Open Source Tools

Welcome to RSAC’s Community Open Source Tools information page. As part of our effort to provide as much value to the community as possible, we’ve created this guide to help you more easily find the open source resources and tools presented during Conference so that you can quickly access what you need to get up and running.

This page provides project-specific information for the different tools. Listed in alphabetical order, we’ve highlighted the following for each project:

Description – a brief textual description of the project
Project page – a link to the main project page URL
User documentation – a link to the primary usage documentation for the project
Community discussion – a link to the forum, mailing list, or community discussion page
Upcoming sessions – a link to the RSAC session in which the project is to be discussed

7-Zip
Description	7-Zip is a file archiver with a high compression ratio. (source: 7-Zip project page)
Project Page	https://www.7-zip.org/
User Documentation	https://www.7-zip.org/faq.html
Community Discussion	https://sourceforge.net/p/sevenzip/discussion/45797/
Related Sessions	Cybersecurity Tips Tools And Techniques Updated For 2020

Abaddon
Description	Red team operations involve miscellaneous skills, last several months and are politically sensitive; they require a lot of monitoring, consolidating and caution. Wavestone’s red team operations management software, Abaddon, has been designed to make red team operations faster, more repeatable, stealthier, while including value-added tools and bringing numerous reporting capabilities. (source: Abaddon project page)
Project Page	https://github.com/wavestone-cdt/abaddon
User Documentation	https://github.com/wavestone-cdt/abaddon
Related Sessions	Abaddon The Red Team Angel

AES Crypt
Description	AES Crypt is a file encryption software available on several operating systems that uses the industry standard Advanced Encryption Standard (AES) to easily and securely encrypt files. (source: AES Crypt project page)
Project Page	https://www.aescrypt.com/
User Documentation	https://www.aescrypt.com/documentation/
Community Discussion	https://forums.packetizer.com/viewforum.php?f=72
Related Sessions	Cybersecurity Tips Tools And Techniques Updated For 2020

Anchore
Description	Anchore Engine allows developers to perform detailed analysis on container images, generating a software bill of materials. Through seamless integration with CI/CD systems, Anchore Engine can prevent publication of images containing known vulnerabilities. (source: Anchore project page)
Project Page	https://anchore.com/
User Documentation	https://docs.anchore.com/current/docs/engine/engine_installation/
Community Discussion	https://info.anchore.com/cs/c/?cta_guid=4f5d4a04-f0b1-43e2-95f5-f620c7798bf9&placement_guid=42e35164-b959-4507-8bc1-7de82d60252e&portal_id=2317501&canon=https%3A%2F%2Fanchore.com%2Fopensource%2F&redirect_url=APefjpEnW6mLKHkUToXql6rUZ7zAiYYZ1FWM_0rG_WtLVR7IMJHBQ2xsdqJs9hWv2A62hjQp7HZZQ-OmNl-bZ8x9AGhQyKc04W3d1KMLQ81B3RyNflLLeyj1iDRt3KiRHnAHpu0CwzficpWa1v2iQ6OuvHAk7YYXYpI1KkywJ1tCWDPKV_K6WZGhg3MLjcMaxF-dqcmRKWieQzRxU49xAFvKoidr-ELmOB9Eq6DrDWyEJZXjpyLPjt8dUuez55f2OXpdn2fedOsy1FvRzg6XBxCxdr6y8yAhu90qKxx_4C0NtY_yhgsAKiQ&click=0d65cf80-1566-46fc-a0e8-d344251d2be5&hsutk=6e41b04dc1322cacf54904afba465292&signature=AAH58kFx-Mv2C13dc-n0FTZh_j-R3GTVJg&utm_referrer=https%3A%2F%2Fanchore.com%2F&__hstc=167043041.6e41b04dc1322cacf54904afba465292.1579120625248.1579120625248.1580763966194.2&__hssc=167043041.3.1580763966194&__hsfp=2444234737&contentType=standard-page
Related Sessions	Proactive Container Security For The Masses

Atomic Red Team
Description	Atomic Red Team allows every security team to test their controls by executing simple "atomic tests" that exercise the same techniques used by adversaries (all mapped to Mitre's ATT&CK). (source: Atomic Red Team project page)
Project Page	https://github.com/redcanaryco/atomic-red-team
User Documentation	https://atomicredteam.io/testing
Community Discussion	https://slack.atomicredteam.io/
Related Sessions	Test Or Be Tested Adversary Emulation With Atomic Red Team Red Teaming For Blue Teamers A Practical Approach Using Open Source Tools

Autopsy
Description	Autopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools. It is used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover photos from your camera's memory card. (source: Autopsy project page)
Project Page	https://www.sleuthkit.org/autopsy/
User Documentation	http://sleuthkit.org/autopsy/docs/user-docs/4.14.0/
Community Discussion	https://sleuthkit.discourse.group/
Related Sessions	Cybersecurity Tips Tools And Techniques Updated For 2020

bblfshd
Description	A self-hosted server for source code parsing (source: bblfshd project page)
Project Page	https://github.com/bblfsh/bblfshd
Related Sessions	Devsecops State Of The Union

Bust-a-Kube
Description	Bust-a-Kube is an intentionally-vulnerable Kubernetes cluster, intended to help people self-train on attacking and defending Kubernetes clusters. (source: Bust-a-Kube project page)
Project Page	https://www.bustakube.com/
User Documentation	https://www.bustakube.com/installing
Related Sessions	Kubernetes Practical Attack And Defense

CAINE (Computer Aided INvestigative Environment)
Description	CAINE (Computer Aided INvestigative Environment) is an Italian GNU/Linux live distribution created as a Digital Forensics project (source: CAINE project page)
Project Page	https://www.caine-live.net/
User Documentation	https://www.caine-live.net/page8/page8.html
Related Sessions	Cybersecurity Tips Tools And Techniques Updated For 2020

CALDERA
Description	CALDERA is a cyber security framework designed to easily run autonomous breach-and-simulation exercises. It can also be used to run manual red-team engagements or automated incident response. (source: CALDERA project page)
Project Page	https://github.com/mitre/caldera
User Documentation	https://caldera.readthedocs.io/en/latest/
Related Sessions	Red Teaming For Blue Teamers A Practical Approach Using Open Source Tools Mitre Attck The Sequel

cfn-nag
Description	The cfn-nag tool looks for patterns in CloudFormation templates that may indicate insecure infrastructure. (source: cfn-nag project page)
Project Page	https://github.com/stelligent/cfn_nag
User Documentation	https://github.com/stelligent/cfn_nag
Related Sessions	Devsecops State Of The Union

CFRipper
Description	Library and CLI tool for analysing CloudFormation templates and check them for security compliance. (source: CFRipper project page)
Project Page	https://github.com/Skyscanner/cfripper/
User Documentation	https://cfripper.readthedocs.io/en/0.14.2/
Related Sessions	Devsecops State Of The Union

Checkov
Description	Checkov is a static code analysis tool for infrastructure-as-code. It scans cloud infrastructure provisioned using Terraform and detects security and compliance misconfigurations. (source: Checkov project page)
Project Page	https://github.com/bridgecrewio/checkov
User Documentation	https://www.checkov.io/
Community Discussion	https://www.checkov.io/
Related Sessions	Devsecops State Of The Union

Chocolatey
Description	Chocolatey is an open source project that provides developers and admins alike a better way to manage Windows software. (source: Chocolatey project page)
Project Page	https://chocolatey.org/
User Documentation	https://chocolatey.org/docs
Related Sessions	Cybersecurity Tips Tools And Techniques Updated For 2020

Cuckoo Sandbox
Description	Cuckoo Sandbox is the leading open source automated malware analysis system. (source: Cuckoo Sandbox project page)
Project Page	https://cuckoosandbox.org/
User Documentation	https://cuckoo.sh/docs/
Community Discussion	https://cuckoosandbox.org/discussion
Related Sessions	Cybersecurity Tips Tools And Techniques Updated For 2020

Dependency-Check
Description	Dependency-Check is a Software Composition Analysis (SCA) tool that attempts to detect publicly disclosed vulnerabilities contained within a project's dependencies. It does this by determining if there is a Common Platform Enumeration (CPE) identifier for a given dependency. If found, it will generate a report linking to the associated CVE entries. (source: Dependency-Check project page)
Project Page	https://github.com/jeremylong/DependencyCheck
User Documentation	https://jeremylong.github.io/DependencyCheck/
Community Discussion	mailto:dependency-check+subscribe@googlegroups.com
Related Sessions	Devsecops State Of The Union

DetectionLab
Description	This lab has been designed with defenders in mind. Its primary purpose is to allow the user to quickly build a Windows domain that comes pre-loaded with security tooling and some best practices when it comes to system logging configurations. It can easily be modified to fit most needs or expanded to include additional hosts. (source: DetectionLab project page)
Project Page	https://github.com/clong/DetectionLab
User Documentation	https://github.com/clong/DetectionLab
Related Sessions	Mitre Attck The Sequel

Enarx
Description	Enarx aims to make it simple to deploy workloads to a variety of different TEEs in the cloud, on your premises or elsewhere, and to allow you to have confidence that your application workload is as secure as possible.
Project Page	https://enarx.io/
User Documentation	https://github.com/enarx/enarx/wiki
Community Discussion	https://gitter.im/enarx/community?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge
Related Sessions

Gitrob
Description	Gitrob is a tool to help find potentially sensitive files pushed to public repositories on Github. Gitrob will clone repositories belonging to a user or organization down to a configurable depth and iterate through the commit history and flag files that match signatures for potentially sensitive files. The findings will be presented through a web interface for easy browsing and analysis. (source: Gitrob project page)
Project Page	https://github.com/michenriksen/gitrob
Related Sessions	10 Things I Wish Every Developer Knew About Security

Infection Monkey
Description	The Infection Monkey is an open source Breach and Attack Simulation (BAS) tool that assesses the resiliency of private and public cloud environments to post-breach attacks and lateral movement. (source: Infection Monkey project page)
Project Page	https://www.guardicore.com/infectionmonkey/
User Documentation	https://www.guardicore.com/infectionmonkey/wt/
Related Sessions	Cybersecurity Tips Tools And Techniques Updated For 2020

Kali
Description	Kali Linux is a Debian-based Linux distribution aimed at advanced Penetration Testing and Security Auditing. Kali contains several hundred tools which are geared towards various information security tasks, such as Penetration Testing, Security research, Computer Forensics and Reverse Engineering. Kali Linux is developed, funded and maintained by Offensive Security, a leading information security training company. (source: Kali project page)
Project Page	https://www.kali.org/
User Documentation	https://www.kali.org/docs/
Community Discussion	https://forums.kali.org/
Related Sessions	Cybersecurity Tips Tools And Techniques Updated For 2020

KubiScan
Description	A tool for scanning Kubernetes cluster for risky permissions in Kubernetes's Role-based access control (RBAC) authorization model. The tool was published as part of the "Securing Kubernetes Clusters by Eliminating Risky Permissions" research https://www.cyberark.com/threat-research-blog/securing-kubernetes-clusters-by-eliminating-risky-permissions/. (source: KubiScan project page)
Project Page	https://github.com/cyberark/KubiScan
User Documentation	https://github.com/cyberark/KubiScan
Related Sessions	Compromising Kubernetes Cluster By Exploiting Weak Rbac Permissions

Lucet
Description	Lucet is a native WebAssembly compiler and runtime. It is designed to safely execute untrusted WebAssembly programs inside your application. (source: Lucet project page)
Project Page	https://github.com/bytecodealliance/lucet
User Documentation	https://bytecodealliance.github.io/lucet/
Related Sessions	Secure Sandboxing In A Post Spectre World

Lyft Cartography
Description	Cartography is a Python tool that consolidates infrastructure assets and the relationships between them in an intuitive graph view powered by a Neo4j database. (source: Cartography project page)
Project Page	https://github.com/lyft/cartography
User Documentation	https://github.com/lyft/cartography
Related Sessions	Open Source Tooling For Threat Analysis And Attack Surface Management

Metasploit Framework
Description	Metasploit is a penetration testing platform that enables you to find, exploit, and validate vulnerabilities. (source: Metasploit project page)
Project Page	https://metasploit.com/
User Documentation	https://metasploit.help.rapid7.com/docs/quick-start-guide
Community Discussion	https://join.slack.com/t/metasploit/shared_invite/enQtOTMxMjg5ODY3NDYxLTYyZTVlNDM1ZTI3ZGQ0YTQ0NmI1YjgxMGEwYzFhOWNiZWQ4NDNmNTE1MWNiYzJhMzgwMGY0ZWY2NTY0MjA2M2I
Related Sessions	Cybersecurity Tips Tools And Techniques Updated For 2020

Microsoft Attack Surface Analyzer
Description	Attack Surface Analyzer takes a snapshot of your system state before and after the installation of other software product(s) and displays changes to a number of key elements of the system attack surface. It also allows developers to view changes in the attack surface resulting from the introduction of their code to assess the aggregate attack surface of an organization's line of business applications or on potential customer systems. (source: Attack Surface Analyzer project page)
Project Page	https://github.com/microsoft/attacksurfaceanalyzer
User Documentation	https://www.microsoft.com/en-us/download/details.aspx?id=58105
Related Sessions	Democratizing Security Knowledge And Automating Decisions

Microsoft MYSTICPY
Description	Microsoft Threat Intelligence Python Security Tools. The msticpy package was initially developed to support Jupyter Notebook authoring for Azure Sentinel. Many of the included tools can be used in other security scenarios for threat hunting and threat investigation. There are three main sub-packages that include (1) sectools - Python security tools to help with data enrichment, analysis or investigation. (2)nbtools - Jupyter-specific UI tools such as widgets, plotting and other data display. (3) data - data layer and pre-defined queries for Azure Sentinel, MDATP and other data sources. (source: Microsoft Threat Intelligence Python Security Tools project page)
Project Page	https://github.com/microsoft/msticpy
User Documentation	https://msticpy.readthedocs.io/en/latest/
Related Sessions	Democratizing Security Knowledge And Automating Decisions

mimikatz
Description	...extract plaintexts passwords, hash, PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash, pass-the-ticket or build Golden tickets. (source: mimikatz project page)
Project Page	https://github.com/gentilkiwi/mimikatz
User Documentation	https://github.com/gentilkiwi/mimikatz/wiki
Related Sessions	Recapture Of Glory The Return Of Persistent Threat Actors

nmap
Description	Nmap ("Network Mapper") is a free and open source utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X. (source: Nmap project page)
Project Page	https://nmap.org/
User Documentation	https://nmap.org/docs.html
Community Discussion	https://seclists.org/nmap-dev/
Related Sessions	Cybersecurity Tips Tools And Techniques Updated For 2020

NPK
Description	NPK is a distributed hash-cracking platform built entirely of serverless components in AWS including Cognito, DynamoDB, and S3. It was designed for easy deployment and the intuitive UI brings high-power hash-cracking to everyone. (source: NPK project page)
Project Page	https://github.com/Coalfire-Research/npk
User Documentation	https://github.com/Coalfire-Research/npk
Related Sessions	Npk Highpowered Open Source Hash Cracking Tool

OpenSSH
Description	OpenSSH is the premier connectivity tool for remote login with the SSH protocol. It encrypts all traffic to eliminate eavesdropping, connection hijacking, and other attacks. In addition, OpenSSH provides a large suite of secure tunneling capabilities, several authentication methods, and sophisticated configuration options. (source: OpenSSH project page)
Project Page	https://www.openssh.com/
User Documentation	https://www.openssh.com/list.html
Community Discussion	https://www.openssh.com/list.html
Related Sessions	Deep Dive Analysis Of Current Enterprise Network Security Mechanisms

OpenSSL
Description	OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It is also a general-purpose cryptography library. (source: OpenSSL project page)
Project Page	https://www.openssl.org/
User Documentation	https://www.openssl.org/docs/
Community Discussion	https://www.openssl.org/community/
Related Sessions	Openssl And Fips They Are Back Together

OpenVAS
Description	OpenVAS is a full-featured vulnerability scanner. Its capabilities include unauthenticated testing, authenticated testing, various high level and low level Internet and industrial protocols, performance tuning for large-scale scans and a powerful internal programming language to implement any type of vulnerability test. (source: OpenVAS project page)
Project Page	https://www.openvas.org/
User Documentation	https://docs.greenbone.net/
Community Discussion	https://community.greenbone.net/
Related Sessions	Cybersecurity Tips Tools And Techniques Updated For 2020

Parrot
Description	ParrotOS (Parrot Security, ParrotOS) is a free and open source GNU/Linux distribution based on Debian Testing designed for security experts, developers and privacy aware people. It includes a full portable arsenal for IT security and digital forensics operations, but it also includes everything you need to develop your own programs or protect your privacy while surfing the net. The operating system ships with the MATE desktop environment preinstalled and is available in several flavors to fit your needs. (source: ParrotOS project page)
Project Page	https://parrotlinux.org/
User Documentation	https://docs.parrotlinux.org/
Community Discussion	https://nest.parrotsec.org/explore/groups
Related Sessions	Cybersecurity Tips Tools And Techniques Updated For 2020

Peirates
Description	Peirates, a Kubernetes penetration tool, enables an attacker to escalate privilege and pivot through a Kubernetes cluster. It automates known techniques to steal and collect service accounts, obtain further code execution, and gain control of the cluster. (source: Peirates project page)
Project Page	https://github.com/inguardians/peirates
User Documentation	https://www.inguardians.com/peirates/
Related Sessions	Kubernetes Practical Attack And Defense

RITA
Description	RITA is an open source framework for network traffic analysis (source: RITA project page)
Project Page	https://github.com/activecm/rita
User Documentation	https://github.com/activecm/rita
Related Sessions	Shadow It And Shadow Remote Access How To Find It For Free

Security Onion
Description	Security Onion is a free and open source Linux distribution for intrusion detection, enterprise security monitoring, and log management. It includes Elasticsearch, Logstash, Kibana, Snort, Suricata, Bro, Wazuh, Sguil, Squert, CyberChef, NetworkMiner, and many other security tools. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes! (source: Security Onion project page)
Project Page	https://securityonion.net/
User Documentation	https://securityonion.readthedocs.io/en/latest/
Community Discussion	https://securityonion.readthedocs.io/en/latest/mailing-lists.html
Related Sessions	Peel Back The Layers Of Your Enterprise And Make Your Adversaries Cry

SEDATED
Description	The SEDATED℠ Project (Sensitive Enterprise Data Analyzer To Eliminate Disclosure) focuses on preventing sensitive data such as user credentials and tokens from being pushed to Git. (source: SEDATED project page)
Project Page	https://github.com/owasp/SEDATED
User Documentation	https://github.com/owasp/SEDATED
Related Sessions	10 Things I Wish Every Developer Knew About Security

SELKS
Description	SELKS is a free and open source Debian (with LXDE X-window manager) based IDS/IPS platform released under GPLv3 from Stamus Networks (source: SELKS project page)
Project Page	https://github.com/StamusNetworks/SELKS
User Documentation	https://github.com/StamusNetworks/SELKS/wiki/First-time-setup
Community Discussion	https://groups.google.com/forum/
Related Sessions	Cybersecurity Tips Tools And Techniques Updated For 2020

Semantic
Description	semantic is a Haskell library and command line tool for parsing, analyzing, and comparing source code. (source: Semantic project page)
Project Page	https://github.com/github/semantic/
User Documentation	https://github.com/github/semantic/blob/master/docs/examples.md
Related Sessions	Devsecops State Of The Union

sgrep
Description	sgrep, for syntactical (and occasionnally semantic) grep, is a tool to help find bugs by specifying code patterns using a familiar syntax. The idea is to mix the convenience of grep with the correctness and precision of a compiler frontend. (source: sgrep project page)
Project Page	https://github.com/returntocorp/sgrep
User Documentation	https://github.com/returntocorp/sgrep/blob/develop/docs/config.md
Related Sessions	Devsecops State Of The Union

SIFT Workstation
Description	The SIFT Workstation is a group of free open-source incident response and forensic tools designed to perform detailed digital forensic examinations in a variety of settings. It can match any current incident response and forensic tool suite. SIFT demonstrates that advanced incident response capabilities and deep dive digital forensic techniques to intrusions can be accomplished using cutting-edge open-source tools that are freely available and frequently updated. (source: SIFT Workstation project page)
Project Page	https://digital-forensics.sans.org/community/downloads
User Documentation	https://digital-forensics.sans.org/community/downloads
Related Sessions	Cybersecurity Tips Tools And Techniques Updated For 2020

The Sleuth Kit
Description	The Sleuth Kit® (TSK) is a library and collection of command line tools that allow you to investigate disk images. The core functionality of TSK allows you to analyze volume and file system data. The library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence. (source: The Sleuth Kit project page)
Project Page	https://www.sleuthkit.org/index.php
User Documentation	https://www.sleuthkit.org/sleuthkit/docs.php
Community Discussion	https://sleuthkit.discourse.group/
Related Sessions	Cybersecurity Tips Tools And Techniques Updated For 2020

SNIPE-IT
Description	Snipe-IT is a Free Open Source (FOSS) project built on Laravel 5.5. Snipe-IT was made for IT asset management, to enable IT departments to track who has which laptop, when it was purchased, which software licenses and accessories are available, and so on. (source: Snipe-IT project page)
Project Page	https://snipeitapp.com/
User Documentation	https://snipe-it.readme.io/docs
Community Discussion	https://snipe.us2.list-manage.com/subscribe?u=f75c02e78cca38bd704fa0cbd&id=21e8f58291
Related Sessions	Cybersecurity Tips Tools And Techniques Updated For 2020

The Social-Engineer Toolkit (SET)
Description	The Social-Engineer Toolkit is an open-source penetration testing framework designed for social engineering. SET has a number of custom attack vectors that allow you to make a believable attack quickly. SET is a product of TrustedSec, LLC – an information security consulting firm located in Cleveland, Ohio. (source: The Social-Engineer Toolkit project page)
Project Page	https://www.trustedsec.com/tools/the-social-engineer-toolkit-set/
User Documentation	https://github.com/trustedsec/social-engineer-toolkit/raw/master/readme/User_Manual.pdf
Related Sessions	Cybersecurity Tips Tools And Techniques Updated For 2020

Sublist3r
Description	Sublist3r is a python tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting. Sublist3r enumerates subdomains using many search engines such as Google, Yahoo, Bing, Baidu and Ask. Sublist3r also enumerates subdomains using Netcraft, Virustotal, ThreatCrowd, DNSdumpster and ReverseDNS. (source: Sublist3r project page)
Project Page	https://github.com/aboul3la/Sublist3r
User Documentation	https://github.com/aboul3la/Sublist3r
Related Sessions	Cybersecurity Tips Tools And Techniques Updated For 2020

Suricata
Description	Suricata is a free and open source, mature, fast and robust network threat detection engine. (source: Suricata project page)
Project Page	https://suricata-ids.org/
User Documentation	https://suricata-ids.org/docs/
Community Discussion	https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
Related Sessions	Cybersecurity Tips Tools And Techniques Updated For 2020 Suricata 10 Years Strong Bringing The Best In Network Threat Detection

Tails
Description	Tails is a live operating system that you can start on almost any computer from a USB stick or a DVD. It aims at preserving your privacy and anonymity, and helps you to (1) use the Internet anonymously and circumvent censorship;(2) all connections to the Internet are forced to go through the Tor network;(3) leave no trace on the computer you are using unless you ask it explicitly; (4) use state-of-the-art cryptographic tools to encrypt your files, emails and instant messaging. (source: Tails project page)
Project Page	https://tails.boum.org/index.en.html
User Documentation	https://tails.boum.org/doc/index.en.html
Related Sessions	Cybersecurity Tips Tools And Techniques Updated For 2020

tcpdump
Description	A powerful command-line packet analyzer (source: tcpdump project page)
Project Page	https://www.tcpdump.org/
User Documentation	https://www.tcpdump.org/manpages/tcpdump.1.html
Community Discussion	https://www.tcpdump.org/index.html
Related Sessions	Cybersecurity Tips Tools And Techniques Updated For 2020

tfsec
Description	tfsec uses static analysis of your terraform templates to spot potential security issues. Now with terraform v0.12+ support. (source: tfsec project page)
Project Page	https://github.com/liamg/tfsec
User Documentation	https://github.com/liamg/tfsec
Related Sessions	Devsecops State Of The Union

TheHive
Description	A scalable, open source and free Security Incident Response Platform, tightly integrated with MISP (Malware Information Sharing Platform), designed to make life easier for SOCs, CSIRTs, CERTs and any information security practitioner dealing with security incidents that need to be investigated and acted upon swiftly.
Project Page	https://thehive-project.org/
User Documentation	https://github.com/TheHive-Project/TheHiveDocs
Community Discussion	https://groups.google.com/a/thehive-project.org/forum
Related Sessions

truffleHog
Description	Searches through git repositories for secrets, digging deep into commit history and branches. This is effective at finding secrets accidentally committed. (source: truffleHog project page)
Project Page	https://github.com/dxa4481/truffleHog
User Documentation	https://github.com/dxa4481/truffleHog
Related Sessions	10 Things I Wish Every Developer Knew About Security

Vega
Description	Vega is a free and open source web security scanner and web security testing platform to test the security of web applications. Vega can help you find and validate SQL Injection, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information, and other vulnerabilities. It is written in Java, GUI based, and runs on Linux, OS X, and Windows. (source: Vega project page)
Project Page	https://subgraph.com/vega/
User Documentation	https://subgraph.com/vega/documentation/index.en.html
Community Discussion	https://groups.google.com/forum/
Related Sessions	Cybersecurity Tips Tools And Techniques Updated For 2020

VeraCrypt
Description	VeraCrypt is a free open source disk encryption software for Windows, Mac OSX and Linux. Brought to you by IDRIX (https://www.idrix.fr) and based on TrueCrypt 7.1a. (source: VeraCrypt project page)
Project Page	https://www.veracrypt.fr/en/Home.html
User Documentation	https://www.veracrypt.fr/en/Documentation.html
Community Discussion	https://sourceforge.net/p/veracrypt/discussion/
Related Sessions	Cybersecurity Tips Tools And Techniques Updated For 2020

Volatility Framework
Description	The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples. The extraction techniques are performed completely independent of the system being investigated but offer visibilty into the runtime state of the system. The framework is intended to introduce people to the techniques and complexities associated with extracting digital artifacts from volatile memory samples and provide a platform for further work into this exciting area of research. (source: The Volatility Framework project page)
Project Page	https://www.volatilityfoundation.org/
User Documentation	https://github.com/volatilityfoundation/volatility/wiki
Community Discussion	https://lists.volatilityfoundation.org/mailman/listinfo/vol-users
Related Sessions	Cybersecurity Tips Tools And Techniques Updated For 2020

WebSploit
Description	WebSploit is an open source project which is used to scan and analysis remote system in order to find various type of vulnerabilites. This tool is very powerful and support multiple vulnerabilities (source: WebSploit project page)
Project Page	https://sourceforge.net/projects/websploit/
User Documentation	https://sourceforge.net/p/websploit/wiki/Home/
Community Discussion	https://sourceforge.net/p/websploit/discussion/
Related Sessions	Red Team Webapp Hacking 3

Wireshark
Description	Wireshark is the world’s foremost and widely-used network protocol analyzer. It lets you see what’s happening on your network at a microscopic level and is the de facto (and often de jure) standard across many commercial and non-profit enterprises, government agencies, and educational institutions. (source: Wireshark project page)
Project Page	https://www.wireshark.org/
User Documentation	https://www.wireshark.org/docs/
Community Discussion	https://www.wireshark.org/lists/
Related Sessions	Cybersecurity Tips Tools And Techniques Updated For 2020 Deep Dive Analysis Of Current Enterprise Network Security Mechanisms

Zed Attack Proxy (ZAP)
Description	Zed Attack Proxy (ZAP) is a free, open-source penetration testing tool being maintained under the umbrella of the Open Web Application Security Project (OWASP). ZAP is designed specifically for testing web applications and is both flexible and extensible. (source: Zed Attack Proxy project page)
Project Page	https://www.zaproxy.org/
User Documentation	https://www.zaproxy.org/docs/
Community Discussion	https://groups.google.com/forum/
Related Sessions	Cybersecurity Tips Tools And Techniques Updated For 2020

Zeek
Description	Zeek is a passive, open-source network traffic analyzer. It is primarily a security monitor that inspects all traffic on a link in depth for signs of suspicious activity. More generally, however, Zeek supports a wide range of traffic analysis tasks even outside of the security domain, including performance measurements and helping with trouble-shooting. (source: Zeek project page)
Project Page	https://www.zeek.org/
User Documentation	https://www.zeek.org/documentation/index.html
Community Discussion	http://mailman.icsi.berkeley.edu/mailman/listinfo/zeek
Related Sessions	Cybersecurity Tips Tools And Techniques Updated For 2020 Shadow It And Shadow Remote Access How To Find It For Free

RSAC 2020 APJ will be a free virtual learning experience, July 15-17.

Search