Linux #rootkit and #malware revealer
☆31Aug 1, 2024Updated last year
Alternatives and similar repositories for sunlight
Users that are interested in sunlight are comparing it to the libraries listed below
Sorting:
- Decloak Linux stealth rootkits hiding data with this simple memory mapped IO investigation tool.☆29Sep 29, 2025Updated 5 months ago
- Linux BPF plugins for Volatility3☆23Jan 19, 2024Updated 2 years ago
- Simple root privilege escalation detection using eBPF 🐝☆35Feb 10, 2026Updated last month
- Read partition tables from GPT and basic MBR☆16Mar 10, 2023Updated 3 years ago
- Tools and scripts to deploy and manage OpenRelik instances☆16Mar 3, 2026Updated 2 weeks ago
- sudo-parser is a tool to audit complex sudoers files☆18Nov 2, 2022Updated 3 years ago
- Slides and resources from MCTTP 2025 Talk☆68Oct 26, 2025Updated 4 months ago
- A command line Curses based json viewer and tabulator☆30Aug 3, 2025Updated 7 months ago
- Simple CLI utility to save off an image from every webcam hooked into a mac☆14May 20, 2021Updated 4 years ago
- Rootkit breaker - experimental Linux anti-rootkit tool based on kprobes☆12Sep 30, 2020Updated 5 years ago
- Some security by obscurity using port-jumping.☆14Aug 21, 2025Updated 7 months ago
- Indicators of compromise from to analysis and research by Nextron Threat Research team☆12Sep 17, 2025Updated 6 months ago
- Read ETW Provider events. Inspired by ETWExplorer by Pavel Yosifovich☆18Jun 29, 2024Updated last year
- A simple rpc2socks alternative in pure Go.☆31Jul 8, 2024Updated last year
- Production-ready detection & response queries for osquery☆602Aug 13, 2025Updated 7 months ago
- ☆46Oct 27, 2023Updated 2 years ago
- Modified-Thycotic-Secret-Stealer for use with DPAPI and offline Decryption☆19Aug 5, 2022Updated 3 years ago
- Packet Monkey is a tool to filter and classify PCAPs using Wireshark filters☆11Feb 27, 2026Updated 3 weeks ago
- Proof-of-Concept to evade auditd by tampering via ptrace☆19Aug 3, 2023Updated 2 years ago
- Volatile Artifact Collector collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of par…☆254Nov 18, 2024Updated last year
- ☆145Aug 7, 2025Updated 7 months ago
- UAC is a powerful and extensible incident response tool designed for forensic investigators, security analysts, and IT professionals. It …☆1,263Mar 14, 2026Updated last week
- Fast lookup server for NSRL and other hash database used in digital forensic☆49Jan 26, 2026Updated last month
- Harvest Linux forensic data for operational triage of an event.☆51Nov 30, 2025Updated 3 months ago
- A fast, deterministic, non-cryptographic hash for use in hash tables for Rust☆15Jan 12, 2021Updated 5 years ago
- ☆23Jan 15, 2019Updated 7 years ago
- Got a bogus CVE someone got for a non-vuln? Please share here!☆25Jul 24, 2024Updated last year
- FJTA (Forensic Journal Timeline Analyzer) is a tool that analyzes Linux filesystem (ext4, XFS) journals (not systemd-journald logs), gene…☆103Jan 13, 2026Updated 2 months ago
- Awesome Splunk SPL hunt queries that can be used to detect the latest vulnerability exploitation attempts & subsequent compromise☆68Apr 29, 2024Updated last year
- ESF modular ingestion tool for development and research.☆38Dec 21, 2021Updated 4 years ago
- Read PostgreSQL data files without credentials - forensics, data recovery, and security research tool☆43Jan 18, 2026Updated 2 months ago
- A tool to start programs with admin rights.☆16Nov 18, 2025Updated 4 months ago
- ☆28Sep 4, 2024Updated last year
- POC tool to abuse windows server failover clusters☆55Aug 7, 2025Updated 7 months ago
- ☆11Dec 8, 2023Updated 2 years ago
- Forensic Artifact Collection Tool Matrix☆95Nov 9, 2024Updated last year
- This is a powershell module to help implement the AD Tier Model☆15Feb 17, 2026Updated last month
- Framework for generating audit commands for Unix security audits☆66Aug 1, 2023Updated 2 years ago
- Base class for Jupyter Data Integrations☆11Feb 11, 2026Updated last month