This is a repository to track and share free penitration testing and blue team tools. The tools are broken down into 7 sections and can be skipped to from the index here.
- Blue Team Tools
- Information Security Defense
- Cloud Security
- Digital Forensics and Incident Response (DFIR)
- Industrial Control Systems (ICS)
- Management
- Penetration Testing
Click on Tool Name to visit tool's homepage, credit and attribution is given to the best of the ability of our organization and the tool's documentation provides. We are always looking to improve this list, If there are worthy additions corrections or mistakes please dont hesitate to make a pull request that adhears to our community guidelines and we will work to merge it.
| Tool Name | Description | Author | Domain |
|---|---|---|---|
| DeepBlueCLI | A PowerShell Module for Threat Hunting via Windows Event Log. | Eric Conrad | Blue Team Tools |
| DNSSpoof | Script to perform and teach how easy it is to build a DNS Spoofing tool using scapy. | Nik Alleyne | Blue Team Tools |
| Domain Stats | A SEIM Integration tool that monitors DNS hostnames used by your network to identify first contact with new domains and contact with new domains that have been established in the last 2 years, effective in identifying malicious actors. | Mark Baggett | Blue Team Tools |
| Espial | OSINT tool for asset identification, service validation and vulnerability detection. | Serge Borso | Blue Team Tools |
| flare | Helps to find command and control beacons against data already ingested into Elasticsearch (supports netflow, Zeek, and likely any standard connection log). | Austin Taylor & Justin Henderson | Blue Team Tools |
| Freq Server | "A Web server that integrates with SEIM systems and identifies hosts being used for Command and control by identifying domains being used for Command and Control. The tools uses character frequency analysis to identify random hostnames." | Mark Baggett | Blue Team Tools |
| LaBrea.py | Modern implementation of LaBreay Tarpit in Python/Scapy. LaBrea allows you to set up a host that can take over all unused addresses within an IPv4 subnet, creating a low interaction honeypot (of sorts) for network worms and scans | David Hoelzer | Blue Team Tools |
| Log Campaign | Scheduled task framework for automatic baselining and logging based on differences between baselines. Logging can be direct to a syslog server or to local EVTX. Custom EVTX channel is supported and log output can be plaintext or JSON. | Justin Henderson | Blue Team Tools |
| Blueteam PowerShell (PS and VBScripts) | Hundreds of PowerShell and VBScript scripts for tasks large and small related to Microsoft product security. | Jason Fossen | Blue Team Tools |
| QRadar Threat Intelligence | Download a list of suspected malicious IPs and Domains. Create a QRadar Reference Set. Search Your Environment For Malicious Ips. | Nik Alleyne | Blue Team Tools |
| ShowMeThePackets | Collection of IDS/Network Monitoring scripts and tools covering things from data collection through analysis. | David Hoelzer | Blue Team Tools |
| untappdScraper | OSINT tool for scraping data from the untappd.com social media site. | Micah Hoffman & Brandon Evans | Blue Team Tools |
| Update-VMs | Automatic framework for snapshotting VMware VMs and patching them. Supports custom health checks per VM with automatic rollback of failed healthcheck and default healthcheck is to see if the server comes back online. | Josh Johnson | Blue Team Tools |
| VisualSniff | A simple communications visualization tool for Macos written in Objective-C. Visualizes communicating hosts,volume, and directionality of data. | David Hoelzer | Blue Team Tools |
| WhatsMyName | OSINT/recon tool for user name enumeration. JSON file that is used in Spiderfoot and Recon-ng modules. | Micah Hoffman | Blue Team Tools |
| CHAPS | Configuration Hardening Assessment PowerShell Script (CHAPS) is a PowerShell script for checking system security settings where additional software and assessment tools, such as Microsoft Policy Analyzer, cannot be installed. | Don C. Weber | Industrial Control Systems |
| ControlThings | An umbrella project that includes several sub-projects, including a Linux distribution (ControlThings Platform) for conducting security assessments on ICS/IIoT environments and other tools to interact with various protocols and technologies including ctmodbus, ctserial, ctui, ctspi, cti2c, etc... | Justin Searle | Industrial Control Systems |
| API-ify | "A Web server that provides an API that allows network defenders to consume the output of any Linux based command and integrate it into their ELK stack, splunk or other SEIM tools." | Mark Baggett | Information Security Defense |
| Reassembler | A tool that allows network defenders to reassemble and view packets using the 5 widely used fragment reassembly policies commonly found in Intrusion Detection Systems. | Mark Baggett | Information Security Defense |
| SET-KBLED | "A Powershell script that will allow you to set the Keyboard LED Color to the color of your Clevo chipset based Keyboard. When used with event log actions you have a visible early warning system. Example, have keyboards turn red when a virus is detected." | Mark Baggett | Information Security Defense |
| CyberCPR | IR Management platform for secure comms and tracking of the incident and evidence, with immutable chat, comms, hashed and encrypted central evidence files. Allowing analysts to streamline protecting their evidence and plans for network or system remediation. | David Hoelzer | Digital Forensics and Incident Response (DFIR) |
| DAD | "Large scale log aggregation and analysis SIEM supporting the ability to create correlation scripts based on signatures and on correlations. Supports aggregation of syslog, Windows Event Logs, and any other text-based log format." | David Hoelzer | Digital Forensics and Incident Response (DFIR) |
| PAE | "A high-performance statistical analysis tool for packet headers and data. Excellent for anomaly detection, threat hunting, and beacon (protocol) detection. Supports visualization through accompanying Python script." | David Hoelzer | Digital Forensics and Incident Response (DFIR) |
| Rastrea2r | "Rastrea2r (pronounced ""rastreador"" - hunter- in Spanish) is a multi-platform open source tool that allows incident responders and SOC analysts to triage suspect systems and hunt for Indicators of Compromise (IOCs) across thousands of endpoints in minutes" | Ismael Valenzuela | Digital Forensics and Incident Response (DFIR) |
| Silky | Web based GUI for easy interaction with SiLK based NetFlow repositories. | David Hoelzer | Digital Forensics and Incident Response (DFIR) |