-
Notifications
You must be signed in to change notification settings - Fork 74
Packages
vm-packages edited this page Jan 28, 2025
·
5 revisions
| Package | Description |
|---|---|
| c3.vm | C3 (Custom Command and Control) is a tool that allows Red Teams to rapidly develop and utilise esoteric command and control channels (C2). It's a framework that extends other red team tooling, such as the commercial Cobalt Strike (CS) product via ExternalC2. |
| covenant.vm | Covenant is a .NET command and control framework that aims to highlight the attack surface of .NET, make the use of offensive .NET tradecraft easier, and serve as a collaborative command and control platform for red teamers. |
| merlin.vm | Merlin is a cross-platform post-exploitation Command and Control server and agent written in Go. |
| metasploit.vm | A computer security project that provides information about security vulnerabilities, aids in penetration testing, and IDS signature development. |
| sliver.vm | Sliver is an open source cross-platform adversary emulation/red team framework. |
| wmimplant.vm | WMImplant is a PowerShell based tool that leverages WMI to both perform actions against targeted machines, but also as the C2 channel for issuing commands and receiving results. |
| Package | Description |
|---|---|
| adconnectdump.vm | This toolkit offers several ways to extract and decrypt stored Azure AD and Active Directory credentials from Azure AD Connect servers. |
| asreproast.vm | Project that retrieves crackable hashes from KRB5 AS-REP responses for users without kerberoast preauthentication enabled. |
| credninja.vm | This tool will tell you if the credentials you dumped are valid on the domain, and if you have local administrator access to a host. |
| dumpert.vm | This tool demonstrates the use of direct System Calls and API unhooking and combines these techniques in a proof of concept code which can be used to create a LSASS memory dump using Cobalt Strike. |
| getlapspasswords.vm | PowerShell function to pull the local admin passwords from LDAP, stored there by LAPS. |
| hashcat.vm | Hashcat is a fast password recovery utility. |
| internal-monologue.vm | Internal Monologue Attack: Retrieving NTLM Hashes without Touching LSASS |
| inveigh.vm | Inveigh is a cross-platform .NET IPv4/IPv6 machine-in-the-middle tool for penetration testers. |
| keethief.vm | Allows for the extraction of KeePass 2.X key material from memory, as well as the backdooring and enumeration of the KeePass trigger system. |
| kerbrute.vm | A tool to quickly bruteforce and enumerate valid Active Directory accounts through Kerberos Pre-Authentication |
| mailsniper.vm | MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms and performing password spraying. |
| mimikatz.vm | Mimikatz is an open-source application that allows users to view and save authentication credentials such as Kerberos tickets |
| nanodump.vm | A Beacon Object File that creates a minidump of the LSASS process. |
| rubeus.vm | Rubeus is a C# toolset for raw Kerberos interaction and abuses. |
| safetykatz.vm | SafetyKatz is a combination of slightly modified version of @gentilkiwi's Mimikatz project and @subtee's .NET PE Loader. |
| sharpcliphistory.vm | SharpClipHistory is a .NET 4.5 application written in C# that can be used to read the contents of a user's clipboard history in Windows 10 starting from the 1809 Build. |
| sharpdump.vm | SharpDump is a C# port of PowerSploit's Out-Minidump.ps1 functionality. |
| sharplaps.vm | This executable is made to be executed within Cobalt Strike session using execute-assembly. It will retrieve the LAPS password from the Active Directory. |
| sharpsecdump.vm | .Net port of the remote SAM + LSA Secrets dumping functionality of impacket's secretsdump.py |
| Package | Description |
|---|---|
| ollydbg.vm | OllyDbg is a 32-bit assembler level analysing debugger for Windows. Emphasis on binary code analysis makes it particularly useful in cases where source is unavailable. |
| ollydbg2.vm | OllyDbg2 is a 32-bit assembler level analysing debugger for Windows. Emphasis on binary code analysis makes it particularly useful in cases where source is unavailable. |
| ttd.vm | Time travel debugging command line utility. |
| windbg.vm | WinDbg is a debugger that can be used to analyze crash dumps, debug live user-mode and kernel-mode code, and examine CPU registers and memory. |
| x64dbg.vm | An open-source x64/x32 debugger for Windows. |
| Package | Description |
|---|---|
| idr.vm | Interactive Delphi Reconstructor |
| Package | Description |
|---|---|
| cutter.vm | Cutter is a FOSS dissassembler/decompiler |
| ghidra.vm | A software reverse engineering (SRE) suite of tools developed by NSA's Research Directorate in support of the Cybersecurity mission. |
| idafree.vm | Free version of IDA Pro, a powerful Interactive DisAssembler and debugger. |
| idapro.vm | IDA Pro 9 is an interactive DisAssembler and debugger. The installation requires an IDA Pro installer ida-pro_9*.exe (and optionally a license file) in the Desktop. Get your installer from https://hex-rays.com/ida-pro. |
| Package | Description |
|---|---|
| didier-stevens-beta.vm | Beta versions of Didier Stevens's software |
| didier-stevens-suite.vm | Tools collection by Didier Stevens |
| ezviewer.vm | Standalone, zero dependency viewer for .doc, .docx, .xls, .xlsx, .txt, .log, .rtf, .otd, .htm, .html, .mht, .csv, and .pdf. Any non-supported files are shown in a hex editor (with data interpreter!) |
| offvis.vm | The Microsoft Office Visualization Tool (OffVis) is a tool from Microsoft that helps understanding the Microsoft Office binary file format in order to deconstruct .doc-, .xls- and .ppt-based targeted attacks. |
| onenoteanalyzer.vm | A C# based tool for analyzing malicious OneNote documents. |
| pdfstreamdumper.vm | PDFStreamDumper is a free, open source tool to analyze malicious PDF documents. |
| Package | Description |
|---|---|
| codetrack.vm | A free .NET Performance Profile and Execution Analyzer |
| de4dot-cex.vm | A de4dot fork with full support for vanilla ConfuserEx |
| dnlib.vm | .NET module/assembly reader/writer library |
| dnspyex.vm | dnSpyEx is a unofficial continuation of the dnSpy project which is a debugger and .NET assembly editor. You can use it to edit and debug assemblies even if you don't have any source code available. |
| dotdumper.vm | An automatic unpacker and logger for DotNet Framework targeting files |
| extreme_dumper.vm | .NET Assembly Dumper from memory of processes. |
| garbageman.vm | A set of tools designed for .NET heap analysis. |
| ilspy.vm | The open-source .NET assembly browser and decompiler. |
| net-reactor-slayer.vm | NETReactorSlayer is an open source (GPLv3) deobfuscator and unpacker for Eziriz .NET Reactor. |
| psnotify.vm | A POC tool to fight .NET anti-dumping tricks. |
| rundotnetdll.vm | A simple utility to list all methods of a given .NET Assembly and to invoke them. |
| sfextract.vm | command-line utility to extract files from single file bundles in .NET |
| Package | Description |
|---|---|
| certify.vm | Certify is a C# tool to enumerate and abuse misconfigurations in Active Directory Certificate Services (AD CS). |
| microburst.vm | MicroBurst includes functions and scripts that support Azure Services discovery, weak configuration auditing, and post exploitation actions such as credential dumping. |
| petitpotam.vm | PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions |
| powermad.vm | Powermad includes a set of functions for exploiting ms-DS-MachineAccountQuota without attaching an actual system to AD |
| powersploit.vm | PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. |
| powerupsql.vm | PowerUpSQL includes functions that support SQL Server discovery, weak configuration auditing, privilege escalation on scale, and post exploitation actions such as OS command execution. |
| powerzure.vm | PowerZure is a PowerShell project created to assess and exploit resources within Microsoft’s cloud platform, Azure. |
| sharpdpapi.vm | SharpDPAPI is a C# port of some DPAPI functionality from @gentilkiwi's Mimikatz project. |
| sharpup.vm | SharpUp is a C# port of various PowerUp functionality for auditing potential privilege escalation paths. |
| spoolsample.vm | PoC tool to coerce Windows hosts authenticate to other machines via the MS-RPRN RPC interface. |
| sqlrecon.vm | MSSQL toolkit for reconnaissance and post-exploitation |
| teamfiltration.vm | TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts. |
| whisker.vm | Whisker is a C# tool for taking over Active Directory user and computer accounts by manipulating their msDS-KeyCredentialLink attribute, effectively adding "Shadow Credentials" to the target account. |
| Package | Description |
|---|---|
| bindiff.vm | A comparison tool for binary files that assists in quickly finding differences and similarities in disassembled code |
| die.vm | Detect It Easy, or abbreviated "DIE" is a program for determining types of files. |
| exeinfope.vm | Displays metadata for a variety of file types and identifies many executable packers |
| exiftool.vm | A tool for reeding and writing file metadata |
| file.vm | A Windows port of the Linux file utility for checking header magics |
| floss.vm | FLOSS uses advanced static analysis techniques to automatically deobfuscate strings from malware binaries. You can use it just like strings.exe to enhance basic static analysis of unknown binaries. |
| goresym.vm | Go symbol recovery tool |
| hasher.vm | Hash all the things |
| hashmyfiles.vm | HashMyFiles is small utility that allows you to calculate the MD5 and SHA1 hashes of one or more files in your system. You can easily copy the MD5/SHA1 hashes list into the clipboard, or save them into text/html/xml file. |
| magika.vm | Magika is an AI powered file type detection tool that uses deep learning to provide accurate detection. |
| Package | Description |
|---|---|
| aleapp.vm | Android Logs Events And Protobuf Parser. |
| amcacheparser.vm | Amcache.hve parser with lots of extra features. Handles locked files |
| appcompatcacheparser.vm | AppCompatCache aka ShimCache parser. Handles locked files |
| arsenalimagemounter.vm | Mounts the contents of disk images as complete disks in Windows. |
| autopsy.vm | Autopsy is a graphical interface to The Sleuth Kit and other open source digital forensics tools. |
| chainsaw.vm | Chainsaw provides a powerful 'first-response' capability to quickly identify threats within Windows forensic artefacts such as Event Logs and the MFT file. |
| dcode.vm | Utility for converting data found on desktop and mobile devices into human-readable timestamps. |
| event-log-explorer.vm | Software solution for viewing, analyzing and monitoring events recorded in Microsoft Windows event logs. |
| evtxecmd.vm | Event log (evtx) parser with standardized CSV, XML, and json output! Custom maps, locked file support, and more! |
| ftk-imager.vm | The tool provides full disk imaging capabilities, mount images, preview data from forensic images, and seamlessly export files in common forensic formats, with an option for RAM capture. |
| hayabusa.vm | Windows event log fast forensics timeline generator and threat hunting tool |
| jlecmd.vm | Jump List parser |
| jumplist_explorer.vm | GUI based Jump List viewer |
| kernel-ost-viewer.vm | Facilitates efficient OST file recovery with features such as advanced message search, snapshot management and diverse file format saving. |
| kernel-outlook-pst-viewer.vm | Standalone platform for opening PST files without installing MS Outlook. |
| lecmd.vm | Parse lnk files |
| logfileparser.vm | Decode and dump lots of transaction information from the $LogFile on NTFS. |
| memprocfs.vm | MemProcFS is an easy and convenient way of viewing physical memory as files in a virtual file system. |
| mft_explorer.vm | Graphical $MFT viewer |
| mftecmd.vm | $MFT, $Boot, $J, $SDS, $I30, and $LogFile (coming soon) parser. Handles locked files |
| pecmd.vm | Prefetch parser |
| rbcmd.vm | Recycle Bin artifact (INFO2/$I) parser |
| recentfilecacheparser.vm | RecentFileCache parser |
| recmd.vm | Powerful command line Registry tool searching, multi-hive support, plugins, and more |
| rla.vm | Replay transaction logs and update Registry hives so they are no longer dirty. Useful when tools do not know how to handle transaction logs |
| sbecmd.vm | ShellBags Explorer, command line edition, for exporting shellbag data |
| sdb_explorer.vm | Shim database GUI |
| shellbags_explorer.vm | GUI for browsing shellbags data. Handles locked files |
| sqlecmd.vm | Find and process SQLite files according to your needs with maps! |
| srumecmd.vm | Process SRUDB.dat and (optionally) SOFTWARE hive for network, process, and energy info! |
| sumecmd.vm | Process Microsoft User Access Logs found under "C:\Windows\System32\LogFiles\SUM" |
| testdisk.vm | A robust data recovery tool, TestDisk, specializes in restoring lost partitions across diverse filesystems and facilitates file undeletion within supported filesystems. |
| timeline_explorer.vm | View CSV and Excel files, filter, group, sort, etc. with ease |
| vscmount.vm | Mount all VSCs on a drive letter to a given mount point |
| wxtcmd.vm | Windows 10 Timeline database parser |
| yara.vm | The pattern matching swiss knife |
| Package | Description |
|---|---|
| 010editor.vm | Professional text and hex editor with Binary Templates technology. |
| hxd.vm | Freeware hex editor |
| imhex.vm | A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM. |
| Package | Description |
|---|---|
| ifpstools.vm | IFPSTools.NET: tools for working with RemObject PascalScript compiled bytecode files |
| innoextract.vm | A tool to extract Inno Setup installers. |
| innounp.vm | Unpacker for Inno Setup installers. |
| isd.vm | Inno Setup Decompiler |
| Package | Description |
|---|---|
| apktool.vm | A tool for reverse engineering 3rd party, closed, binary Android apps. |
| bytecodeviewer.vm | A lightweight user-friendly Java/Android Bytecode Viewer, Decompiler and more. |
| dex2jar.vm | Tools to work with android .dex and java .class files. |
| recaf.vm | java bytecode editor |
| Package | Description |
|---|---|
| js-beautify.vm | JavaScript beautifier and deobfuscator. |
| js-deobfuscator.vm | Deobfuscator to remove common JS obfuscation techniques. |
| malware-jail.vm | Sandbox for semi-automatic Javascript malware analysis, deobfuscation and payload extraction. |
| obfuscator-io-deobfuscator.vm | A deobfuscator for scripts obfuscated by Obfuscator.io |
| Package | Description |
|---|---|
| sharpexec.vm | SharpExec is an offensive security C# tool designed to aid with lateral movement. |
| Package | Description |
|---|---|
| hollowshunter.vm | Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches). |
| pesieve.vm | pe-sieve recognizes and dumps variety of implants within the scanned process. |
| processdump.vm | Process Dump is a Windows reverse-engineering command-line tool to dump malware memory components back to disk for analysis. |
| Package | Description |
|---|---|
| fakenet-ng.vm | FakeNet-NG is a dynamic network analysis tool. |
| fiddler.vm | Intercepts, decrypts, and analyzes HTTPS traffic |
| internet_detector.vm | Tool that changes the background and a taskbar icon if it detects internet connectivity |
| netcat.vm | Netcat is a networking utility for reading from and writing to network connections using TCP or UDP. |
| networkminer.vm | NetworkMiner is an open source Network Forensic Analysis Tool for Windows, but also works in Linux or Mac OS X. NetworkMiner can be used as a passive network sniffer in order to detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the network. NetworkMiner can also parse PCAP files for off-line analysis and to reassemble transmitted files and certificates from PCAP files. |
| nmap.vm | Port scanning utility and nc replacement with extended features |
| openvpn.vm | OpenVPN is a full-featured open source SSL VPN solution that accommodates a wide range of configurations. |
| powercat.vm | PowerShell implementation of netcat functionality |
| putty.vm | PuTTY is a free implementation of SSH and Telnet for Windows and Unix platforms, along with an xterm terminal emulator. |
| streamdivert.vm | StreamDivert has the ability to relay all incoming SMB connections to port 445 to another server, or only relay specific incoming SMB connections from a specific set of source IP's to another server. |
| telnet.vm | A network protocol used to virtually access a computer and to provide a two-way, collaborative and text-based communication channel between two machines |
| windump.vm | Windows version of tcpdump, the command line network analyzer for UNIX |
| wireshark.vm | Wireshark lets you capture and interactively browse the traffic running on a computer network. |
| Package | Description |
|---|---|
| autoit-ripper.vm | Extracts compiled AutoIt scripts from PE executables. |
| pkg-unpacker.vm | Unpacker for pkg applications. |
| uniextract2.vm | Universal Extractor 2 is an unofficial updated and extended version of the original UniExtract by Jared Breland. |
| upx.vm | UPX is a free, secure, portable, extendable, high-performance executable packer for several executable formats. |
| Package | Description |
|---|---|
| badassmacros.vm | Proof of Concept tool to generate malicious macros leveraging techniques like VBA Purging and Shellcode Obfuscation to evade AV engines. |
| confuserex.vm | ConfuserEx is a open-source protector for .NET applications. It is the successor of Confuser project. |
| dotnettojscript.vm | A tool to generate a JScript which bootstraps an arbitrary .NET Assembly and class. |
| evilclippy.vm | A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. |
| gadgettojscript.vm | A tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from JS/VBS/VBA scripts. |
| invokedosfuscation.vm | Invoke-DOSfuscation is a PowerShell v2.0+ compatible cmd.exe command obfuscation framework. |
| invokeobfuscation.vm | Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator. |
| stracciatella.vm | Powershell runspace from within C# (aka SharpPick technique) with AMSI, ETW and Script Block Logging disabled. |
| syswhispers2.vm | SysWhispers helps with evasion by generating header/ASM files implants can use to make direct system calls. |
| syswhispers3.vm | SysWhispers helps with evasion by generating header/ASM files implants can use to make direct system calls. |
| unhook-bof.vm | This is a Beacon Object File to refresh DLLs and remove their hooks. The code is from Cylance's Universal Unhooking research. |
| Package | Description |
|---|---|
| dependencywalker.vm | Scans PE files and builds a hierarchical tree diagram of all dependent modules |
| dll-to-exe.vm | Converts a DLL into a ready-to-use EXE |
| explorersuite.vm | A suite of tools including CFF Explorer and a process viewer. |
| pe_unmapper.vm | Small tool to convert beteween the PE alignments (raw and virtual) |
| peanatomist.vm | PE Analysis tool providing detailed information |
| pebear.vm | Delivers fast and flexible "first view" for malware analysts |
| peid.vm | PEiD detects most common packers, cryptors and compilers for PE files. |
| pestudio.vm | The goal of pestudio is to spot artifacts of executable files in order to ease and accelerate Malware Initial Assessment. |
| setdllcharacteristics.vm | A CLI tool for manipulating ASLR, DEP, and check signature flags of PE files |
| Package | Description |
|---|---|
| juicypotato.vm | Local Privilege Escalation tool that abuses the SeImpersonatePrivilege to go from a Windows Service Account to NT AUTHORITY\SYSTEM |
| Package | Description |
|---|---|
| 7zip-15-05.vm | 7-Zip file archiver. This version is able to extract NSIS scripts. |
| 7zip-nsis.vm | 7-zip build with nsis script decompiling |
| cmder.vm | Metapackage for cmder |
| cygwin.vm | Wrapper for cygwin and useful cygwin packages |
| ipython.vm | A powerful interactive Python shell |
| nasm.vm | Netwide Assembler |
| notepadplusplus.vm | Wrapper for Notepad++ |
| tor-browser.vm | The Tor software protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world. |
| vcbuildtools.vm | Metapackage that requires the dependencies below: |
- visualstudio2017buildtools
- visualstudio2017-workload-vctools | | visualstudio.vm | IDE. | | vscode.vm | VSCode is a modern, open-source code editor. | | windows-terminal.vm | Windows Terminal is a new, modern, feature-rich, productive terminal application for command-line users. |
| Package | Description |
|---|---|
| pycdas.vm | Python byte-code disassembler |
| pycdc.vm | Python decompiler |
| uncompyle6.vm | A decompiler for Python 1.0-3.8. |
| unpyc3.vm | A decompiler for Python 3.7+. |
| Package | Description |
|---|---|
| azurehound.vm | AzureHound is the BloodHound data collector for Microsoft Azure. |
| bloodhound-custom-queries.vm | Custom Query list for the Bloodhound GUI based off my cheatsheet |
| bloodhound.vm | BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. |
| egress-assess.vm | Egress-Assess is a tool used to test egress data detection capabilities. |
| gobuster.vm | Directory/file and DNS busting tool written in Go |
| gowitness.vm | Website screenshot utility written in Golang, that uses Chrome Headless to generate screenshots of web interfaces using the command line, with a handy report viewer to process results. |
| group3r.vm | Group3r is a tool for pentesters and red teamers to rapidly enumerate relevant settings in AD Group Policy, and to identify exploitable misconfigurations. |
| ldapnomnom.vm | Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP) |
| mfasweep.vm | MFASweep is a PowerShell script that attempts to log in to various Microsoft services using a provided set of credentials and will attempt to identify if MFA is enabled. |
| netgpppassword.vm | .NET/C# implementation of Get-GPPPassword. Retrieves the plaintext password and other information for accounts pushed through Group Policy Preferences. |
| outflank-c2-tool-collection.vm | Contains a collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques. |
| routesixtysink.vm | Route Sixty-Sink is an open source tool that enables defenders and security researchers alike to quickly identify vulnerabilities in any .NET assembly using automated source-to-sink analysis. |
| seatbelt.vm | Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives. |
| sharphound.vm | SharpHound is an Active Directory ingester tool for BloodHound. |
| sharpview.vm | .NET port of PowerView used for information gathering within Active Directory |
| sharpwmi.vm | SharpWMI is a C# implementation of various WMI functionality. |
| situational-awareness-bof.vm | Provides a set of basic situational awareness commands implemented in a Beacon Object File (BOF). This allows you to perform some checks on a host before you begin executing commands that may be more invasive. |
| snaffler.vm | Snaffler is a tool for enumerating accessible SMB shares in an Active Directory environment. |
| trustedsec-remote-ops-bof.vm | Addition to Situational Awareness BOFs intended for single task Windows primitives such as creating a task, stopping a service, etc. |
| Package | Description |
|---|---|
| reg_export.vm | A CLI that exports the raw content of a registry value to a file |
| regcool.vm | In addition to all the features that you can find in RegEdit and RegEdt32, RegCool adds many powerful features that allow you to work faster and more efficiently with registry related tasks |
| registry_explorer.vm | Registry viewer with searching, multi-hive support, plugins, and more. Handles locked files |
| regshot.vm | Regshot is a small, free and open-source registry compare utility that allows you to quickly take a snapshot of your registry and then compare it with a second one - done after doing system changes or installing a new software product. |
| total-registry.vm | Replacement for the Windows built-in Regedit.exe tool with improved features. |
| Package | Description |
|---|---|
| blobrunner.vm | BlobRunner is a simple tool to quickly debug shellcode extracted during malware analysis. |
| blobrunner64.vm | BlobRunner is a simple tool to quickly debug shellcode extracted during malware analysis. |
| scdbg.vm | scdbg is an emulation based shellcode API logger and debugger |
| sclauncher.vm | A small program to load 32-bit shellcode and allow for execution or debugging. Can also output PE files from shellcode. |
| sclauncher64.vm | A small program to load 64-bit shellcode and allow for execution or debugging. Can also output PE files from shellcode. |
| shellcode_launcher.vm | Shellcode launcher utility |
| Package | Description |
|---|---|
| apimonitor.vm | API Monitor lets you monitor and control API calls made by applications and services. |
| bstrings.vm | Find them strings yo. Built in regex patterns. Handles locked files |
| capa-explorer-web.vm | Web interface for exploring and understanding capa results |
| capa.vm | capa detects capabilities in executable files. You run it against a PE file or shellcode and it tells you what it thinks the program can do. |
| cryptotester.vm | Utility tool for performing cryptanalysis with a focus on ransomware cryptography |
| cyberchef.vm | The Cyber Swiss Army Knife - a web app for encryption, encoding, compression, data analysis, and more. |
| map.vm | Handful of small utility type applications useful for analyzing malicious code. |
| pdbresym.vm | Download PDBs |
| pma-labs.vm | Binaries for the book Practical Malware Analysis |
| procdot.vm | Creates visual graphs from procmon output |
| rat-king-parser.vm | multi-family RAT config parser/extractor |
| resourcehacker.vm | Resource Hacker is a resource editor for 32bit and 64bit Windows applications. |
| rpcview.vm | RpcView is an open-source tool to explore and decompile all RPC functionalities present on a Microsoft system |
| sqlitebrowser.vm | Open source tool to create, design, and edit database files compatible with SQLite. |
| sysinternals.vm | Sysinternals suite. |
| systeminformer.vm | A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware. |
| vnc-viewer.vm | Tool for connecting to and interacting with VNC servers. |
| winscp.vm | WinSCP is an open source free SFTP client, SCP client, FTPS client and FTP client for Windows. Its main function is file transfer between a local and a remote computer. |
| Package | Description |
|---|---|
| vb-decompiler-lite.vm | Visual Basic decompiler |
| vbdec.vm | VBDec works as a VB6 disassembler, PCode debugger, structure viewer for all vb6 executables, and can generate IDA scripts to integrate structures and named function offsets. |
| Package | Description |
|---|---|
| burp-free.vm | Burp Suite Community Edition is PortSwigger's free integrated platform for performing security testing of web applications. |
| Package | Description |
|---|---|
| fuzzdb.vm | FuzzDB is the most comprehensive open dictionary of fault injection patterns, predictable resource locations, and regex for matching server responses. |
| payloadsallthethings.vm | A list of useful payloads and bypasses for Web Application Security. |
| seclists.vm | SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. |
| statistically-likely-usernames.vm | This resource contains wordlists for creating statistically likely usernames for use in username-enumeration, simulated password-attacks and other security testing tasks. |
| Package | Description |
|---|---|
| 7zip.vm | Metapackage for 7zip to ensure all packages use the same 7zip version. |
| chrome.extensions.vm | A package for multiple useful chrome extensions from the Chrome webstore. |
| common.vm | Common libraries for VM-packages |
| debloat.vm | Debloat and performance configurations for Windows OS |
| dokan.vm | Dokan simplifies the creation of custom file systems on Windows without the complexity of developing kernel-level drivers, offering an accessible solution for file system development, similar to FUSE on Linux. |
| dotnet-6.vm | Metapackage for .NET6 to ensure all packages use the same version. |
| dotnet-8.vm | Metapackage for .NET8 to ensure all packages use the same version. |
| googlechrome.vm | Chrome is a popular web browser. |
| ida.plugin.capa.vm | capa explorer is an IDAPython plugin that integrates capa with IDA Pro. |
| ida.plugin.comida.vm | IDA Plugin that help analyzing modules using COM. |
| ida.plugin.dereferencing.vm | IDA Pro plugin that implements new registers and stack views. |
| ida.plugin.diaphora.vm | Diaphora is a program diffing IDA plugin. |
| ida.plugin.flare.vm | IDA Pro plugins used by the FLARE team. |
| ida.plugin.hashdb.vm | Malware string hash lookup plugin for IDA Pro |
| ida.plugin.hrtng.vm | IDA Pro plugin with features such as decryption, automation, deobfuscation, patching, lib code recognition and pseudocode transformations. |
| ida.plugin.ifl.vm | Interactive Functions List IDA Pro plugin. |
| ida.plugin.lighthouse.vm | A powerful coverage explorer. |
| ida.plugin.sigmaker.vm | Signature Maker Plugin for IDA Pro 8.3. |
| ida.plugin.xray.vm | Hexrays decompiler plugin that colorizes and filters the decompiler's output based on regular expressions |
| ida.plugin.xrefer.vm | Custom navigation interface within IDA. |
| installer.vm | Generic installer for custom virtual machines. |
| libraries.python3.vm | Metapackage to install common Python libraries |
| microsoft-office.vm | Microsoft Office ProPlusRetail |
| nodejs.vm | Metapackage for Node.js to ensure all packages use the same Node.js version. |
| notepadpp.plugin.compare.vm | ComparePlus plugin for Notepad++ |
| notepadpp.plugin.jstool.vm | A JavaScript (JSON) tool for Notepad++ (formerly JSMinNpp) |
| notepadpp.plugin.xmltools.vm | XML Tools plugin for Notepad++ |
| npcap.vm | Npcap is an architecture for packet capture and network analysis for Windows operating systems, consisting of a software library and a network driver. |
| ollydbg.plugin.ollydumpex.vm | This plugin is process memory dumper for OllyDbg and Immunity Debugger. OllyDumpEx = OllyDump + PE Dumper - obsoleted + useful features |
| ollydbg.plugin.scyllahide.vm | ScyllaHide is an advanced open-source x64/x86 user mode Anti-Anti-Debug library. |
| ollydbg2.plugin.ollydumpex.vm | This plugin is process memory dumper for OllyDbg2 and Immunity Debugger. OllyDumpEx = OllyDump + PE Dumper - obsoleted + useful features |
| ollydbg2.plugin.scyllahide.vm | ScyllaHide is an advanced open-source x64/x86 user mode Anti-Anti-Debug library. |
| openjdk.vm | Metapackage for OpenJDK to ensure all packages use the same OpenJDK version. |
| pdbs.pdbresym.vm | Download PDBs |
| python3.vm | Metapackage for Python 3 to ensure all packages use the same Python version. |
| vcredist140.vm | Metapackage for Python 3 to ensure all packages use the same Python version. |
| vscode.extension.jupyter.vm | Jupyter notebook support, interactive programming and computing that supports Intellisense, debugging and more. |
| vscode.extension.python.vm | Python language support with extension access points for IntelliSense (Pylance), Debugging (Python Debugger), linting, formatting, refactoring, unit tests, and more. |
| x64dbg.plugin.dbgchild.vm | DbgChild is an x64dbg plugin to automatically attach to spawned child processes. |
| x64dbg.plugin.ollydumpex.vm | This plugin is process memory dumper for OllyDbg and Immunity Debugger. OllyDumpEx = OllyDump + PE Dumper - obsoleted + useful features |
| x64dbg.plugin.scyllahide.vm | ScyllaHide is an advanced open-source x64/x86 user mode Anti-Anti-Debug library. |
| x64dbg.plugin.x64dbgpy.vm | Automating x64dbg using Python. |