Pinned Repositories
Cybersecurity-Pathfinders
dnsimple-python
Python client for DNSimple domain registration and DNS hosting
for572-scripts
A completely unsupported set of scripts used in SANS FOR572, Advanced Network Forensics and Analysis
ip2geo
Script to perform bulk local GeoIP lookups (ASN and geo) for IP addresses
ltc-fuzzy-keyword-suggestions
passivedns
A network sniffer that logs all DNS server replies for use in a passive DNS setup
sof-elk
Configuration files for the SOF-ELK VM
timeshift
A python script to shift the timestamp on syslog data. Useful for forensicators combating time skew.
vmware-snapcompare
VMware Snapshot Forensic Comparison Scripts
philhagen's Repositories
philhagen/sof-elk
Configuration files for the SOF-ELK VM
philhagen/ip2geo
Script to perform bulk local GeoIP lookups (ASN and geo) for IP addresses
philhagen/for572-scripts
A completely unsupported set of scripts used in SANS FOR572, Advanced Network Forensics and Analysis
philhagen/timeshift
A python script to shift the timestamp on syslog data. Useful for forensicators combating time skew.
philhagen/Cybersecurity-Pathfinders
philhagen/ltc-fuzzy-keyword-suggestions
philhagen/sansfor509
Public script from SANS FOR509 Enterprise Cloud Incident Response
philhagen/web-traffic-generator
A quick and dirty HTTP/S "organic" traffic generator.
philhagen/daylight_tracker
philhagen/fail2ban
Daemon to ban hosts that cause multiple authentication errors
philhagen/freq
This is a repository for freq.py and freq_server.py
philhagen/geoip-bootstraps
philhagen/hassh
HASSH is a network fingerprinting standard which can be used to identify specific Client and Server SSH implementations. The fingerprints can be easily stored, searched and shared in the form of a small MD5 fingerprint.
philhagen/ja3-aggregator
Aggregate and normalize JA3 hash databases from multiple sources
philhagen/yersinia-web
Yersinia Web
philhagen/arkime
Arkime (formerly Moloch) is an open source, large scale, full packet capturing, indexing, and database system.
philhagen/arkimeweb
The website for arkime.com
philhagen/atomic-red-team
Small and highly portable detection tests based on MITRE's ATT&CK.
philhagen/bitfit
Recursively validate a starting directory of file contents to identify changes, corrupt data
philhagen/ja3
JA3 is a standard for creating SSL client fingerprints in an easy to produce and shareable way.
philhagen/kibana-sofelkhtml-plugin
Kibana HTML Widget Plugin
philhagen/log-login
a authentication log plugin for YOURLS
philhagen/md5deep
A Python implementation of some md5deep features
philhagen/pptxindex
Create a MS Word index file from PowerPoint notes and slides
philhagen/pycommunityid
A Python implementation of the Community ID flow hashing standard
philhagen/python-github-webhooks
Simple Python WSGI application to handle Github webhooks
philhagen/sec487.github.io
website
philhagen/sift-bootstrap
SANS Investigative Forensics Toolkit Bootstrap Script
philhagen/sift-saltstack
Salt States for Configuring the SIFT Workstation
philhagen/tcpdstat
Get protocol statistics from tcpdump pcap files (fork)