gitleaks
- Ebuilds: 2, Testing: 8.10.3, Snapshot: 9999 Description:
A tool for searches full repo history for secrets and keys.
in all commits on all branches in topological order with
regex/entropy checks
Homepage:https://github.com/zricethezav/gitleaks License: GPL-3
honggfuzz (ambiguous, available in 2 overlays)
- Ebuilds: 2, Testing: 2.6, Snapshot: 9999 Description: A general purpose fuzzer with feedback support
Homepage:https://honggfuzz.dev/ License: Apache-2.0
kerbrute
- Ebuilds: 2, Testing: 1.0.3_p20201116, Snapshot: 9999 Description:
A tool for searches full repo history for secrets and keys.
in all commits on all branches in topological order with
regex/entropy checks
Homepage:https://github.com/ropnop/kerbrute License: Apache-2.0
mac-robber
- Ebuilds: 1, Stable: 1.02-r1, Testing: 1.02-r1 Description:
mac-robber is a digital forensics and incident response tool that collects data from allocated files in a mounted file system.
The data can be used by the mactime tool in The Sleuth Kit to make a timeline of file activity. The mac-robber tool is based on
the grave-robber tool from TCT and is written in C instead of Perl.
mac-robber requires that the file system be mounted by the operating system, unlike the tools in The Sleuth Kit that process the
file system themselves. Therefore, mac-robber will not collect data from deleted files or files that have been hidden by
rootkits. mac-robber will also modify the Access times on directories that are mounted with write permissions.
"What is mac-robber good for then", you ask? mac-robber is useful when dealing with a file system that is not supported by The
Sleuth Kit or other forensic tools. mac-robber is very basic C and should compile on any UNIX system. Therefore, you can run
mac-robber on an obscure, suspect UNIX file system that has been mounted read-only on a trusted system. I have also used
mac-robber during investigations of common UNIX systems such as AIX.
Homepage:http://www.sleuthkit.org/mac-robber/index.php License: GPL-2
magicrescue
- Ebuilds: 1, Stable: 1.1.10-r4, Testing: 1.1.10-r4 Description:
Magic Rescue scans a block device for file types it knows how to recover and calls an external program to extract them. It looks
at "magic bytes" in file contents, so it can be used both as an undelete utility and for recovering a corrupted drive or
partition. As long as the file data is there, it will find it.
It works on any file system, but on very fragmented file systems it can only recover the first chunk of each file. Practical
experience (this program was not written for fun) shows, however, that chunks of 30-50MB are not uncommon.
Homepage:https://github.com/jbj/magicrescue License: GPL-2+
rkhunter
- Ebuilds: 1, Stable: 1.4.6-r2, Testing: 1.4.6-r2 Description: Rootkit Hunter scans for known and unknown rootkits, backdoors, and sniffers
Homepage:https://rkhunter.sf.net/ License: GPL-2+
scalpel
- Ebuilds: 1, Testing: 2.1_pre20210326 Description:
Scalpel is a fast file carver that reads a database of header and footer
definitions and extracts matching files or data fragments from a set of image
files or raw device files. Scalpel is filesystem-independent and will carve
files from FATx, NTFS, ext2/3, HFS+, or raw partitions. It is useful for both
digital forensics investigation and file recovery.
Homepage:https://github.com/sleuthkit/scalpel License: Apache-2.0
sleuthkit (ambiguous, available in 2 overlays)
- Ebuilds: 2, Stable: 4.14.0, Testing: 4.14.0 Description: A collection of file system and media management forensic analysis tools
Homepage:https://www.sleuthkit.org/sleuthkit/ License: BSD CPL-1.0 GPL-2+ IBM java? ( Apache-2.0 )
volatility3
- Ebuilds: 2, Stable: 2.27.0, Testing: 2.28.0 Description:
Volatility is the world's most widely used framework for extracting
digital artifacts from volatile memory (RAM) samples. The extraction
techniques are performed completely independent of the system being
investigated but offer visibility into the runtime state of the system.
Homepage:https://github.com/volatilityfoundation/volatility3/ https://www.volatilityfoundation.org/ License: Volatility-1.0
whispers
- Ebuilds: 2, Testing: 2.4.0, Snapshot: 9999 Description:
Whispers is a static code analysis tool designed for parsing
various common data formats in search of hardcoded credentials
and dangerous functions. Whispers can run in the CLI or you can
integrate it in your CI/CD pipeline.
Homepage:https://github.com/adeptex/whispers License: GPL-3
xmount
- Ebuilds: 1, Testing: 1.1.1 Description: Convert on-the-fly between multiple input and output harddisk image types
Homepage:https://www.sits.lu/xmount License: GPL-3
yara
- Ebuilds: 3, Stable: 4.5.5, Testing: 4.5.5, Snapshot: 9999 Description:
YARA is a tool aimed at (but not limited to) helping malware
researchers to identify and classify malware samples. With YARA you can
create descriptions of malware families (or whatever you want to
describe) based on textual or binary patterns.
Homepage:https://virustotal.github.io/yara/ License: Apache-2.0
yara-x
- Ebuilds: 3, Stable: 1.14.0, Testing: 1.16.0 Description:
YARA is a tool aimed at (but not limited to) helping malware
researchers to identify and classify malware samples. With YARA you can
create descriptions of malware families (or whatever you want to
describe) based on textual or binary patterns.
YARA-X is a re-incarnation of YARA rewritten in Rust, eventually
replacing YARA.
Homepage:https://virustotal.github.io/yara-x/ License: BSD
Apache-2.0 Apache-2.0-with-LLVM-exceptions BSD CC0-1.0 EPL-2.0 ISC
MIT MPL-2.0 Unicode-3.0 Unicode-DFS-2016 WTFPL-2 ZLIB