foremost
- Ebuilds: 1, Stable: 1.5.7-r4, Testing: 1.5.7-r4 Description: Console program to recover files based on their headers and footers
Homepage:https://foremost.sourceforge.net/ License: public-domain
gitleaks
- Ebuilds: 2, Testing: 8.10.3 Description:
A tool for searches full repo history for secrets and keys.
in all commits on all branches in topological order with
regex/entropy checks
Homepage:https://github.com/zricethezav/gitleaks License: GPL-3
honggfuzz
- Ebuilds: 1, Testing: 2.6 Description: A general purpose fuzzer with feedback support
Homepage:https://honggfuzz.dev/ License: Apache-2.0
kerbrute
- Ebuilds: 2, Testing: 1.0.3_p20201116 Description:
A tool for searches full repo history for secrets and keys.
in all commits on all branches in topological order with
regex/entropy checks
Homepage:https://github.com/ropnop/kerbrute License: Apache-2.0
libesedb
- Ebuilds: 1, Stable: 20240420, Testing: 20240420 Description: Library and tools to access the Extensible Storage Engine Database File format.
Homepage:https://github.com/libyal/libesedb License: LGPL-3
libevtx
- Ebuilds: 1, Stable: 20240504, Testing: 20240504 Description: Library and tools to access the Windows XML Event Log (EVTX) format
Homepage:https://github.com/libyal/libevtx License: LGPL-3
libexe
- Ebuilds: 1, Stable: 20240420, Testing: 20240420 Description: Library and tools to access the executable (EXE) format
Homepage:https://github.com/libyal/libexe License: LGPL-3
liblnk
- Ebuilds: 2, Stable: 20240423, Testing: 20240423 Description: Library and tools to access the Windows Shortcut File (LNK) format
Homepage:https://github.com/libyal/liblnk License: LGPL-3
libscca
- Ebuilds: 1, Stable: 20240427, Testing: 20240427 Description: Library and tools to access the Windows Prefetch File (SCCA) format.
Homepage:https://github.com/libyal/libscca License: LGPL-3
libvsapm
- Ebuilds: 1, Stable: 20240503 Description: Library and tools to access the Apple Partition Map (APM) volume system format
Homepage:https://github.com/libyal/libvsapm License: LGPL-3
lynis
- Ebuilds: 1, Testing: 3.1.6 Description: Security and system auditing tool
Homepage:https://cisofy.com/lynis/ License: GPL-3
mac-robber
- Ebuilds: 1, Stable: 1.02-r1, Testing: 1.02-r1 Description:
mac-robber is a digital forensics and incident response tool that collects data from allocated files in a mounted file system.
The data can be used by the mactime tool in The Sleuth Kit to make a timeline of file activity. The mac-robber tool is based on
the grave-robber tool from TCT and is written in C instead of Perl.
mac-robber requires that the file system be mounted by the operating system, unlike the tools in The Sleuth Kit that process the
file system themselves. Therefore, mac-robber will not collect data from deleted files or files that have been hidden by
rootkits. mac-robber will also modify the Access times on directories that are mounted with write permissions.
"What is mac-robber good for then", you ask? mac-robber is useful when dealing with a file system that is not supported by The
Sleuth Kit or other forensic tools. mac-robber is very basic C and should compile on any UNIX system. Therefore, you can run
mac-robber on an obscure, suspect UNIX file system that has been mounted read-only on a trusted system. I have also used
mac-robber during investigations of common UNIX systems such as AIX.
Homepage:http://www.sleuthkit.org/mac-robber/index.php License: GPL-2
magicrescue
- Ebuilds: 1, Stable: 1.1.10-r4, Testing: 1.1.10-r4 Description:
Magic Rescue scans a block device for file types it knows how to recover and calls an external program to extract them. It looks
at "magic bytes" in file contents, so it can be used both as an undelete utility and for recovering a corrupted drive or
partition. As long as the file data is there, it will find it.
It works on any file system, but on very fragmented file systems it can only recover the first chunk of each file. Practical
experience (this program was not written for fun) shows, however, that chunks of 30-50MB are not uncommon.
Homepage:https://github.com/jbj/magicrescue License: GPL-2+
peepdf
- Ebuilds: 1, Testing: 0.4.3 Description: Python tool to explore PDF files (fork of)
Homepage:http://eternal-todo.com/ License: GPL-3
plaso
- Ebuilds: 2, Testing: 20251119 Description: Plaso (log2timeline) is a framework to create super timelines.
Homepage:https://github.com/log2timeline/plaso License: Apache-2.0
rkhunter
- Ebuilds: 1, Stable: 1.4.6-r2, Testing: 1.4.6-r2 Description: Rootkit Hunter scans for known and unknown rootkits, backdoors, and sniffers
Homepage:https://rkhunter.sf.net/ License: GPL-2+
scalpel
- Ebuilds: 1, Testing: 2.1_pre20210326 Description:
Scalpel is a fast file carver that reads a database of header and footer
definitions and extracts matching files or data fragments from a set of image
files or raw device files. Scalpel is filesystem-independent and will carve
files from FATx, NTFS, ext2/3, HFS+, or raw partitions. It is useful for both
digital forensics investigation and file recovery.
Homepage:https://github.com/sleuthkit/scalpel License: Apache-2.0
sleuthkit (ambiguous, available in 2 overlays)
- Ebuilds: 2, Stable: 4.14.0, Testing: 4.14.0 Description: A collection of file system and media management forensic analysis tools
Homepage:https://www.sleuthkit.org/sleuthkit/ License: BSD CPL-1.0 GPL-2+ IBM java? ( Apache-2.0 )
unhide
- Ebuilds: 1, Testing: 20220611 Description: Forensic tool to find hidden processes and TCP/UDP ports by rootkits/LKMs
Homepage:https://www.unhide-forensics.info License: GPL-3+
volatility3
- Ebuilds: 2, Stable: 2.26.2, Testing: 2.27.0 Description:
Volatility is the world's most widely used framework for extracting
digital artifacts from volatile memory (RAM) samples. The extraction
techniques are performed completely independent of the system being
investigated but offer visibility into the runtime state of the system.
Homepage:https://github.com/volatilityfoundation/volatility3/ https://www.volatilityfoundation.org/ License: Volatility-1.0
whispers
- Ebuilds: 2, Testing: 2.4.0 Description:
Whispers is a static code analysis tool designed for parsing
various common data formats in search of hardcoded credentials
and dangerous functions. Whispers can run in the CLI or you can
integrate it in your CI/CD pipeline.
Homepage:https://github.com/adeptex/whispers License: GPL-3
xmount
- Ebuilds: 1, Testing: 1.1.1 Description: Convert on-the-fly between multiple input and output harddisk image types
Homepage:https://www.sits.lu/xmount License: GPL-3
yara
- Ebuilds: 3, Stable: 4.5.5, Testing: 9999 Description:
YARA is a tool aimed at (but not limited to) helping malware
researchers to identify and classify malware samples. With YARA you can
create descriptions of malware families (or whatever you want to
describe) based on textual or binary patterns.
Homepage:https://virustotal.github.io/yara/
yara-x
- Ebuilds: 4, Stable: 1.10.0-r1, Testing: 1.14.0 Description:
YARA is a tool aimed at (but not limited to) helping malware
researchers to identify and classify malware samples. With YARA you can
create descriptions of malware families (or whatever you want to
describe) based on textual or binary patterns.
YARA-X is a re-incarnation of YARA rewritten in Rust, eventually
replacing YARA.
Homepage:https://virustotal.github.io/yara-x/ License: BSD
Apache-2.0 Apache-2.0-with-LLVM-exceptions BSD CC0-1.0 EPL-2.0 ISC
MIT MPL-2.0 Unicode-3.0 Unicode-DFS-2016 WTFPL-2 ZLIB