/IRScripts

Incident Response Scripts

Primary LanguagePython

IRScripts

Collection of Incident Response scripts.

Scripts

  • bhistory.py - Parse Firefox or Chrome browser history.
  • ipquery.py - Query VT for information on the IP.
  • ipinfo.py - Get information about an ip address.
  • gsbcheck.py - Query Google SafeBrowse for URL
  • fglookup.py - Check FortiGuard Rep or Blacklist
  • dridex-xml.py - Extract compressed Dridex document from xml file.
  • alienspy-decrypt - Extract AlienSpy Properties (config.xml) or the packed jar file.
  • hawkeye-decrypt.ps1 - Configuration decryptor for Hawkeye/GolRoted Key Logger.