├── .gitattributes ├── DFIR_Toolbar.py ├── DFIR_Toolbar.spec ├── LICENSE ├── README.md ├── icons ├── toolbar.png └── web │ ├── arm-logo.png │ ├── cyberchef │ └── cyberchef_hat.png │ ├── cyberchef_hat.png │ ├── dfiq-square.png │ ├── dogbolt-logo.png │ ├── farm_the_land.png │ ├── frameworks │ ├── ATT&CK_red.png │ ├── afb-logo.png │ ├── atlas.png │ ├── att&ck-navigator-logo.png │ ├── d3fend.png │ ├── dett&ct-logo.png │ ├── mbc-logo.png │ ├── sparta.png │ └── unprotect_logo.png │ ├── iocparser-logo.png │ ├── kqlsearch-logo.png │ ├── lol_sites │ ├── lolad-logo.png │ ├── lolcloud-logo.png │ ├── lolol │ │ ├── bootloaders-logo.png │ │ ├── filesec.png │ │ ├── github.png │ │ ├── gtfobins.png │ │ ├── hijacklibs.png │ │ ├── loflcab.png │ │ ├── lofp-logo.png │ │ ├── lolapps-logo.png │ │ ├── lolbas.png │ │ ├── lolbins-cti.png │ │ ├── loldrivers.png │ │ ├── lolesxi-logo.png │ │ ├── lolrmm-logo.png │ │ ├── loobins.png │ │ ├── lothardware.png │ │ ├── lots.png │ │ ├── mandiant.png │ │ ├── tractor.png │ │ ├── wadcoms.png │ │ └── wtfbins.png │ └── lotts-logo.png │ ├── malware_analysis │ ├── sandboxes │ │ ├── anyrun-logo.png │ │ ├── hybrid-logo.png │ │ ├── intezer-logo.png │ │ ├── iris-h-logo.png │ │ ├── joesb-logo.png │ │ ├── threatzone-logo.png │ │ └── triage-logo.png │ └── services │ │ ├── cpr-logo.png │ │ ├── crxaminer-logo.png │ │ ├── filescan-logo.png │ │ ├── gw-logo.png │ │ ├── inquest-logo.png │ │ ├── malcore-logo.png │ │ ├── malpedia-logo.png │ │ ├── manalyzer-logo.png │ │ ├── mhr-logo.png │ │ ├── valkyrie-logo.png │ │ ├── virusshare-logo.png │ │ ├── virussign-logo.png │ │ ├── virustotal-logo.png │ │ ├── vxug-logo.png │ │ └── yomi-logo.png │ ├── memory │ ├── terminus-logo.png │ ├── tux.png │ └── vergilius-logo.png │ ├── ms-logo.png │ ├── ms_azure │ ├── O365_Admin_Green.png │ ├── SDDLMaker.png │ ├── asrgen-logo.png │ ├── cmdms-logo.png │ ├── kqlsearch-logo.png │ └── merrill.png │ ├── ms_portals │ ├── O365_Admin_Green.png │ └── cmdms-logo.png │ ├── shell.png │ ├── sigma │ ├── sigma-logo.png │ └── uncoder-logo.png │ ├── sigma_logo_dark.png │ ├── startme-logo.png │ ├── startme │ ├── azuleonyx-logo.png │ ├── cyberspartel-logo.png │ ├── dfirdetective-logo.png │ ├── dfirjedi-logo.png │ ├── hatless1der-logo.png │ ├── infosecn1nja-logo.png │ ├── sighlent-logo.png │ ├── stark4n6-logo.png │ └── stemsadie-logo.png │ ├── stronticy.png │ ├── vuln-lookup-logo.png │ ├── web_analysis │ ├── lookyloo-logo.png │ ├── unfurl-logo.png │ ├── urlquery-logo.png │ └── urlscan-logo.png │ ├── wigle-logo.png │ ├── yara-forge-logo.png │ ├── yara-logo.png │ └── yara-toolkit-logo.png ├── menu_config ├── plugins ├── browser_plugin.py └── copy_plugin.py └── requirements.txt /.gitattributes: -------------------------------------------------------------------------------- 1 | # Auto detect text files and perform LF normalization 2 | * text=auto 3 | -------------------------------------------------------------------------------- /DFIR_Toolbar.py: -------------------------------------------------------------------------------- 1 | import importlib 2 | import json 3 | import logging 4 | import os 5 | import threading 6 | import time 7 | import sys 8 | from ctypes import Structure, byref, c_uint, sizeof, windll 9 | from ctypes.wintypes import HWND, RECT, UINT 10 | import tkinter as tk 11 | from tkinter import Menu, font 12 | 13 | from PIL import Image, ImageDraw 14 | import pygetwindow as gw 15 | from pystray import Icon, MenuItem, Menu as TrayMenu # Alias pystray.Menu 16 | from screeninfo import get_monitors 17 | 18 | __author__ = "Brian Maloney" 19 | __version__ = "2025.01.03" 20 | __email__ = "bmmaloney97@gmail.com" 21 | 22 | if getattr(sys, 'frozen', False): 23 | application_path = os.path.dirname(sys.executable) 24 | else: 25 | application_path = os.path.dirname(os.path.abspath(__file__)) 26 | 27 | logging.basicConfig(level=logging.INFO, 28 | format='%(asctime)s, %(levelname)s, %(message)s', 29 | datefmt='%Y-%m-%d %H:%M:%S', 30 | handlers=[ 31 | logging.FileHandler(application_path + '/app.log', 32 | mode='w' 33 | ) 34 | ] 35 | ) 36 | 37 | # Define constants for AppBar 38 | ABM_NEW = 0x00000000 39 | ABM_REMOVE = 0x00000001 40 | ABM_SETPOS = 0x00000003 41 | ABE_TOP = 1 42 | 43 | 44 | # Define APPBARDATA structure 45 | class APPBARDATA(Structure): 46 | _fields_ = [ 47 | ("cbSize", UINT), 48 | ("hWnd", HWND), 49 | ("uCallbackMessage", UINT), 50 | ("uEdge", UINT), 51 | ("rc", RECT), 52 | ("lParam", c_uint), 53 | ] 54 | 55 | 56 | # --- Helper Functions --- 57 | # Load JSON configuration 58 | def load_menu_config(): 59 | config_path = os.path.join(application_path, "menu_config") 60 | try: 61 | with open(config_path, "r") as f: 62 | return json.load(f) 63 | except FileNotFoundError: 64 | logging.error(f"Error: The file {config_path} was not found.") 65 | sys.exit(1) 66 | except json.JSONDecodeError: 67 | logging.error(f"Error: Failed to decode JSON from {config_path}.") 68 | sys.exit(1) 69 | except Exception as e: 70 | logging.error(f"An unexpected error occurred: {e}") 71 | sys.exit(1) 72 | 73 | 74 | menu_config = load_menu_config() 75 | 76 | 77 | # Get primary monitor size 78 | def monitor_size(): 79 | monitors = get_monitors() 80 | for monitor in monitors: 81 | if monitor.is_primary: 82 | return monitor 83 | raise ValueError("No primary monitor found") 84 | 85 | 86 | def register_appbar(hwnd, height=40): 87 | """Registers the toolbar as an AppBar and reserves screen space.""" 88 | abd = APPBARDATA() 89 | abd.cbSize = sizeof(APPBARDATA) 90 | abd.hWnd = hwnd 91 | abd.uEdge = ABE_TOP 92 | abd.rc = RECT(0, 0, display.width, height) 93 | windll.shell32.SHAppBarMessage(ABM_NEW, byref(abd)) 94 | windll.shell32.SHAppBarMessage(ABM_SETPOS, byref(abd)) 95 | return abd 96 | 97 | 98 | def unregister_appbar(abd): 99 | """Unregisters the AppBar and frees reserved space.""" 100 | windll.shell32.SHAppBarMessage(ABM_REMOVE, byref(abd)) 101 | 102 | 103 | # Function to create a simple icon image 104 | def create_tray_icon_image(width, height, color1, color2): 105 | image = Image.new('RGB', (width, height), color1) 106 | dc = ImageDraw.Draw(image) 107 | dc.rectangle((width // 4, height // 4, width * 3 // 4, height * 3 // 4), fill=color2) 108 | return image 109 | 110 | 111 | # Function to toggle toolbar visibility 112 | def toggle_toolbar(app): 113 | if app.state() == 'withdrawn': 114 | app.deiconify() 115 | hwnd = windll.user32.GetForegroundWindow() 116 | app.abd = register_appbar(hwnd, height=40) 117 | 118 | else: 119 | unregister_appbar(app.abd) 120 | app.withdraw() 121 | 122 | 123 | # Function to quit both the tray icon and the app 124 | def quit_app(icon, app, monitor, monitor_thread): 125 | monitor.stop() 126 | monitor_thread.join() 127 | app.on_close() # Call the original cleanup method 128 | icon.stop() 129 | 130 | 131 | # Function to open the app.log file 132 | def open_log_file(): 133 | log_file = application_path + "/app.log" 134 | if os.path.exists(log_file): 135 | os.startfile(log_file) 136 | 137 | 138 | # Create and run the system tray icon 139 | def run_tray_icon(app, monitor, monitor_thread): 140 | def on_toggle_toolbar(): 141 | toggle_toolbar(app) 142 | 143 | show_toolbar_item = MenuItem( 144 | 'Show Toolbar', 145 | on_toggle_toolbar, 146 | checked=lambda item: app.state() != 'withdrawn' 147 | ) 148 | 149 | menu = TrayMenu( 150 | show_toolbar_item, 151 | TrayMenu.SEPARATOR, 152 | MenuItem("Open Log", lambda icon, item: open_log_file()), 153 | TrayMenu.SEPARATOR, 154 | MenuItem('Quit', lambda icon, item: quit_app(icon, app, monitor, monitor_thread)) 155 | ) 156 | icon = Icon( 157 | "DFIR Toolbar", 158 | create_tray_icon_image(64, 64, 'white', 'blue'), 159 | menu=menu 160 | ) 161 | icon.run() 162 | 163 | 164 | # --- Independent Classes --- 165 | # WindowStateMonitor class 166 | class WindowStateMonitor: 167 | def __init__(self, polling_interval=1): 168 | self.polling_interval = polling_interval 169 | self.prev_state = {} 170 | self.running = True # Flag to control the thread 171 | 172 | def monitor_window_state(self): 173 | while self.running: 174 | try: 175 | windows = gw.getWindowsWithTitle("") # Get all open windows 176 | except Exception: 177 | continue 178 | 179 | for window in windows: 180 | if window.isMaximized: 181 | current_state = "maximized" 182 | elif window.isMinimized: 183 | current_state = "minimized" 184 | else: 185 | current_state = "normal" 186 | 187 | if window.title not in self.prev_state or self.prev_state[window.title] != current_state: 188 | self.prev_state[window.title] = current_state 189 | 190 | if current_state == "normal": 191 | if window.top <= 39 and window.title != 'DFIR Toolbar' and window.right >= 0: 192 | new_position = (window.left, 40) 193 | try: 194 | window.moveTo(*new_position) 195 | except Exception as e: 196 | logging.error(f"Unable to move {window.title}: {e}") 197 | 198 | time.sleep(self.polling_interval) 199 | 200 | def stop(self): 201 | """Stops the monitoring loop.""" 202 | self.running = False 203 | 204 | 205 | # --- Primary Class --- 206 | class ToolbarWithMenus(tk.Tk): 207 | def __init__(self): 208 | super().__init__() 209 | self.title("DFIR Toolbar") 210 | self.overrideredirect(True) 211 | self.attributes("-topmost", True) 212 | self.geometry(f"{display.width}x40+0+0") 213 | 214 | self.custom_font = font.Font(family="TkDefaultFont", size=10) 215 | self.option_add("*Menu.font", self.custom_font) 216 | 217 | self.image_cache = {} 218 | self.plugins = {} 219 | self.load_plugins() # Load plugins dynamically 220 | 221 | hwnd = windll.user32.GetForegroundWindow() 222 | self.abd = register_appbar(hwnd, height=40) 223 | 224 | self.protocol("WM_DELETE_WINDOW", self.on_close) 225 | 226 | # Load background image 227 | try: 228 | self.background_image = tk.PhotoImage(file="icons/toolbar.png") 229 | except Exception as e: 230 | logging.error(f"Error loading background image: {e}") 231 | self.background_image = None 232 | 233 | # Use Canvas to display the background image 234 | self.toolbar_canvas = tk.Canvas(self, width=display.width, height=40, 235 | bg="gray", bd=0, highlightthickness=0, 236 | relief="flat") 237 | self.toolbar_canvas.pack(fill=tk.BOTH, expand=True) 238 | 239 | if self.background_image: 240 | self.toolbar_canvas.create_image(0, 0, anchor=tk.NW, 241 | image=self.background_image) 242 | 243 | for menu_label, menu_conf in menu_config["MENU_CONFIG"].items(): 244 | self.create_menu_button(self.toolbar_canvas, menu_label, menu_conf) 245 | 246 | self.update_position(hwnd) 247 | 248 | def load_plugins(self): 249 | """Dynamically loads plugins from the plugins directory.""" 250 | plugins_dir = os.path.join(application_path, "plugins") 251 | if not os.path.exists(plugins_dir): 252 | os.makedirs(plugins_dir) 253 | 254 | for filename in os.listdir(plugins_dir): 255 | if filename.endswith(".py") and filename != "__init__.py": 256 | plugin_path = os.path.join(plugins_dir, filename) 257 | module_name = filename[:-3] 258 | try: 259 | spec = importlib.util.spec_from_file_location(module_name, plugin_path) 260 | module = importlib.util.module_from_spec(spec) 261 | spec.loader.exec_module(module) 262 | self.plugins[module_name] = module 263 | 264 | # Log the plugin details if the attributes exist 265 | author = getattr(module, "__author__", "Unknown") 266 | version = getattr(module, "__version__", "Unknown") 267 | logging.info(f"Loaded plugin: {module_name}, Author: {author}, Version: {version}") 268 | except Exception as e: 269 | logging.error(f"Failed to load plugin {module_name}: {e}") 270 | 271 | def create_menu_button(self, parent, label, menu_items): 272 | """Creates a button with a popup menu.""" 273 | tearoff = self.is_tearoff(menu_items.get("tearoff")) 274 | entries = menu_items.get("entries", []) 275 | menu = Menu(self, tearoff=tearoff, title=label) 276 | self.add_menu_items(menu, entries) 277 | btn = tk.Button(parent, text=label, font=self.custom_font, 278 | command=lambda: self.show_menu(btn, menu)) 279 | btn.pack(side=tk.LEFT, padx=(4, 0), pady=2) 280 | 281 | def add_menu_items(self, menu, items): 282 | for item in items: 283 | if "type" in item and item["type"] == "separator": 284 | menu.add_separator() 285 | elif "submenu" in item: 286 | tearoff = self.is_tearoff(item.get("tearoff")) 287 | submenu = Menu(menu, tearoff=tearoff) 288 | self.add_menu_items(submenu, item["submenu"]) 289 | image = self.get_image(item.get("image_path")) 290 | menu.add_cascade(label=item["label"], menu=submenu, 291 | image=image, compound="left") 292 | else: 293 | command = self.get_plugin_command(item["command"]) or \ 294 | getattr(self, item["command"], 295 | lambda: logging.warning(f"Action '{item['command']} '" 296 | "not implemented")) 297 | image = self.get_image(item.get("image_path")) 298 | menu.add_command(label=item["label"], command=command, 299 | image=image, compound="left") 300 | 301 | def get_image(self, image_path): 302 | """Loads and caches PhotoImage objects.""" 303 | if not image_path: 304 | return None 305 | if image_path not in self.image_cache: 306 | try: 307 | self.image_cache[image_path] = tk.PhotoImage(file=os.path.join(application_path, image_path)) 308 | except Exception as e: 309 | logging.error(f"Failed to load image '{os.path.join(application_path, image_path)}': {e}") 310 | self.image_cache[image_path] = None 311 | return self.image_cache[image_path] 312 | 313 | def is_tearoff(self, tearoff): 314 | if tearoff is True: 315 | return 1 316 | return 0 317 | 318 | def show_menu(self, widget, menu): 319 | """Displays the popup menu below the button.""" 320 | x = widget.winfo_rootx() 321 | y = widget.winfo_rooty() + widget.winfo_height() 322 | menu.tk_popup(x, y) 323 | 324 | def update_position(self, hwnd): 325 | """Prevents apps from covering the toolbar.""" 326 | def adjust_position(): 327 | windll.user32.SetWindowPos( 328 | hwnd, -1, 0, 0, display.width, 40, 0x0001 | 0x0002 329 | ) 330 | self.after(100, adjust_position) 331 | 332 | adjust_position() 333 | 334 | def on_close(self): 335 | self.image_cache.clear() # Clear cached images 336 | unregister_appbar(self.abd) 337 | self.destroy() 338 | 339 | def get_plugin_command(self, command_name): 340 | """Retrieves a command from loaded plugins, supporting parameterized commands.""" 341 | for plugin in self.plugins.values(): 342 | if "(" in command_name and ")" in command_name: 343 | # Extract the function name and arguments 344 | func_name, args = command_name.split("(", 1) 345 | args = args.rstrip(")").split(",") 346 | args = [arg.strip().strip("'\"") for arg in args] # Remove quotes and whitespace 347 | if hasattr(plugin, func_name): 348 | return lambda: getattr(plugin, func_name)(*args) 349 | elif hasattr(plugin, command_name): 350 | return getattr(plugin, command_name) 351 | return None 352 | 353 | 354 | # --- Entry Point --- 355 | if __name__ == "__main__": 356 | logging.info(f'DFIR_Toolbar v{__version__}') 357 | display = monitor_size() 358 | app = ToolbarWithMenus() 359 | 360 | # Start the WindowStateMonitor in a separate thread 361 | monitor = WindowStateMonitor(polling_interval=1) 362 | monitor_thread = threading.Thread(target=monitor.monitor_window_state, 363 | daemon=True) 364 | monitor_thread.start() 365 | 366 | # Ensure the monitor stops when the app is closed 367 | def on_close_with_monitor(): 368 | monitor.stop() # Stop the monitor 369 | monitor_thread.join() # Wait for the thread to finish 370 | app.on_close() # Call the original cleanup method 371 | 372 | # Run the tray icon in a separate thread to avoid blocking 373 | tray_thread = threading.Thread(target=run_tray_icon, args=(app, monitor, monitor_thread), daemon=True) 374 | tray_thread.start() 375 | 376 | app.protocol("WM_DELETE_WINDOW", on_close_with_monitor) 377 | app.mainloop() 378 | -------------------------------------------------------------------------------- /DFIR_Toolbar.spec: -------------------------------------------------------------------------------- 1 | # -*- mode: python ; coding: utf-8 -*- 2 | 3 | 4 | block_cipher = None 5 | 6 | 7 | a = Analysis( 8 | ['DFIR_Toolbar.py'], 9 | pathex=[], 10 | binaries=[], 11 | datas=[], 12 | hiddenimports=[], 13 | hookspath=[], 14 | hooksconfig={}, 15 | runtime_hooks=[], 16 | excludes=[], 17 | win_no_prefer_redirects=False, 18 | win_private_assemblies=False, 19 | cipher=block_cipher, 20 | noarchive=False, 21 | ) 22 | pyz = PYZ(a.pure, a.zipped_data, cipher=block_cipher) 23 | 24 | exe = EXE( 25 | pyz, 26 | a.scripts, 27 | a.binaries, 28 | a.zipfiles, 29 | a.datas, 30 | [], 31 | name='DFIR_Toolbar', 32 | debug=False, 33 | bootloader_ignore_signals=False, 34 | strip=False, 35 | upx=True, 36 | upx_exclude=[], 37 | runtime_tmpdir=None, 38 | console=False, 39 | disable_windowed_traceback=False, 40 | argv_emulation=False, 41 | target_arch=None, 42 | codesign_identity=None, 43 | entitlements_file=None, 44 | ) 45 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2025 Brian Maloney 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # DFIR_Toolbar 2 | 3 | ## menu_config 4 | This is the file that is used to configure the toolbar. The configuration starts out as follows: 5 | 6 | ```json 7 | { 8 | "MENU_CONFIG": { 9 | ``` 10 | 11 | The order of the items in the config file will be how they appear in the toolbar. 12 | 13 | ### Configuring the buttons 14 | The buttons hold the various menus that you can configure. You only need to supply the label of what you want the button to be called. 15 | The `entries` are what hold the menu items. In this example, there are two buttons; `Websites` and `DFIRRegex`. 16 | ```json 17 | { 18 | "MENU_CONFIG": { 19 | "Websites": { 20 | "entries": [] 21 | }, 22 | "DFIRRegex": { 23 | "entries": [] 24 | } 25 | } 26 | } 27 | ``` 28 | 29 | ### Menu Entries 30 | We'll start off with a simple entry. A menu entry consists of the following elements: 31 | * label - The name of the entry 32 | * tearoff (true/false) - Optional. Whether it is a tearoff menu. If tearoff is not indicated, it will be false 33 | * command - Optional. The command/plugin associated with the entry. How you want it to act when you click on it. 34 | * image_path - Optional. The path to the image you want to apply to the entry. This is a 16x16 png. 35 | 36 | Lets say we want to add an entry to `Websites` that opens the browser to a website. We want the entry to be named 37 | `xCyclopedia`. We want the `open_link` plugin to open the site `https://strontic.github.io/xcyclopedia/intro` and 38 | and we want to display the `strontivy.png` in the entry. We would add the following to the `entries` under `Websites`: 39 | 40 | ```json 41 | { 42 | "MENU_CONFIG": { 43 | "Websites": { 44 | "entries": [ 45 | { 46 | "label": " xCyclopedia", 47 | "command": "open_link(https://strontic.github.io/xcyclopedia/intro)", 48 | "image_path": "icons/web/stronticy.png" 49 | } 50 | ] 51 | }, 52 | "DFIRRegex": { 53 | "entries": [] 54 | } 55 | } 56 | } 57 | ``` -------------------------------------------------------------------------------- /icons/toolbar.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/toolbar.png -------------------------------------------------------------------------------- /icons/web/arm-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/arm-logo.png -------------------------------------------------------------------------------- /icons/web/cyberchef/cyberchef_hat.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/cyberchef/cyberchef_hat.png -------------------------------------------------------------------------------- /icons/web/cyberchef_hat.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/cyberchef_hat.png -------------------------------------------------------------------------------- /icons/web/dfiq-square.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/dfiq-square.png -------------------------------------------------------------------------------- /icons/web/dogbolt-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/dogbolt-logo.png -------------------------------------------------------------------------------- /icons/web/farm_the_land.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/farm_the_land.png -------------------------------------------------------------------------------- /icons/web/frameworks/ATT&CK_red.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/frameworks/ATT&CK_red.png -------------------------------------------------------------------------------- /icons/web/frameworks/afb-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/frameworks/afb-logo.png -------------------------------------------------------------------------------- /icons/web/frameworks/atlas.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/frameworks/atlas.png -------------------------------------------------------------------------------- /icons/web/frameworks/att&ck-navigator-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/frameworks/att&ck-navigator-logo.png -------------------------------------------------------------------------------- /icons/web/frameworks/d3fend.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/frameworks/d3fend.png -------------------------------------------------------------------------------- /icons/web/frameworks/dett&ct-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/frameworks/dett&ct-logo.png -------------------------------------------------------------------------------- /icons/web/frameworks/mbc-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/frameworks/mbc-logo.png -------------------------------------------------------------------------------- /icons/web/frameworks/sparta.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/frameworks/sparta.png -------------------------------------------------------------------------------- /icons/web/frameworks/unprotect_logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/frameworks/unprotect_logo.png -------------------------------------------------------------------------------- /icons/web/iocparser-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/iocparser-logo.png -------------------------------------------------------------------------------- /icons/web/kqlsearch-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/kqlsearch-logo.png -------------------------------------------------------------------------------- /icons/web/lol_sites/lolad-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/lol_sites/lolad-logo.png -------------------------------------------------------------------------------- /icons/web/lol_sites/lolcloud-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/lol_sites/lolcloud-logo.png -------------------------------------------------------------------------------- /icons/web/lol_sites/lolol/bootloaders-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/lol_sites/lolol/bootloaders-logo.png -------------------------------------------------------------------------------- /icons/web/lol_sites/lolol/filesec.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/lol_sites/lolol/filesec.png -------------------------------------------------------------------------------- /icons/web/lol_sites/lolol/github.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/lol_sites/lolol/github.png -------------------------------------------------------------------------------- /icons/web/lol_sites/lolol/gtfobins.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/lol_sites/lolol/gtfobins.png -------------------------------------------------------------------------------- /icons/web/lol_sites/lolol/hijacklibs.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/lol_sites/lolol/hijacklibs.png -------------------------------------------------------------------------------- /icons/web/lol_sites/lolol/loflcab.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/lol_sites/lolol/loflcab.png -------------------------------------------------------------------------------- /icons/web/lol_sites/lolol/lofp-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/lol_sites/lolol/lofp-logo.png -------------------------------------------------------------------------------- /icons/web/lol_sites/lolol/lolapps-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/lol_sites/lolol/lolapps-logo.png -------------------------------------------------------------------------------- /icons/web/lol_sites/lolol/lolbas.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/lol_sites/lolol/lolbas.png -------------------------------------------------------------------------------- /icons/web/lol_sites/lolol/lolbins-cti.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/lol_sites/lolol/lolbins-cti.png -------------------------------------------------------------------------------- /icons/web/lol_sites/lolol/loldrivers.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/lol_sites/lolol/loldrivers.png -------------------------------------------------------------------------------- /icons/web/lol_sites/lolol/lolesxi-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/lol_sites/lolol/lolesxi-logo.png -------------------------------------------------------------------------------- /icons/web/lol_sites/lolol/lolrmm-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/lol_sites/lolol/lolrmm-logo.png -------------------------------------------------------------------------------- /icons/web/lol_sites/lolol/loobins.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/lol_sites/lolol/loobins.png -------------------------------------------------------------------------------- /icons/web/lol_sites/lolol/lothardware.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/lol_sites/lolol/lothardware.png -------------------------------------------------------------------------------- /icons/web/lol_sites/lolol/lots.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/lol_sites/lolol/lots.png -------------------------------------------------------------------------------- /icons/web/lol_sites/lolol/mandiant.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/lol_sites/lolol/mandiant.png -------------------------------------------------------------------------------- /icons/web/lol_sites/lolol/tractor.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/lol_sites/lolol/tractor.png -------------------------------------------------------------------------------- /icons/web/lol_sites/lolol/wadcoms.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/lol_sites/lolol/wadcoms.png -------------------------------------------------------------------------------- /icons/web/lol_sites/lolol/wtfbins.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/lol_sites/lolol/wtfbins.png -------------------------------------------------------------------------------- /icons/web/lol_sites/lotts-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/lol_sites/lotts-logo.png -------------------------------------------------------------------------------- /icons/web/malware_analysis/sandboxes/anyrun-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/malware_analysis/sandboxes/anyrun-logo.png -------------------------------------------------------------------------------- /icons/web/malware_analysis/sandboxes/hybrid-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/malware_analysis/sandboxes/hybrid-logo.png -------------------------------------------------------------------------------- /icons/web/malware_analysis/sandboxes/intezer-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/malware_analysis/sandboxes/intezer-logo.png -------------------------------------------------------------------------------- /icons/web/malware_analysis/sandboxes/iris-h-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/malware_analysis/sandboxes/iris-h-logo.png -------------------------------------------------------------------------------- /icons/web/malware_analysis/sandboxes/joesb-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/malware_analysis/sandboxes/joesb-logo.png -------------------------------------------------------------------------------- /icons/web/malware_analysis/sandboxes/threatzone-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/malware_analysis/sandboxes/threatzone-logo.png -------------------------------------------------------------------------------- /icons/web/malware_analysis/sandboxes/triage-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/malware_analysis/sandboxes/triage-logo.png -------------------------------------------------------------------------------- /icons/web/malware_analysis/services/cpr-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/malware_analysis/services/cpr-logo.png -------------------------------------------------------------------------------- /icons/web/malware_analysis/services/crxaminer-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/malware_analysis/services/crxaminer-logo.png -------------------------------------------------------------------------------- /icons/web/malware_analysis/services/filescan-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/malware_analysis/services/filescan-logo.png -------------------------------------------------------------------------------- /icons/web/malware_analysis/services/gw-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/malware_analysis/services/gw-logo.png -------------------------------------------------------------------------------- /icons/web/malware_analysis/services/inquest-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/malware_analysis/services/inquest-logo.png -------------------------------------------------------------------------------- /icons/web/malware_analysis/services/malcore-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/malware_analysis/services/malcore-logo.png -------------------------------------------------------------------------------- /icons/web/malware_analysis/services/malpedia-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/malware_analysis/services/malpedia-logo.png -------------------------------------------------------------------------------- /icons/web/malware_analysis/services/manalyzer-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/malware_analysis/services/manalyzer-logo.png -------------------------------------------------------------------------------- /icons/web/malware_analysis/services/mhr-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/malware_analysis/services/mhr-logo.png -------------------------------------------------------------------------------- /icons/web/malware_analysis/services/valkyrie-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/malware_analysis/services/valkyrie-logo.png -------------------------------------------------------------------------------- /icons/web/malware_analysis/services/virusshare-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/malware_analysis/services/virusshare-logo.png -------------------------------------------------------------------------------- /icons/web/malware_analysis/services/virussign-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/malware_analysis/services/virussign-logo.png -------------------------------------------------------------------------------- /icons/web/malware_analysis/services/virustotal-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/malware_analysis/services/virustotal-logo.png -------------------------------------------------------------------------------- /icons/web/malware_analysis/services/vxug-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/malware_analysis/services/vxug-logo.png -------------------------------------------------------------------------------- /icons/web/malware_analysis/services/yomi-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/malware_analysis/services/yomi-logo.png -------------------------------------------------------------------------------- /icons/web/memory/terminus-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/memory/terminus-logo.png -------------------------------------------------------------------------------- /icons/web/memory/tux.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/memory/tux.png -------------------------------------------------------------------------------- /icons/web/memory/vergilius-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/memory/vergilius-logo.png -------------------------------------------------------------------------------- /icons/web/ms-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/ms-logo.png -------------------------------------------------------------------------------- /icons/web/ms_azure/O365_Admin_Green.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/ms_azure/O365_Admin_Green.png -------------------------------------------------------------------------------- /icons/web/ms_azure/SDDLMaker.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/ms_azure/SDDLMaker.png -------------------------------------------------------------------------------- /icons/web/ms_azure/asrgen-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/ms_azure/asrgen-logo.png -------------------------------------------------------------------------------- /icons/web/ms_azure/cmdms-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/ms_azure/cmdms-logo.png -------------------------------------------------------------------------------- /icons/web/ms_azure/kqlsearch-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/ms_azure/kqlsearch-logo.png -------------------------------------------------------------------------------- /icons/web/ms_azure/merrill.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/ms_azure/merrill.png -------------------------------------------------------------------------------- /icons/web/ms_portals/O365_Admin_Green.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/ms_portals/O365_Admin_Green.png -------------------------------------------------------------------------------- /icons/web/ms_portals/cmdms-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/ms_portals/cmdms-logo.png -------------------------------------------------------------------------------- /icons/web/shell.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/shell.png -------------------------------------------------------------------------------- /icons/web/sigma/sigma-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/sigma/sigma-logo.png -------------------------------------------------------------------------------- /icons/web/sigma/uncoder-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/sigma/uncoder-logo.png -------------------------------------------------------------------------------- /icons/web/sigma_logo_dark.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/sigma_logo_dark.png -------------------------------------------------------------------------------- /icons/web/startme-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/startme-logo.png -------------------------------------------------------------------------------- /icons/web/startme/azuleonyx-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/startme/azuleonyx-logo.png -------------------------------------------------------------------------------- /icons/web/startme/cyberspartel-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/startme/cyberspartel-logo.png -------------------------------------------------------------------------------- /icons/web/startme/dfirdetective-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/startme/dfirdetective-logo.png -------------------------------------------------------------------------------- /icons/web/startme/dfirjedi-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/startme/dfirjedi-logo.png -------------------------------------------------------------------------------- /icons/web/startme/hatless1der-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/startme/hatless1der-logo.png -------------------------------------------------------------------------------- /icons/web/startme/infosecn1nja-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/startme/infosecn1nja-logo.png -------------------------------------------------------------------------------- /icons/web/startme/sighlent-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/startme/sighlent-logo.png -------------------------------------------------------------------------------- /icons/web/startme/stark4n6-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/startme/stark4n6-logo.png -------------------------------------------------------------------------------- /icons/web/startme/stemsadie-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/startme/stemsadie-logo.png -------------------------------------------------------------------------------- /icons/web/stronticy.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/stronticy.png -------------------------------------------------------------------------------- /icons/web/vuln-lookup-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/vuln-lookup-logo.png -------------------------------------------------------------------------------- /icons/web/web_analysis/lookyloo-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/web_analysis/lookyloo-logo.png -------------------------------------------------------------------------------- /icons/web/web_analysis/unfurl-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/web_analysis/unfurl-logo.png -------------------------------------------------------------------------------- /icons/web/web_analysis/urlquery-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/web_analysis/urlquery-logo.png -------------------------------------------------------------------------------- /icons/web/web_analysis/urlscan-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/web_analysis/urlscan-logo.png -------------------------------------------------------------------------------- /icons/web/wigle-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/wigle-logo.png -------------------------------------------------------------------------------- /icons/web/yara-forge-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/yara-forge-logo.png -------------------------------------------------------------------------------- /icons/web/yara-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/yara-logo.png -------------------------------------------------------------------------------- /icons/web/yara-toolkit-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Beercow/DFIR_Toolbar/027145337b79ff6a655a9ca2dcbe0f41fe2acf74/icons/web/yara-toolkit-logo.png -------------------------------------------------------------------------------- /menu_config: -------------------------------------------------------------------------------- 1 | { 2 | "MENU_CONFIG": { 3 | "Websites": { 4 | "entries": [ 5 | { 6 | "label": "LOL Sites", 7 | "submenu": [ 8 | { 9 | "label": " LOLOL", 10 | "image_path": "icons/web/farm_the_land.png", 11 | "submenu": [ 12 | { 13 | "label": " LoFP", 14 | "command": "open_link(https://br0k3nlab.com/LoFP/)", 15 | "image_path": "icons/web/lol_sites/lolol/lofp-logo.png" 16 | }, 17 | { 18 | "label": " LoLDrivers", 19 | "command": "open_link(https://www.loldrivers.io/)", 20 | "image_path": "icons/web/lol_sites/lolol/loldrivers.png" 21 | }, 22 | { 23 | "label": " GTFObins", 24 | "command": "open_link(https://gtfobins.github.io/)", 25 | "image_path": "icons/web/lol_sites/lolol/gtfobins.png" 26 | }, 27 | { 28 | "label": " LOLBAS", 29 | "command": "open_link(https://lolbas-project.github.io/)", 30 | "image_path": "icons/web/lol_sites/lolol/lolbas.png" 31 | }, 32 | { 33 | "label": " LOTS-Project", 34 | "command": "open_link(https://lots-project.com/)", 35 | "image_path": "icons/web/lol_sites/lolol/lots.png" 36 | }, 37 | { 38 | "label": " FILESEC.IO", 39 | "command": "open_link(https://filesec.io/)", 40 | "image_path": "icons/web/lol_sites/lolol/filesec.png" 41 | }, 42 | { 43 | "label": " MalAPI", 44 | "command": "open_link(https://malapi.io/)", 45 | "image_path": "icons/web/lol_sites/lolol/lots.png" 46 | }, 47 | { 48 | "label": " HijackLibs", 49 | "command": "open_link(https://hijacklibs.net/)", 50 | "image_path": "icons/web/lol_sites/lolol/hijacklibs.png" 51 | }, 52 | { 53 | "label": " WADComs", 54 | "command": "open_link(https://wadcoms.github.io/)", 55 | "image_path": "icons/web/lol_sites/lolol/wadcoms.png" 56 | }, 57 | { 58 | "label": " LOOBins", 59 | "command": "open_link(https://www.loobins.io/)", 60 | "image_path": "icons/web/lol_sites/lolol/loobins.png" 61 | }, 62 | { 63 | "label": " LOLAPPS", 64 | "command": "open_link(https://lolapps-project.github.io/)", 65 | "image_path": "icons/web/lol_sites/lolol/lolapps-logo.png" 66 | }, 67 | { 68 | "label": " Bootloaders", 69 | "command": "open_link(https://www.bootloaders.io/)", 70 | "image_path": "icons/web/lol_sites/lolol/bootloaders-logo.png" 71 | }, 72 | { 73 | "label": " BYOL", 74 | "command": "open_link(https://cloud.google.com/blog/topics/threat-intelligence/bring-your-own-land-novel-red-teaming-technique/)", 75 | "image_path": "icons/web/lol_sites/lolol/mandiant.png" 76 | }, 77 | { 78 | "label": " LOTHardware", 79 | "command": "open_link(https://lothardware.com.tr/)", 80 | "image_path": "icons/web/lol_sites/lolol/lothardware.png" 81 | }, 82 | { 83 | "label": " WTFBINS?!", 84 | "command": "open_link(https://wtfbins.wtf/)", 85 | "image_path": "icons/web/lol_sites/lolol/wtfbins.png" 86 | }, 87 | { 88 | "label": " LOFLCAB", 89 | "command": "open_link(https://lofl-project.github.io/)", 90 | "image_path": "icons/web/lol_sites/lolol/loflcab.png" 91 | }, 92 | { 93 | "label": " persistence-info", 94 | "command": "open_link(https://persistence-info.github.io/)", 95 | "image_path": "icons/web/lol_sites/lolol/tractor.png" 96 | }, 97 | { 98 | "label": " LoLCerts", 99 | "command": "open_link(https://github.com/WithSecureLabs/lolcerts)", 100 | "image_path": "icons/web/lol_sites/lolol/github.png" 101 | }, 102 | { 103 | "label": " LOTP", 104 | "command": "open_link(https://boostsecurityio.github.io/lotp/)", 105 | "image_path": "icons/web/lol_sites/lolol/github.png" 106 | }, 107 | { 108 | "label": " LOLBINS CTI-DRIVEN", 109 | "command": "open_link(https://lolbins-ctidriven.vercel.app/)", 110 | "image_path": "icons/web/lol_sites/lolol/lolbins-cti.png" 111 | }, 112 | { 113 | "label": " LOLESXI", 114 | "command": "open_link(https://lolesxi-project.github.io/LOLESXi/)", 115 | "image_path": "icons/web/lol_sites/lolol/lolesxi-logo.png" 116 | }, 117 | { 118 | "label": " LOLRMM", 119 | "command": "open_link(https://lolrmm.io/)", 120 | "image_path": "icons/web/lol_sites/lolol/lolrmm-logo.png" 121 | } 122 | ] 123 | }, 124 | { 125 | "label": " LOLAD", 126 | "command": "open_link(https://lolad-project.github.io/)", 127 | "image_path": "icons/web/lol_sites/lolad-logo.png" 128 | }, 129 | { 130 | "label": " LOTTunnels", 131 | "command": "open_link(https://lottunnels.github.io/)", 132 | "image_path": "icons/web/lol_sites/lotts-logo.png" 133 | }, 134 | { 135 | "label": " LOLCloud", 136 | "command": "open_link(https://beercow.github.io/LOLCloud-Project.github.io/index.html)", 137 | "image_path": "icons/web/lol_sites/lolcloud-logo.png" 138 | } 139 | ] 140 | }, 141 | { 142 | "label": "Frameworks", 143 | "submenu": [ 144 | { 145 | "label": " ATT&CK", 146 | "command": "open_link(https://attack.mitre.org/)", 147 | "image_path": "icons/web/frameworks/ATT&CK_red.png" 148 | }, 149 | { 150 | "label": " D3FEND", 151 | "command": "open_link(https://d3fend.mitre.org/)", 152 | "image_path": "icons/web/frameworks/d3fend.png" 153 | }, 154 | { 155 | "label": " DeTT&CT", 156 | "command": "open_link(https://github.com/rabobank-cdc/DeTTECT)", 157 | "image_path": "icons/web/frameworks/dett&ct-logo.png" 158 | }, 159 | { 160 | "label": " ATLAS", 161 | "command": "open_link(https://atlas.mitre.org/matrices/ATLAS)", 162 | "image_path": "icons/web/frameworks/atlas.png" 163 | }, 164 | { 165 | "label": " SPARTA", 166 | "command": "open_link(https://sparta.aerospace.org/)", 167 | "image_path": "icons/web/frameworks/sparta.png" 168 | }, 169 | { 170 | "label": " Unprotect Project", 171 | "command": "open_link(https://unprotect.it/)", 172 | "image_path": "icons/web/frameworks/unprotect_logo.png" 173 | }, 174 | { 175 | "label": " Malware Behavior Catalog", 176 | "command": "open_link(https://github.com/MBCProject/mbc-markdown)", 177 | "image_path": "icons/web/frameworks/mbc-logo.png" 178 | }, 179 | { 180 | "label": " ADS", 181 | "command": "open_link(https://github.com/palantir/alerting-detection-strategy-framework)", 182 | "image_path": "icons/web/lol_sites/lolol/github.png" 183 | }, 184 | { 185 | "type": "separator" 186 | }, 187 | { 188 | "label": " ATT&CK Navigator", 189 | "command": "open_link(https://mitre-attack.github.io/attack-navigator/)", 190 | "image_path": "icons/web/frameworks/att&ck-navigator-logo.png" 191 | }, 192 | { 193 | "label": " Attack Flow Builder", 194 | "command": "open_link(https://center-for-threat-informed-defense.github.io/attack-flow/ui/)", 195 | "image_path": "icons/web/frameworks/afb-logo.png" 196 | } 197 | ] 198 | }, 199 | { 200 | "label": "Memory", 201 | "submenu": [ 202 | { 203 | "label": " VERGILIUS", 204 | "command": "open_link(https://www.vergiliusproject.com/)", 205 | "image_path": "icons/web/memory/vergilius-logo.png" 206 | }, 207 | { 208 | "label": " TERMINUS", 209 | "command": "open_link(http://terminus.rewolf.pl/terminus/)", 210 | "image_path": "icons/web/memory/terminus-logo.png" 211 | }, 212 | { 213 | "label": " Vol3 ISF Server", 214 | "command": "open_link(https://isf-server.techanarchy.net/)", 215 | "image_path": "icons/web/memory/tux.png" 216 | } 217 | ] 218 | }, 219 | { 220 | "label": "Malware Analysis", 221 | "submenu": [ 222 | { 223 | "label": "Sandboxes", 224 | "submenu": [ 225 | { 226 | "label": " Any.run", 227 | "command": "open_link(https://any.run/)", 228 | "image_path": "icons/web/malware_analysis/sandboxes/anyrun-logo.png" 229 | }, 230 | { 231 | "label": " Intezer", 232 | "command": "open_link(https://analyze.intezer.com/)", 233 | "image_path": "icons/web/malware_analysis/sandboxes/intezer-logo.png" 234 | }, 235 | { 236 | "label": " IRIS-H", 237 | "command": "open_link(https://iris-h.services/pages/dashboard#/pages/dashboard)", 238 | "image_path": "icons/web/malware_analysis/sandboxes/iris-h-logo.png" 239 | }, 240 | { 241 | "label": " Hatching Triage", 242 | "command": "open_link(https://tria.ge/)", 243 | "image_path": "icons/web/malware_analysis/sandboxes/triage-logo.png" 244 | }, 245 | { 246 | "label": " Hybrid Analysis", 247 | "command": "open_link(https://www.hybrid-analysis.com/)", 248 | "image_path": "icons/web/malware_analysis/sandboxes/hybrid-logo.png" 249 | }, 250 | { 251 | "label": " Joe Sandbox Cloud", 252 | "command": "open_link(https://www.joesandbox.com/)", 253 | "image_path": "icons/web/malware_analysis/sandboxes/joesb-logo.png" 254 | }, 255 | { 256 | "label": " ThreatZone", 257 | "command": "open_link(https://app.threat.zone/scan)", 258 | "image_path": "icons/web/malware_analysis/sandboxes/threatzone-logo.png" 259 | } 260 | ] 261 | }, 262 | { 263 | "label": "Services", 264 | "submenu": [ 265 | { 266 | "label": " Comodo Valkyrie", 267 | "command": "open_link(https://valkyrie.comodo.com/)", 268 | "image_path": "icons/web/malware_analysis/services/valkyrie-logo.png" 269 | }, 270 | { 271 | "label": " Filescan.io", 272 | "command": "open_link(https://www.filescan.io/scan)", 273 | "image_path": "icons/web/malware_analysis/services/filescan-logo.png" 274 | }, 275 | { 276 | "label": " Gatewatcher Intelligence", 277 | "command": "open_link(https://intelligence.gatewatcher.com/)", 278 | "image_path": "icons/web/malware_analysis/services/gw-logo.png" 279 | }, 280 | { 281 | "label": " InQuest Labs Deep File Inspection", 282 | "command": "open_link(https://labs.inquest.net/dfi)", 283 | "image_path": "icons/web/malware_analysis/services/inquest-logo.png" 284 | }, 285 | { 286 | "label": " Manalyzer", 287 | "command": "open_link(https://manalyzer.org/)", 288 | "image_path": "icons/web/malware_analysis/services/manalyzer-logo.png" 289 | }, 290 | { 291 | "label": " SandBlast Analysis", 292 | "command": "open_link(https://threatpoint.checkpoint.com/ThreatPortal/emulation)", 293 | "image_path": "icons/web/malware_analysis/services/cpr-logo.png" 294 | }, 295 | { 296 | "label": " VirusTotal", 297 | "command": "open_link(https://www.virustotal.com/gui/home/upload)", 298 | "image_path": "icons/web/malware_analysis/services/virustotal-logo.png" 299 | }, 300 | { 301 | "label": " YOMI", 302 | "command": "open_link(https://yomi.yoroi.company/upload)", 303 | "image_path": "icons/web/malware_analysis/services/yomi-logo.png" 304 | }, 305 | { 306 | "label": " Virus.exchange", 307 | "command": "open_link(https://virus.exchange/)", 308 | "image_path": "icons/web/malware_analysis/services/vxug-logo.png" 309 | }, 310 | { 311 | "label": " Virus Share", 312 | "command": "open_link(https://virusshare.com/)", 313 | "image_path": "icons/web/malware_analysis/services/virusshare-logo.png" 314 | }, 315 | { 316 | "label": " VirusSign", 317 | "command": "open_link(https://www.virussign.com/malware-scan/)", 318 | "image_path": "icons/web/malware_analysis/services/virussign-logo.png" 319 | }, 320 | { 321 | "label": " malpedia", 322 | "command": "open_link(https://malpedia.caad.fkie.fraunhofer.de/library", 323 | "image_path": "icons/web/malware_analysis/services/malpedia-logo.png" 324 | }, 325 | { 326 | "label": " Malcore", 327 | "command": "open_link(https://app.malcore.io/)", 328 | "image_path": "icons/web/malware_analysis/services/malcore-logo.png" 329 | }, 330 | { 331 | "label": " MHR Team Cymru", 332 | "command": "open_link(https://hash.cymru.com/)", 333 | "image_path": "icons/web/malware_analysis/services/mhr-logo.png" 334 | }, 335 | { 336 | "label": " CRXaminer", 337 | "command": "open_link(https://crxaminer.tech/)", 338 | "image_path": "icons/web/malware_analysis/services/crxaminer-logo.png" 339 | } 340 | ] 341 | } 342 | ] 343 | }, 344 | { 345 | "label": "Web Analysis", 346 | "submenu": [ 347 | { 348 | "label": " Lookyloo", 349 | "command": "open_link(https://lookyloo.circl.lu/capture)", 350 | "image_path": "icons/web/web_analysis/lookyloo-logo.png" 351 | }, 352 | { 353 | "label": " unfurl", 354 | "command": "open_link(https://dfir.blog/unfurl/)", 355 | "image_path": "icons/web/web_analysis/unfurl-logo.png" 356 | }, 357 | { 358 | "label": " urlquery", 359 | "command": "open_link(https://urlquery.net/)", 360 | "image_path": "icons/web/web_analysis/urlquery-logo.png" 361 | }, 362 | { 363 | "label": " urlscan.io", 364 | "command": "open_link(https://urlscan.io/)", 365 | "image_path": "icons/web/web_analysis/urlscan-logo.png" 366 | } 367 | ] 368 | }, 369 | { 370 | "label": " Sigma", 371 | "image_path": "icons/web/sigma_logo_dark.png", 372 | "submenu": [ 373 | { 374 | "label": " sigconverter.io", 375 | "command": "open_link(https://sigconverter.io/)", 376 | "image_path": "icons/web/sigma/sigma-logo.png" 377 | }, 378 | { 379 | "label": " UNCODER.io", 380 | "command": "open_link(https://uncoder.io/)", 381 | "image_path": "icons/web/sigma/uncoder-logo.png" 382 | } 383 | ] 384 | }, 385 | { 386 | "label": " CyberChef", 387 | "image_path": "icons/web/cyberchef/cyberchef_hat.png", 388 | "submenu": [ 389 | { 390 | "label": " CyberChef", 391 | "command": "open_link(https://gchq.github.io/CyberChef/)", 392 | "image_path": "icons/web/cyberchef/cyberchef_hat.png" 393 | }, 394 | { 395 | "type": "separator" 396 | }, 397 | { 398 | "label": " CyberChef-Recipes", 399 | "command": "open_link(https://github.com/mattnotmax/cyberchef-recipes)", 400 | "image_path": "icons/web/lol_sites/lolol/github.png" 401 | } 402 | ] 403 | }, 404 | { 405 | "label": " YARA", 406 | "image_path": "icons/web/yara-logo.png", 407 | "submenu": [ 408 | { 409 | "label": " YARA Forge", 410 | "command": "open_link(https://yarahq.github.io/)", 411 | "image_path": "icons/web/yara-forge-logo.png" 412 | }, 413 | { 414 | "label": " YARA Toolkit", 415 | "command": "open_link(https://yaratoolkit.securitybreak.io/)", 416 | "image_path": "icons/web/yara-toolkit-logo.png" 417 | } 418 | ] 419 | }, 420 | { 421 | "label": " Start.me DFIR Pages", 422 | "image_path": "icons/web/startme-logo.png", 423 | "submenu": [ 424 | { 425 | "label": " Austin Songer pages", 426 | "command": "open_link(https://start.me/p/7kj9X5/03-incident-response)" 427 | }, 428 | { 429 | "label": " AzuleOnyx pages ", 430 | "command": "open_link(https://start.me/p/ekq7Al/digital-forensics)", 431 | "image_path": "icons/web/startme/azuleonyx-logo.png" 432 | }, 433 | { 434 | "label": " cyberspartel pages ", 435 | "command": "open_link(https://start.me/p/BnmK5m/digital-forensics-incdident-respons)", 436 | "image_path": "icons/web/startme/cyberspartel-logo.png" 437 | }, 438 | { 439 | "label": " DFIRDetective", 440 | "command": "open_link(https://start.me/p/xbwgd0/sans-dfir-2022)", 441 | "image_path": "icons/web/startme/dfirdetective-logo.png" 442 | }, 443 | { 444 | "label": " dfirjedi pages", 445 | "command": "open_link(https://start.me/p/AD57Rr/dfir-jedi)", 446 | "image_path": "icons/web/startme/dfirjedi-logo.png" 447 | }, 448 | { 449 | "label": " Hatless1der pages", 450 | "command": "open_link(https://start.me/p/DPYPMz/the-ultimate-osint-collection)", 451 | "image_path": "icons/web/startme/hatless1der-logo.png" 452 | }, 453 | { 454 | "label": " infosecn1nja pages", 455 | "command": "open_link(https://start.me/p/wMrA5z/cyber-threat-intelligence)", 456 | "image_path": "icons/web/startme/infosecn1nja-logo.png" 457 | }, 458 | { 459 | "label": " innovator-ian pages", 460 | "command": "open_link(https://start.me/p/jj0B26/dfir)" 461 | }, 462 | { 463 | "label": " Sighlent pages", 464 | "command": "open_link(https://start.me/p/OmxDbb/digital-forensics)", 465 | "image_path": "icons/web/startme/sighlent-logo.png" 466 | }, 467 | { 468 | "label": " Stark 4N6 pages", 469 | "command": "open_link(https://start.me/p/q6mw4Q/forensics)", 470 | "image_path": "icons/web/startme/stark4n6-logo.png" 471 | }, 472 | { 473 | "label": " The Real STEM Sadie pages", 474 | "command": "open_link(https://start.me/p/wMmkPz/cyber-security)", 475 | "image_path": "icons/web/startme/stemsadie-logo.png" 476 | } 477 | ] 478 | }, 479 | { 480 | "label": " M$/Azure", 481 | "tearoff": "True", 482 | "image_path": "icons/web/ms-logo.png", 483 | "submenu": [ 484 | { 485 | "label": " MSPortals.io", 486 | "command": "open_link(https://msportals.io/)", 487 | "image_path": "icons/web/ms_azure/O365_Admin_Green.png" 488 | }, 489 | { 490 | "label": " cmd.ms", 491 | "command": "open_link(https://cmd.ms)", 492 | "image_path": "icons/web/ms_azure/cmdms-logo.png" 493 | }, 494 | { 495 | "type": "separator" 496 | }, 497 | { 498 | "label": " Graph Permissions Explorer", 499 | "command": "open_link(https://graphpermissions.merill.net/permission/)", 500 | "image_path": "icons/web/ms_azure/merrill.png" 501 | }, 502 | { 503 | "label": " Microsoft First Party App Names & Graph Permissions", 504 | "command": "open_link(aka.ms/AppNames)", 505 | "image_path": "icons/web/lol_sites/lolol/github.png" 506 | }, 507 | { 508 | "type": "separator" 509 | }, 510 | { 511 | "label": " Attack Surface Reduction Generator", 512 | "command": "open_link(https://asrgen.streamlit.app/)", 513 | "image_path": "icons/web/ms_azure/asrgen-logo.png" 514 | }, 515 | { 516 | "type": "separator" 517 | }, 518 | { 519 | "label": " KQL Search", 520 | "command": "open_link(https://www.kqlsearch.com/)", 521 | "image_path": "icons/web/ms_azure/kqlsearch-logo.png" 522 | }, 523 | { 524 | "type": "separator" 525 | }, 526 | { 527 | "label": " SDDLMaker", 528 | "command": "open_link(https://thesddlmaker.streamlit.app/)", 529 | "image_path": "icons/web/ms_azure/SDDLMaker.png" 530 | } 531 | ] 532 | }, 533 | { 534 | "type": "separator" 535 | }, 536 | { 537 | "label": " EDR Telemetry", 538 | "command": "open_link(https://www.edr-telemetry.com/)", 539 | "image_path": "" 540 | }, 541 | { 542 | "label": " AttackRuleMap", 543 | "command": "open_link(https://attackrulemap.netlify.app/)", 544 | "image_path": "icons/web/arm-logo.png" 545 | }, 546 | { 547 | "label": " vulnerability-lookup", 548 | "command": "open_link(https://vulnerability.circl.lu)", 549 | "image_path": "icons/web/vuln-lookup-logo.png" 550 | }, 551 | { 552 | "label": " xCyclopedia", 553 | "command": "open_link(https://strontic.github.io/xcyclopedia/intro)", 554 | "image_path": "icons/web/stronticy.png" 555 | }, 556 | { 557 | "label": " 3rpg", 558 | "command": "open_link(https://hexacorn.com/tools/3rpg.html)" 559 | }, 560 | { 561 | "label": " ExplainShell", 562 | "command": "open_link(https://explainshell.com/)", 563 | "image_path": "icons/web/shell.png" 564 | }, 565 | { 566 | "label": " Decompiler Explorer", 567 | "command": "open_link(https://dogbolt.org/)", 568 | "image_path": "icons/web/dogbolt-logo.png" 569 | }, 570 | { 571 | "label": " DFIQ", 572 | "command": "open_link(https://dfiq.org/)", 573 | "image_path": "icons/web/dfiq-square.png" 574 | }, 575 | { 576 | "label": " IOCParser", 577 | "command": "open_link(https://iocparser.com/)", 578 | "image_path": "icons/web/iocparser-logo.png" 579 | }, 580 | { 581 | "label": " WiGLE", 582 | "command": "open_link(https://wigle.net/)", 583 | "image_path": "icons/web/wigle-logo.png" 584 | } 585 | ] 586 | }, 587 | "DFIRRegex": { 588 | "entries": [ 589 | { 590 | "label": "Age (Under 18)", 591 | "command": "copy_action('^(0?[1-9]{1}|[1]{1}[0-7]{1})(\\s|[-])?(y(\\s?)o|yr([sz]?)|year([sz]?)((\\s|[-])?(old)?)|y)((\\s?|[-])(old)?)$')" 592 | }, 593 | { 594 | "label": "BASE64", 595 | "command": "copy_action('^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}\\=|[A-Za-z0-9+/]{3}=)?$')" 596 | }, 597 | { 598 | "label": "Credit Card Numbers", 599 | "command": "copy_action('(^4[0-9]{12}(?:[0-9]{3})?$)|(^(?:5[1-5][0-9]{2}|222[1-9]|22[3-9][0-9]|2[3-6][0-9]{2}|27[01][0-9]|2720)[0-9]{12}$)|(3[47][0-9]{13})|(^3(?:0[0-5]|[68][0-9])[0-9]{11}$)|(^6(?:011|5[0-9]{2})[0-9]{12}$)|(^(?:2131|1800|35\\d{3})\\d{11}$)')" 600 | }, 601 | { 602 | "label": "Cut Folder Hierarchy", 603 | "command": "copy_action('.+(?=((\\|\\/).+){2})')" 604 | }, 605 | { 606 | "label": "Email Addresses", 607 | "command": "copy_action('(([a-zA-Z0-9_\\-\\.]+)@((\\[[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.)|(([a-zA-Z0-9\\-]+\\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\\]?)(\\s*;\\s*|\\s*$))*')" 608 | }, 609 | { 610 | "label": "Grab Everything Before the First Comma", 611 | "command": "copy_action('^.[^,]*(?=(\\,))')" 612 | }, 613 | { 614 | "label": "Filenames (Including Extension)", 615 | "command": "copy_action('[^\\\\\\/:*?\"<>|\\r\\n]+$')" 616 | }, 617 | { 618 | "label": "Filenames (Short/Suspicious)", 619 | "command": "copy_action('^[\\w,\\s-]{1,3}\\.[a-zA-Z0-9]{2,4}$')" 620 | }, 621 | { 622 | "label": "Hash - MD5", 623 | "command": "copy_action('[a-fA-F0-9]{32}')" 624 | }, 625 | { 626 | "label": "Hash - SHA-1", 627 | "command": "copy_action('[a-fA-F0-9]{40}')" 628 | }, 629 | { 630 | "label": "Hash - SHA-256", 631 | "command": "copy_action('[a-fA-F0-9]{64}')" 632 | }, 633 | { 634 | "label": "Hash - SHA-512", 635 | "command": "copy_action('[a-fA-F0-9]{128}')" 636 | }, 637 | { 638 | "label": "Hex", 639 | "command": "copy_action('/^#?([a-f0-9]{6}|[a-f0-9]{3})$/')" 640 | }, 641 | { 642 | "label": "IPv4", 643 | "command": "copy_action('\\b(?:(?:25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\\.){3}(?:25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\\b')" 644 | }, 645 | { 646 | "label": "IPv4 (External Only)", 647 | "command": "copy_action('\\b(?!0\\.)(?!10\\.)(?!100\\.6[4-9]\\.)(?!100\\.[7-9]\\d\\.)(?!100\\.1[0-1]\\d\\.)(?!100\\.12[0-7]\\.)(?!127\\.)(?!169\\.254\\.)(?!172\\.1[6-9]\\.)(?!172\\.2[0-9]\\.)(?!172\\.3[0-1]\\.)(?!192\\.0\\.0\\.)(?!192\\.0\\.2\\.)(?!192\\.88\\.99\\.)(?!192\\.168\\.)(?!198\\.1[8-9]\\.)(?!198\\.51\\.100\\.)(?!203.0\\.113\\.)(?!22[4-9]\\.)(?!23[0-9]\\.)(?!24[0-9]\\.)(?!25[0-5]\\.)(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\\b" 648 | }, 649 | { 650 | "label": "IPv6", 651 | "command": "copy_action('(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))')" 652 | }, 653 | { 654 | "label": "MAC Address", 655 | "command": "copy_action('^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$')" 656 | }, 657 | { 658 | "label": "Passwords", 659 | "command": "copy_action('^(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9])(?=.*?[#?!@$ %^&*-]).{8,}$')" 660 | }, 661 | { 662 | "label": "Phone Numbers", 663 | "command": "copy_action('^(\\+\\d{1,2}\\s)?\\(?\\d{3}\\)?[\\s.-]?\\d{3}[\\s.-]?\\d{4}$')" 664 | }, 665 | { 666 | "label": "Qakbot C2", 667 | "command": "copy_action('(http|https).*\\:[0-9]{2,5}\\/t5')" 668 | }, 669 | { 670 | "label": "Remove trailing backslash", 671 | "command": "copy_action('\\\\+$')" 672 | }, 673 | { 674 | "label": "URLs", 675 | "command": "copy_action('(https?:\\/\\/)?(www\\.)?[-a-zA-Z0-9@:%._\\+~#=]{1,256}\\.[a-zA-Z0-9()]{1,6}\\b([-a-zA-Z0-9()!@:%_\\+.~#?&\\/\\/=]*)')" 676 | }, 677 | { 678 | "label": "Valid URLs", 679 | "command": "copy_action('\\b((ht|f)tp(s)?:\\/\\/|www\\.)+[-a-zA-Z0-9@:%._\\+~#=]{1,256}\\.[a-zA-Z0-9]{2,}((\\/)?([-a-zA-Z0-9@:%_\\+.~#?&\\/=]*)?)\\b')" 680 | }, 681 | { 682 | "label": "US Social Security Numbers", 683 | "command": "copy_action('^(?!0{3})(?!6{3})[0-8]\\d{2}-(?!0{2})\\d{2}-(?!0{4})\\d{4}$')" 684 | }, 685 | { 686 | "label": "Username (Discord)", 687 | "command": "copy_action('^.{3,32}#[0-9]{4}$')" 688 | } 689 | ] 690 | } 691 | } 692 | } -------------------------------------------------------------------------------- /plugins/browser_plugin.py: -------------------------------------------------------------------------------- 1 | import webbrowser 2 | 3 | __author__ = "Brian Maloney" 4 | __version__ = "1.0" 5 | 6 | 7 | def open_link(link): 8 | webbrowser.open_new_tab(link) 9 | -------------------------------------------------------------------------------- /plugins/copy_plugin.py: -------------------------------------------------------------------------------- 1 | import logging import tkinter as tk __author__ = "Brian Maloney" __version__ = "1.0" log = logging.getLogger(__name__) def copy_action(*args): """Appends text to the clipboard.""" text = ",".join(args) try: root = tk.Tk() root.withdraw() # Hide the root window root.clipboard_clear() root.clipboard_append(text) root.update() # Update the clipboard root.destroy() except tk.TclError as e: log.error(f"Error accessing clipboard: {e}") -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | PyGetWindow 2 | screeninfo 3 | pystray 4 | pillow --------------------------------------------------------------------------------