Forensic ToolsView on GitHub
In the summer of 2016, I developed a collection of penetration testing, analytics, and forensic tools.
- Uses VirusTotal, location, spam blacklist, and registrar data to determine if a given IP is associated with malicious material.
- Queries multiple tools such as VirusTotal, WildFire, ClamAV, and NSRL to perform deep analysis on a forensic disk image.
Tor Web Crawler
- Connects to the Tor network and does web scraping for email addresses.
- Follows links on webpages so it can quickly find data for a specific domain.
- Builds a master-slave dnmap implementation to provide distributed port scanning for load-balancing and covert reconnaissance.
- Uses SaltStack to build, start, or destroy an arbitrary number of AWS scanner slaves with a single command.