QeeqBox
State-of-the-art opensource projects and services for red, purple, and blue teams
Washington, USA
Pinned Repositories
analyzer
Analyze, extract and visualize features, artifacts and IoCs of files and memory dumps (Windows, Linux, Android, iPhone, Blackberry, macOS binaries, emails and more)
chameleon
19 Customizable honeypots for monitoring network traffic, bots activities and username\password credentials (DNS, HTTP Proxy, HTTP, HTTPS, SSH, POP3, IMAP, STMP, RDP, VNC, SMB, SOCKS5, Redis, TELNET, Postgres, MySQL, MSSQL, Elastic and ldap)
docker-images
Kali and Parrot OS docker images accessible via VNC, RDP and Web
honeypots
30 different honeypots in one package! (dhcp, dns, elastic, ftp, http proxy, https proxy, http, https, imap, ipp, irc, ldap, memcache, mssql, mysql, ntp, oracle, pjl, pop3, postgres, rdp, redis, sip, smb, smtp, snmp, socks5, ssh, telnet, vnc)
mitre-visualizer
š§¬ Mitre Interactive Network Graph (APTs, Malware, Tools, Techniques & Tactics)
osint
Build custom OSINT tools and APIs (Ping, Traceroute, Scans, Archives, DNS, Scrape, Whois, Metadata & built-in database for more info) with this python package
raven
Advanced Cyber Threat Map (Simplified, customizable, responsive and optimized)
rhino
Agile Sandbox for analyzing Windows, Linux and macOS malware and execution behaviors
social-analyzer
API, CLI, and Web App for analyzing and finding a person's profile in 1000 social media \ websites
url-sandbox
Scalable URL Sandbox for analyzing URLs and Domains from phishing attacks
QeeqBox's Repositories
qeeqbox/social-analyzer
API, CLI, and Web App for analyzing and finding a person's profile in 1000 social media \ websites
qeeqbox/honeypots
30 different honeypots in one package! (dhcp, dns, elastic, ftp, http proxy, https proxy, http, https, imap, ipp, irc, ldap, memcache, mssql, mysql, ntp, oracle, pjl, pop3, postgres, rdp, redis, sip, smb, smtp, snmp, socks5, ssh, telnet, vnc)
qeeqbox/analyzer
Analyze, extract and visualize features, artifacts and IoCs of files and memory dumps (Windows, Linux, Android, iPhone, Blackberry, macOS binaries, emails and more)
qeeqbox/two-factor-authentication-sim-swapping
An adversary may utilize a sim swapping attack for defeating 2fa authentication
qeeqbox/threat-intelligence
Threat intelligence or Cyber Threat Intelligence is the process of identifying and analyzing gathered information about past, current, and future cyber threats (Collecting information about a potential threat, then analyzing that information to learn more about the negative events)
qeeqbox/two-factor-authentication-sim-cloning
An adversary may utilize a sim swapping attack for defeating 2fa authentication
qeeqbox/cyber-kill-chain
Cyber Kill Chain is a model that Lockheed Martin created for understanding (Describe the sequence of events) and stopping cyberattacks
qeeqbox/digital-forensics
Digital Forensics is the process of finding and analyzing electronic data
qeeqbox/incident-response
Incident response is a set of steps that are used to handle the aftermath of a data breach or cyberattack
qeeqbox/stored-cross-site-scripting
An adversary may inject malicious content into a vulnerable target
qeeqbox/client-side-template-injection
A threat actor may trick a victim into executing native template syntax on a vulnerable target
qeeqbox/cybersecurity
Cybersecurity is the measures taken to protect networks, devices, and data against cyberattacks
qeeqbox/directory-listing
A threat actor may list files on a misconfigured server
qeeqbox/reflected-cross-site-scripting
A threat actor may inject malicious content into HTTP requests. The content will be reflected in the HTTP response and executed in the victim's browser
qeeqbox/risk-management
Risk management is the process of identifying, assessing, treating, and monitoring any negative events that affect a company's ability to operate (Preventing them or minimizing their harmful impact)
qeeqbox/vertical-privilege-escalation
A threat actor may perform unauthorized functions belonging to another user with a higher privileges level
qeeqbox/authentication-bypass
A threat actor may gain access to data and functionalities by bypassing the target authentication mechanism
qeeqbox/authorization-bypass
A threat actor may access the user's account using a stolen or leaked valid (existing) session identifier
qeeqbox/captcha-bypass
A threat actor may bypass the Completely Automated Public Turing test to tell Computers and Humans Apart (captcha) by breaking the solving logic, human-assisted solving services, or utilizing automated technology
qeeqbox/credential-stuffing
A threat actor may guess the target credentials using a known username and password pairs gathered from previous brute-force attacks
qeeqbox/data-compliance
Data compliance is the process of following various regulations and standards to ensure that sensitive digital assets (data) are guarded against loss, theft, and misuse
qeeqbox/default-credential
A threat actor may gain unauthorized access using the default username and password
qeeqbox/horizontal-privilege-escalation
A threat actor may perform unauthorized functions belonging to another user with a similar privileges level
qeeqbox/two-factor-authentication-brute-force
A threat actor may lunch brute force to the two-factor authentication (2FA) logic causing unauthorized access to the target
qeeqbox/access-control
Access Control is using security techniques to protect a system against unauthorized access
qeeqbox/data-classification
Data classification defines and categorizes data according to its type, sensitivity, and value
qeeqbox/data-lifecycle-management
Data Lifecycle Management (DLM) is a policy-based model for managing data in an organization
qeeqbox/data-security
Safeguarding your personal information (How your info is protected)
qeeqbox/password-spraying
A threat actor may guess the target credentials using a single password with a large set of usernames against the target
qeeqbox/xpath-injection
A threat actor may alter the XML path language (XPath) query to read data on the target