Discover
Find tools for your stack. Pick an audience — we handle the noise.
Discover picks for Forensics & Incident Response
See all tools in Forensics & Incident Response →On Hacker News
Ranked by discussion
tailscale
HealthyThe easiest, most secure way to use WireGuard and 2FA.
CyberChef
MixedThe Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis
caddy
At RiskFast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS
netbird
MixedConnect your devices into a secure WireGuard®-based overlay network with SSO, MFA and granular access controls.
pocketbase
HealthyOpen Source realtime backend in 1 file
opensnitch
At RiskOpenSnitch is a GNU/Linux interactive application firewall inspired by Little Snitch.
pangolin
HealthyIdentity-aware VPN and proxy for remote access to anything, anywhere.
Maigret
Mixed♂ Collect a dossier on a person by username from 3000+ sites
certificates
MixedA private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.
keycloak
HealthyOpen Source Identity and Access Management For Modern Applications and Services
mitmproxy
HealthyAn interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
headscale
At RiskAn open source, self-hosted implementation of the Tailscale control server
Trending now
See all →-
2
Moloch
Moloch is an open source, large scale IPv4 packet capturing (PCAP), indexing and database system. A simple web interface is provided for PCAP browsing, searching, and exporting. APIs are exposed that allow PCAP data and JSON-formatted session data to be downloaded directly. Simple security is implemented by using HTTPS and HTTP digest password support or by using apache in front. Moloch is not meant to replace IDS engines but instead work along side them to store and index all the network traffic in standard PCAP format, providing fast access. Moloch is built to be deployed across many systems and can scale to handle multiple gigabits/sec of traffic.
-
1
Radare2
UNIX-like reverse engineering framework and command-line toolset
Healthy -
0
AVML
AVML - Acquire Volatile Memory for Linux
Mixed -
0
Plaso
Super timeline all the things
At Risk -
grr
GRR Rapid Response: remote live forensics for incident response
At Risk -
Forensic Artifacts
Digital Forensics Artifact Repository
At Risk -
CAPA
The FLARE team's open-source tool to identify capabilities in executable files.
At Risk -
Flare
A fully customizable, Windows-based security distribution for malware analysis, incident response, penetration testing.
At Risk -
NullSec LogReaper
High-speed log analysis and forensics tool with multi-format parsing, pattern matching, timeline reconstruction and anomaly detection for incident response.
Mixed -
Splunk Attack Range
A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk
At Risk -
Velociraptor
Digging Deeper....
At Risk -
UAC
UAC is a powerful and extensible incident response tool designed for forensic investigators, security analysts, and IT professionals. It automates the collection of artifacts from a wide range of Unix-like systems, including AIX, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris.
At Risk