Scripts to for ready-to-use Velociraptor instance deployment in Azure
☆14Jun 27, 2023Updated 2 years ago
Alternatives and similar repositories for VelociDeploy-o-Matic
Users that are interested in VelociDeploy-o-Matic are comparing it to the libraries listed below
Sorting:
- A tool for fetching DFIR and other GitHub tools.☆25Aug 2, 2025Updated 7 months ago
- ☆24Mar 12, 2025Updated 11 months ago
- A simple python script to generate nested folders based on user input. The script will also name and place a template report document and…☆11Jun 19, 2025Updated 8 months ago
- FileSigExtractor is a python based tool which extracts the file signatures of all files within a directory and writes the output to a CSV…☆10Jul 15, 2023Updated 2 years ago
- Thor Artifacts for Velociraptor☆19Dec 2, 2025Updated 3 months ago
- /ˈhäjˌpäj/ "a confused mixture."☆13Feb 26, 2026Updated last week
- Various commands, tools, techniques that you can use to examine live Windows systems for signs of Compromise or for Threat Hunting.Can al…☆14Aug 15, 2022Updated 3 years ago
- single-threaded event driven sleep obfuscation poc for linux☆38Jun 14, 2025Updated 8 months ago
- TheHiveIRPlaybook is a collection of TheHive case templates used for Incident Response☆13Jul 13, 2020Updated 5 years ago
- Fork this repo! Do a Pull Request! As many times as you want! Learn the ins and outs of how to contribute to GitHub! Make your mistakes h…☆14Jun 21, 2024Updated last year
- Crowdstrike response script containing various functions for IR/triage☆12Dec 7, 2020Updated 5 years ago
- A C# (.NET 6) tool to compare the file signature of files recursively and inform the user of matches and mismatches☆16Nov 29, 2024Updated last year
- Automatic, fast parsing of browser artifacts☆17Jan 4, 2025Updated last year
- A preconfigured Velociraptor triage collector☆76Feb 16, 2026Updated 2 weeks ago
- Forensic cheatsheets for use with cheat☆15Dec 2, 2021Updated 4 years ago
- A repository of output using KAPE (!EZParser Module) for various publicly available forensic images!☆17Aug 31, 2024Updated last year
- Just Another broken Registry Parser (JARP)☆16May 23, 2024Updated last year
- Chrome/Chromium Forensic Tool : Parses History, Visited Links, Downloaded Files and Cache☆20Feb 4, 2024Updated 2 years ago
- A powerful macOS triage collection tool designed for forensic analysis. It gathers critical system artifacts such as FSEvents, Spotlight,…☆35Oct 24, 2025Updated 4 months ago
- StickyParser - Sticky Notes Forensic. A Windows Sticky Notes Praser (snt and plum.sqlite supported). Additional Feature: SQLite Recovery …☆20Jul 18, 2023Updated 2 years ago
- Contains compiled binaries of Volatility☆36May 18, 2025Updated 9 months ago
- Windows Forensics Salt States☆21Feb 23, 2026Updated last week
- ☆20Jan 28, 2026Updated last month
- A preconfigured Windows-based system designed for rapid forensic investigations in both Azure and AWS.☆39Mar 25, 2024Updated last year
- A nim port of C5pider's Ekko project.☆17Oct 1, 2022Updated 3 years ago
- Automating the baseline logging settings found here: https://nullsec.us/windows-baseline-logging/☆20Jan 28, 2025Updated last year
- Various PowerShells scripts I've made (or others have made) to automate some of the boring stuff in my everyday DFIR journey!☆51Jan 9, 2026Updated last month
- ☆22Jan 31, 2023Updated 3 years ago
- Google Filestream Forensic Tool☆22Mar 10, 2022Updated 3 years ago
- Rhaegal is a tool written in Python 3 used to scan Windows Event Logs for suspicious logs. Rhaegal uses custom rule format to detect sus…☆42Sep 21, 2023Updated 2 years ago
- Rust Windows EDR (user-mode, no driver): ETW → Sysmon-style normalization → Sigma/Yara/IOC detection → ECS NDJSON alerts.☆64Feb 15, 2026Updated 2 weeks ago
- ☆26Mar 10, 2022Updated 3 years ago
- ☆25Jul 23, 2024Updated last year
- An experimental Velociraptor implementation using cloud infrastructure☆26Dec 2, 2025Updated 3 months ago
- A pcap capture analysis helper☆25Aug 30, 2023Updated 2 years ago
- A hex viewer for the sleuths!☆20Nov 7, 2025Updated 3 months ago
- macOS forensic timeline generator using the analysis result DBs of mac_apt☆93Sep 7, 2023Updated 2 years ago
- VelociraptorMCP is a Model Context Protocol bridge for exposing LLMs to MCP clients.☆70Aug 20, 2025Updated 6 months ago
- A powershell parser for https://github.com/ufrisk/MemProcFS☆45May 12, 2021Updated 4 years ago