The Rekall Framework is a completely open collection of tools, implemented in
Python under the GNU General Public License, for the extraction of digital
artifacts from volatile memory (RAM) samples. The extraction techniques are
performed completely independent of the system being investigated but offer
visibility into the runtime state of the system. The framework is intended to
introduce people to the techniques and complexities associated with extracting
digital artifacts from volatile memory samples and provide a platform for
further work into this exciting area of research.
Heimdal is an implementation of Kerberos 5, largely written in Sweden
(due to crypto export legal issues in the US at the time). It is freely
available under a three clause BSD style license.
Command line password generator
ranpwd uses /dev/random or /dev/urandom to generate cryptographically secure
passwords.
Generated passwords may consist of any specified length and any combination of
upper- or lower-case alphanumeric characters or punctuation. ranpwd can also
generate passwords consisting of hexadecimal, decimal, octal or binary numbers,
and format these as valid C constants for inclusion in source code.
The python bindings for yara.
"YARA is a tool aimed at helping malware researchers to identify and classify
malware samples. With YARA you can create descriptions of malware families
based on textual or binary patterns contained on samples of those families.
Each description consists of a set of strings and a Boolean expression which
determines its logic."
revealrk searches for hidden processes. If you have a kernel mod
rootkit loaded into memory without hiding any process, don't expect
to find anything.
Reveal RootKit is intended to run out of cron or similar services
on a regular basis and avoids verbose output as long as nothing was
found.
EzCrypto is an easy to use wrapper around the poorly documented OpenSSL ruby
library.
Features
* Defaults to AES 128 CBC
* Will use the systems OpenSSL library for transparent hardware crypto
support
* Single class object oriented access to most commonly used features
* Ruby like
Secure rm (srm) is a command-line utility compatible with rm(1) which destroys
file contents before unlinking. The goal is to provide drop-in security for
users who wish to prevent command-line recovery of deleted information, even if
the machine is compromised.
pev is a multiplatform PE analysis toolkit that
includes tools to retrieve and parsing information
about Windows PE files.
This module provides common interface to HMAC functionality. HMAC is a kind of
"Message Authentication Code" (MAC) algorithm whose standard is documented in
RFC2104. Namely, a MAC provides a way to check the integrity of information
transmitted over or stored in an unreliable medium, based on a secret key.
Originally written by Daiki Ueno. Converted to a RubyGem by Geoffrey Grosenbach