and endpoints. Purple team goals include blue team detection capabilities and R&D for detection engineering new approaches. On kiploit





  • Phishing on Twitter
  • evilginx2: Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication.
  • shellphish: Phishing Tool for 18 social media: Instagram, Facebook, Snapchat, Github, Twitter, Yahoo, Protonmail, Spotify, Netflix, Linkedin, Wordpress, Origin, Steam, Microsoft, InstaFollowers, Gitlab, Pinterest
  • pompa: Fully-featured spear-phishing toolkit - web front-end.
  • ..Modlishka..: Modlishka is a flexible and powerful reverse proxy, that will take your phishing campaigns to the next level (with minimal effort required from your side).
  • Using phishing tools against the phishers — and uncovering a massive Binance phishing campaign.
  • Lure: User Recon Automation for GoPhish
  • PhishingKitTracker: An extensible and freshly updated collection of phishingkits for forensics and future analysis topped with simple stats.
  • SimplyTemplate: Phishing Template Generation Made Easy.
  • Compromising operating systems through fake software updates. Using: evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates.


  • Cracking Linux Full Disk Encryption (LUKS) with hashcat - The Forensic way!
  • O-Saft: OWASP SSL advanced forensic tool
  • PcapXray - A Network Forensics Tool - To visualize a Packet Capture offline as a Network Diagram including device identification, highlight important communication and file extraction
  • swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics
  • The Sleuth Kit® (TSK) is a library and collection of command line digital forensics tools that allow you to investigate volume and file system data
  • Invoke-LiveResponse
  • Linux Forensics
  • CDQR: The Cold Disk Quick Response (CDQR) tool is a fast and easy to use forensic artifact parsing tool that works on disk images, mounted drives and extracted artifacts from Windows, Linux and MacOS devices
  • mac_apt: macOS Artifact Parsing Tool
  • MacForensics: Repository of scripts for processing various artifacts from macOS (formerly OSX).
  • imago-forensics: Imago is a python tool that extract digital evidences from images.
  • remedi-infrastructure: setup and deployment code for setting up a REMEDI machine translation cluster
  • Tsurugi Linux is a new DFIR open source project that is and will be totally free, independent without involving any commercial brand
  • libelfmaster: Secure ELF parsing/loading library for forensics reconstruction of malware, and robust reverse engineering tools
  • usbrip (derived from "USB Ripper", not "USB R.I.P." 😲) is an open source forensics tool with CLI interface that lets you keep track of USB device artifacts (aka USB event history, "Connected" and "Disconnected" events) on Linux machines.
  • Digital Forensics and Incident Response: This post is inspired by all the hard working DFIR, and more broadly security professionals, who have put in the hard yards over the years to discuss in depth digital forensics and incident response.
  • KAPE - Kroll Artifact Parser And Extractor: Find, collect and process forensically useful artifacts in minutes. blog post. KAPE docs and KAPE Files
  • AVML(Acquire Volatile Memory for Linux).
  • turbinia: Automation and Scaling of Digital Forensics Tools
  • Eric Zimmerman's Tools
  • MacQuisition: A powerful, 4-in-1 forensic imaging software solution for Macs for triage, live data acquisition, targeted data collection, and forensic imaging.
  • Kuiper: Digital Forensics Investigation Platform
  • file Signatures:
  • PowerForensics: PowerForensics provides an all in one platform for live disk forensic analysis. Powershell
  • OfficeForensicTools: A set of tools for collecting forensic information.
  • CHIRP: A forensic collection tool written in Python.
  • Hash Cracking with AWS and hashcat
  • Foremost: is a console program to recover files based on their headers, footers, and internal data structures. This process is commonly referred to as data carving. Foremost can work on image files, such as those generated by dd, Safeback, Encase, etc, or directly on a drive. The headers and footers can be specified by a configuration file or you

Email Headers



Blue Team

Threat Hunting


APT - Advanced Persistent Threat




Browsers Addons

Operating Systems



Active Directory



Office and O/365



Linux/ *Nix



  • git-secrets: Prevents you from committing secrets and credentials into git repositories.
  • CloudMapper: CloudMapper helps you analyze your Amazon Web Services (AWS) environments.
  • Security Monkey: Security Monkey monitors AWS, GCP, OpenStack, and GitHub orgs for assets and their changes over time.
  • my-arsenal-of-aws-security-tools: List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
  • RKMS: RKMS is a highly available key management service, built on top of AWS's KMS.
  • FireProx: AWS API Gateway management tool for creating on the fly HTTP pass-through proxies for unique IP rotation.
  • AWS IAM privileges as found using the AWS Policy Generator described at
  • Sadcloud: A tool for standing up (and tearing down!) purposefully insecure cloud infrastructure.
  • Prowler: Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness.

Risk Assessment and Vulnerability Management





Social Engineering



  • cherrytree: A hierarchical note taking application, featuring rich text and syntax highlighting, storing data in a single xml or sqlite file. repo
  • SwiftnessX: A cross-platform note-taking & target-tracking app for penetration testers.
  • [trilium] Build your personal knowledge base with Trilium Notes.
  • obsidian: is a powerful knowledge base that works on top of a local folder of plain text Markdown files.
  • CudaText, repo
  • marktext: A simple and elegant markdown editor, available for Linux, macOS and Windows.


  • hurl: hexadecimal & URL encoder + decoder. Package Description: hURL is a small utility that can encode and decode between multiple formats.

IP Reputation

Shell tools

  • Python-Scripts: some scripts for penetration testing.
  • SubEnum: bash script for Subdomain Enumeration
  • password-store: Simple password manager using gpg and ordinary unix directories.

Search Engines


  • jigsaw project by Alphabet/Google. Outline: VPN Server.
  • SSHuttle: Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.
  • WireGuard: is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPSec, while avoiding the massive headache.
  • Crockford’s base 32 encoding: Crockford’s base 32 encoding is a compromise between efficiency and human legibility.
  • Sputnik -An Open Source Intelligence Browser Extension
  • PCredz: This tool extracts Credit card numbers, NTLM(DCE-RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc from a pcap file or from a live interface.
  • uncaptcha2: defeating the latest version of ReCaptcha with 91% accuracy
  • Nefarious LinkedIn: A look at how LinkedIn spies on its users.
  • ProtonVPN-CLI: Linux command-line client for ProtonVPN. Written in Python.

Secure Sharing

  • CryFS: Keep your data safe in the cloud. code
  • Cryptomator: Multi-platform transparent client-side encryption of your files in the cloud. code
  • VeraCrypt: is a free open source disk encryption software for Windows, Mac OSX and Linux.
  • CipherShed: is a program that can be used to create encrypted files or encrypt entire drives (including USB flash drives and external HDDs). code
  • Boxcryptor: Security for your Cloud.
  • Nextcloud E2E: End-to-end encryption RFC. Some old news about it
  • DiskCryptor is an open encryption solution that offers encryption of all disk partitions, including the system partition. code
  • ProjectSend is a free, open source software that lets you share files with your clients, focused on ease of use and privacy. It supports clients groups, system users roles, statistics, multiple languages, detailed logs... and much more!
  • Mozilla send: Simple, private file sharing from the makers of Firefox (archived). Revival: send





Training and Certifications

Conferences and Slides




Some good places to visit:





Other Repos

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.