HELK is a containerized security information and event management environment and threat hunting platform. It provides a security-focused deployment of the ELK stack, combining Elasticsearch, Logstash, and Kibana into a specialized platform for investigating logs and discovering hidden patterns in network and system security data. The project functions as a security data science suite, integrating interactive computational notebooks and distributed processing tools to run machine learning and graph analytics on security logs. This allows for the identification of hidden attack patterns and an
AndroidHttpCapture is a mobile application for intercepting and analyzing HTTP and HTTPS network traffic directly on an Android device. It functions as a local proxy server and traffic interceptor to capture and monitor requests and responses from other installed mobile applications. The tool provides capabilities for MITM HTTPS decryption through root certificate installation and supports exporting captured network sessions as HAR files for external analysis. It allows for real-time response body injection and the modification of request headers via user agent spoofing. The project includes
Sonar is a mobile app debugging platform and extensible toolkit that allows developers to inspect the internal state, network traffic, and system logs of mobile devices via a desktop interface. It functions as a centralized system for monitoring application behavior and troubleshooting logic and performance issues. The platform is distinguished by a plugin-based extension system that enables the development of custom debugging tools. These plugins can visualize specific application data and facilitate event exchange between a mobile device and a computer. The toolkit covers several core obse
r0capture is a tool for intercepting network traffic from Android applications. It serves as a traffic interceptor, packet sniffer, and client certificate exporter used to analyze application-layer communication on Android devices. The project provides mechanisms to bypass SSL pinning and certificate validation, allowing the decryption of encrypted traffic without modifying device trust stores. It also enables the extraction of client-side certificates from application memory for saving to local device storage. Captured network data is serialized into PCAP files to support offline protocol a