30 open-source projects similar to rabbitstack/fibratus, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Fibratus alternative.
Reverse engineering and pentesting for Android applications
HFish is a distributed honeypot system and network intrusion detection tool designed to deploy decoy services and nodes to detect and analyze attacker behavior. It functions as a deceptive asset orchestrator that simulates enterprise services and configures custom baits to lure network intruders. The system utilizes a server-client architecture to manage distributed nodes across different platforms, allowing for centralized control of telemetry collection and decoy deployment. It incorporates cloud-based traffic routing to redirect suspicious network activity into managed decoy environments f
Security Onion is a security information and event management platform and network security monitoring suite. It functions as an intrusion detection system and a network traffic analysis tool designed to identify malicious activity and network intrusions through signature-based detection and host-based monitoring. The platform integrates a security case management system to organize investigations by tracking detections and grouping related security events. It provides capabilities for full packet capture, network metadata extraction, and the collection and indexing of security logs from dive
T-Pot is a multi-honeypot platform and threat intelligence framework that deploys a collection of containerized decoy services to capture attacker behavior and network telemetry. It functions as a Docker-based deception system, simulating vulnerable network environments to gather intelligence on threat actors. The system features a distributed sensor network using a hub-and-spoke architecture, allowing remote sensors to transmit logs back to a central management hub. It integrates large language models to create a dynamic deception engine capable of adaptive interactions with attackers. The
Seatbelt is a C# offensive security framework and host security auditor designed to perform endpoint surveys on Windows systems. It functions as a modular tool for identifying vulnerabilities, misconfigurations, and security-relevant artifacts on both local and remote hosts. The project distinguishes itself through a module-based check system that allows for the integration of custom security command units. It features a security event log parser to track logon and process activity, alongside a credential extraction utility for gathering browser history, saved passwords, and cloud credentials
This project is a Windows security removal tool designed to permanently disable and delete antivirus services and security monitoring components from the operating system. It functions as a system performance optimizer and policy manager to remove security mitigations and clear policy files that restrict application execution. The tool includes a Windows ISO customizer that embeds configuration files and unattended installation scripts into bootable images. This allows security features to be bypassed and services to be disabled before the initial system boot. The software covers broad capab
This project is a security tool installation framework and binary analysis toolkit designed to automate the deployment of research utilities. It provides a containerized security research environment and a system for managing Python and Ruby virtual environments to prevent dependency conflicts on the host machine. The framework distinguishes itself through a structured tool catalog and provisioning scripts that automate the installation of utilities into isolated directories. It utilizes executable symlink mapping to provide a unified command interface and supports the bootstrapping of consis
Port listener / honeypot in Rust with protocol guessing and safe string display
Binary Analysis Platform
Capstone is a multi-architecture disassembly framework and binary translation system. It converts binary machine code into human-readable assembly instructions for a wide variety of hardware instruction set architectures and virtual machines. The framework supports a diverse range of targets, including x86, ARM, RISC-V, and MIPS, as well as virtual machine environments like WebAssembly and the Ethereum Virtual Machine. It functions as an instruction analysis tool capable of extracting granular decomposition data and semantic information from disassembled code. The engine is designed for low-
Angr is a binary analysis framework and static analysis tool used for reverse engineering compiled binaries. It serves as a binary decompiler and a lifting platform that translates machine code into a common intermediate representation to enable cross-architecture analysis. The framework integrates a symbolic execution engine and constraint solvers to determine the inputs required to reach specific program states. It also employs untrusted code sandboxing to isolate guest code from the host environment during analysis. Its capabilities cover control flow and data flow analysis, including the
LaZagne is a cross-platform credential recovery tool designed to extract passwords and secrets from operating systems, browsers, and applications. It functions as a security utility for retrieving stored credentials from compromised systems during penetration testing. The tool provides capabilities for decrypting domain credentials and extracting sensitive data from system storage, including memory dumps, credential managers, keychains, and password hashes. It recovers stored passwords from common software by accessing plaintext files, APIs, and local databases. The project supports digital
Substation is a toolkit for routing, normalizing, and enriching security event and audit logs.
Uses Empire's (https://github.com/BC-SECURITY/Empire) RESTful API to automate gaining Domain and/or Enterprise Admin rights in Active Directory environments using some of the most common offensive TTPs.
A collection of tools developed by other researchers in the Computer Science area to process network traces. All the right reserved for the original authors.
HoneyWRT is a low interaction Python honeypot that is designed to mimic services or ports that might get targeted by attackers.
HoneySpider Network version of Capture-HPC
Python scriptable Reverse Engineering Sandbox, a Virtual Machine instrumentation and inspection framework based on QEMU
ROPMEMU is a framework to analyze, dissect and decompile complex code-reuse attacks.
Automated static analysis tools for binary programs
Boomerang Decompiler - Fighting the code-rot :)