Projects I am developing in my free time are below. As always, if you are interested in getting involved in these projects please give me a shout.
Active and mantained projects.
Awesome hacking is a curated list of hacking tools for hackers, pentesters and security researchers. Its goal is to collect, classify and make awesome tools easy to find by humans, creating a toolset you can checkout and update with one command.
Cuckoo Sandbox is the leading open source automated malware analysis system. You can throw any suspicious file at it and in a matter of minutes Cuckoo will provide a detailed report outlining the behavior of the file when executed inside a realistic but isolated environment. In these evolving times, detecting and removing malware artifacts is not enough: it’s vitally important to understand how they operate in order to understand the context, the motivations, and the goals of a breach. Cuckoo Sandbox is free software that automated the task of analyzing any malicious file under Windows, macOS, Linux, and Android.
Harden the world
Harden the world is a community driven project to develop hardening guidelines and checklists for common software and devices.
The idea behind this script is to provide a DNS honeypot which logs all requests to a SQLite database and with a configurable interactivity level. It can be configured to resolve only a number of DNS requests to seems like an open resolver to an attacker, after that it acts as a sinkhole. For each request coming from a source IP only a custom number of requests are really resolved (sending back a DNS reply) before working as a sinkhole; after a configurable timeout, it can restart the loop.
Old (inactive) projects
Old projects, now not mantained by long time. I want to revamp some of them, hoping in more free time in the future :)
Ghiro is a fully automated tool designed to run forensics analysis over a massive amount of images, just using an user friendly and fancy web application.
hostmap is a free, automatic, hostnames and virtual hosts discovery tool written in Ruby by Alessandro Tanasi (@jekil) and licensed under GNU General Public License version 3 (GPLv3). It’s goal is to enumerate all hostnames and configured virtual hosts on an IP address. The primary users of hostmap are professionals performing vulnerability assessments and penetration tests.
Despite numerous tools exist to perform forensics investigations on images, they lack features and are generally buggy. This site is meant to address these issues and offer a stable and reliable service for forensics investigators and security professionals.
Malwr was a service that offered free malware analysis with a publicly-accessible Cuckoo Sandbox.
Screwed File Monitor
Never happened to lose files due to file system failure or corruption? And when you need them, you found they corrupted by so much time all your backups don’t have a good copy. Screwed file monitor is a simple tool to detect file alterations or corruption and warn you, so you can get a fresh copy out of your backups.
Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.