Snort

Open Source intrusion prevention system capable of real-time traffic analysis and packet logging.

ClamAV

Open Source antivirus engine for detecting trojans, viruses, malware, & other malicious threats.

Razorback

Framework for an intelligence driven security solution. It consists of a Dispatcher at the core of the system, surrounded by Nuggets of varying types.

PE-Sig

Security tool for analysts to identify PE section hashes for executable files, allows for the simple creation of ClamAV section based signatures..

Synful Knock Scanner

A network scanner and utility for detecting signs of the SYNFul Knock router malware.

MBR Filter

Disk filter that blocks write access to the Master Boot Record.

FIRST

The Function Identification and Recover Signature Tool (FIRST) is an IDA Pro plugin that allows reverse engineers to more quickly complete static analysis.

Cisco Smart Install Scanner

A network scanner and utility for detecting Cisco Smart Install client protocol.

BASS - Automated Signature Synthesizer

Framework that automatically generates pattern-based antivirus signatures from previously generated malware sample clusters.

Daemonlogger

Simple, fast network packet logger and soft tap designed specifically for use in NSM environments.

Moflow

Software security framework containing automated security tools for vulnerability, discovery, and triage of vulnerabilities in software.

Immunet

Malware protection system that utilizes cloud computing and social networking to provide community security.

TeslaCrypt Decryption Tool

Open source command line utility for decrypting TeslaCrypt ransomware and returning user files to their original content.

LockyDump

Open source Locky configuration extractor which can dump the configuration parameters used by all currently known variants of Locky e.g. .locky, .zepto, & .odin based ransomware.

FreeSentry

LLVM plugin that makes exploitation of use-after-free vulnerabilities more difficult.

Flokibot Tools

Open source collection of scripts that help automate portions of the analysis of Flokibot malware.

ROPMEMU

Framework to analyze, dissect and decompile complex code-reuse attacks.

PyREBox

Python scriptable Reverse Engineering Sandbox, a Virtual Machine instrumentation and inspection framework based on QEMU.

File2pcap

File2pcap creates pcaps from any input file, showing the file in transit via Http/Smtp/Imap/Pop3/Ftp or Http2 over IPv4 or IPv6.