├── Git.ps1
├── LICENSE
├── Lists
    ├── Build_Lab.txt
    ├── Deobfuscator.txt
    ├── Disk_DFIR.txt
    ├── ELKs
    ├── Linux.ltxt
    ├── Live_Malware_Samples.txt
    ├── Network_Analysis.txt
    ├── OSx.txt
    ├── REFERENCE.txt
    ├── Web_Stuff.txt
    └── Windows.txt
├── README.md
├── install.ps1
└── install.py


/Git.ps1:
--------------------------------------------------------------------------------
 1 | param{
 2 | $URI=https://github.com/ceramicskate0/YAKSR
 3 | }
 4 | $CurrentDir=Pwd
 5 | 
 6 | if($Name -match "^[a-zA-Z0-9]+/[a-zA-Z0-9_-]+$")
 7 | {
 8 |     $Name = "https://github.com/$Name.zip"
 9 | }
10 | $GitName = $Name.trimend('/').split('/')[-1] -replace "\.zip$", ''
11 | $Target = $Dependency.Target
12 | if(-not $Target)
13 | {
14 |     $Target = $PWD.Path
15 | }
16 | $RepoPath = Join-Path $Target $GitName
17 | 
18 | Invoke-WebRequest -Uri $URI+"/archive/master.zip" -OutFile $CurrentDir+"\"+$RepoPath
19 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | This is free and unencumbered software released into the public domain.
 2 | 
 3 | Anyone is free to copy, modify, publish, use, compile, sell, or
 4 | distribute this software, either in source code form or as a compiled
 5 | binary, for any purpose, commercial or non-commercial, and by any
 6 | means.
 7 | 
 8 | In jurisdictions that recognize copyright laws, the author or authors
 9 | of this software dedicate any and all copyright interest in the
10 | software to the public domain. We make this dedication for the benefit
11 | of the public at large and to the detriment of our heirs and
12 | successors. We intend this dedication to be an overt act of
13 | relinquishment in perpetuity of all present and future rights to this
14 | software under copyright law.
15 | 
16 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
17 | EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
18 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
19 | IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
20 | OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
21 | ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
22 | OTHER DEALINGS IN THE SOFTWARE.
23 | 
24 | For more information, please refer to <http://unlicense.org>
25 | 


--------------------------------------------------------------------------------
/Lists/Build_Lab.txt:
--------------------------------------------------------------------------------
1 | https://github.com/clong/DetectionLab
2 | 


--------------------------------------------------------------------------------
/Lists/Deobfuscator.txt:
--------------------------------------------------------------------------------
1 | https://github.com/mindedsecurity/JStillery
2 | 


--------------------------------------------------------------------------------
/Lists/Disk_DFIR.txt:
--------------------------------------------------------------------------------
1 | https://github.com/google/timesketch
2 | 


--------------------------------------------------------------------------------
/Lists/ELKs:
--------------------------------------------------------------------------------
1 | https://github.com/philhagen/sof-elk
2 | https://github.com/Cyb3rWard0g/HELK
3 | 


--------------------------------------------------------------------------------
/Lists/Linux.ltxt:
--------------------------------------------------------------------------------
 1 | git clone https://github.com/ztgrace/sticky_keys_hunter
 2 | git clone https://github.com/google/grr
 3 | git clone https://github.com/fireeye/flare-ida
 4 | git clone https://github.com/fireeye/pycommands
 5 | git clone https://github.com/facebook/osquery
 6 | git clone https://github.com/fireeye/chopshop
 7 | git clone https://github.com/iadgov/Secure-Host-Baseline
 8 | git clone https://github.com/0xd4d/de4dot
 9 | git clone https://github.com/MISP/MISP
10 | git clone https://github.com/tfairane/SpotResponder
11 | git clone https://github.com/jbremer/vmcloak
12 | git clone https://github.com/Netflix/security_monkey
13 | git clone https://github.com/DanMcInerney/net-creds
14 | git clone https://github.com/kenbellows/packet-knife
15 | git clone https://github.com/SpiderLabs/malware-analysis
16 | git clone https://github.com/davidoren/CuckooSploit
17 | git clone https://github.com/defpoint/threat_note
18 | git clone https://github.com/1aN0rmus/TekDefense-Automater
19 | git clone https://github.com/da667/Autosnort
20 | git clone https://github.com/szimeus/evalyzer
21 | git clone https://github.com/byt3smith/malstrom
22 | git clone https://github.com/byt3smith/Forager
23 | git clone https://github.com/byt3smith/CIRTKit
24 | git clone https://github.com/diogo-fernan/ir-rescue
25 | git clone https://github.com/hadojae/DATA
26 | git clone https://github.com/mlsecproject/combine
27 | git clone https://github.com/slacker007/CS-Beacon-Detector
28 | git clone https://github.com/stamparm/maltrail
29 | git clone https://github.com/sensepost/objection
30 | git clone https://github.com/botherder/detekt
31 | git clone https://github.com/stamparm/EternalRocks
32 | git clone https://github.com/viper-framework/viper
33 | git clone https://github.com/ANSSI-FR/AD-control-paths
34 | git clone https://github.com/Paradoxis/StegCracker
35 | git clone https://github.com/pi-hole/pi-hole
36 | 


--------------------------------------------------------------------------------
/Lists/Live_Malware_Samples.txt:
--------------------------------------------------------------------------------
1 | git clone https://github.com/ahhh/malware_sources
2 | git clone https://github.com/ispoleet/malware
3 | git clone https://github.com/ytisf/theZoo
4 | git clone https://github.com/fdiskyou/malware
5 | git clone https://github.com/gasgas4/Leaked_Malware_SourceCode
6 | git clone https://github.com/adamcaudill/EquationGroupLeak
7 | git clone https://github.com/nyx0/Pony
8 | 


--------------------------------------------------------------------------------
/Lists/Network_Analysis.txt:
--------------------------------------------------------------------------------
1 | https://github.com/ocmdev/rita
2 | 


--------------------------------------------------------------------------------
/Lists/OSx.txt:
--------------------------------------------------------------------------------
1 | https://github.com/Yelp/osxcollector
2 | 


--------------------------------------------------------------------------------
/Lists/REFERENCE.txt:
--------------------------------------------------------------------------------
1 | https://github.com/Hack-with-Github/Awesome-Hacking
2 | https://github.com/vysec/DomainFrontingLists
3 | https://github.com/palantir/windows-event-forwarding
4 | 


--------------------------------------------------------------------------------
/Lists/Web_Stuff.txt:
--------------------------------------------------------------------------------
1 | https://github.com/minimaxir/big-list-of-naughty-strings
2 | 


--------------------------------------------------------------------------------
/Lists/Windows.txt:
--------------------------------------------------------------------------------
 1 | https://https://github.com/b3dk7/StegExpose
 2 | https://github.com/realparisi/WMI_Monitor
 3 | https://github.com/mattifestation/PowerShellArsenal
 4 | https://github.com/enigma0x3/Misc-PowerShell-Stuff
 5 | https://download.sysinternals.com/files/SysinternalsSuite.zip
 6 | https://github.com/PowerShellMafia/CimSweep
 7 | https://github.com/Invoke-IR/WmiEvent
 8 | https://github.com/Invoke-IR/PowerForensics
 9 | https://github.com/sans-blue-team/DeepBlueCLI
10 | https://github.com/nccgroup/SCOMDecrypt
11 | https://github.com/nccgroup/mnemosyne
12 | https://github.com/JavelinNetworks/IR-Tools
13 | https://github.com/achillean/Shodan.NET
14 | https://github.com/PyroTek3/PowerShell-AD-Recon
15 | https://github.com/mattifestation/PowerWorm
16 | https://github.com/szimeus/evalyzer
17 | https://github.com/diogo-fernan/ir-rescue
18 | https://github.com/MHaggis/sysmon-dfir
19 | https://github.com/jivoi/awesome-osint
20 | https://github.com/MHaggis/sysmon-dfir
21 | https://github.com/MHaggis/hunt-detect-prevent
22 | https://github.com/williballenthin/process-forest
23 | https://github.com/securitywithoutborders/hardentools
24 | https://github.com/PaulSec/awesome-windows-domain-hardening
25 | https://github.com/Ben0xA/PowerShellDefense
26 | https://github.com/phishme/malware_analysis
27 | https://github.com/enigma0x3/Misc-PowerShell-Stuff/blob/master/Get-ScheduledTaskComHandler.ps1
28 | https://github.com/1aN0rmus/TekDefense-Automater
29 | https://github.com/darkoperator/Posh-VirusTotal
30 | https://github.com/JohnLaTwC/PyPowerShellXray
31 | https://github.com/SwiftOnSecurity/PhishingRegex
32 | https://github.com/SwiftOnSecurity/SwiftFilter
33 | https://github.com/Infocyte/PSHunt
34 | https://github.com/endgameinc/ClrGuard
35 | https://gist.github.com/dezhub/6d2a3ced01aaf081da841f4761455c5f
36 | https://gist.github.com/mattifestation/8958b4c18d8bca9e221b29252cfee26b
37 | https://gist.github.com/dezhub/2875fa6dc78083cedeab10abc551cb58
38 | https://github.com/0xm4v3rick/Extract-Macro
39 | https://github.com/felixweyne/ProcessSpawnControl
40 | https://github.com/DissectMalware/batch_deobfuscator
41 | https://github.com/besimorhino/Pause-Process
42 | https://github.com/nsacyber/Event-Forwarding-Guidance
43 | https://github.com/Microsoft/WindowsDefenderATP-Hunting-Queries
44 | https://github.com/beahunt3r/Windows-Hunting
45 | https://github.com/salesforce/ja3
46 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # Yet Another Blue Team Repo
 2 | Repo for Blue team tools for both windows and Linux, not OSx.
 3 | 
 4 | # Notes:
 5 | Designed my own tool to deal with log data on endpoints to find malicious activcity and deal with log issues and SIEMs not being able to deal with the data. I pushed it on the endpoint to send to your SIEM just the data you want. SWELF https://github.com/ceramicskate0/SWELF
 6 | 
 7 | ## Instructions:
 8 | Run the following files to build the ToolBox.
 9 | 
10 | installer.py is the installer for linux repo list
11 | 
12 | installer.ps1 is the installer for the windows repo list
13 | 
14 | # Legalish Disclaimer:
15 | 
16 | I dont recommend or condone using anything on here for any reason. Anything in the Lists Dir i did not write so I cant exactly tell you what or how it does what it says it does. The scipts here may work, but just as likely have a chance to break the system they are run on. If you use them you do so at your own risk. I do/have NEVER authorized,condoned, or recommend the use of anything in any of my repos for any reason. This is a collection of simple scripts I found useful with my own Kali OS for educational purposes only. I did not create any of the scripts downloaded via the install.py script. All credit goes to the authors whos full URL and/or github account/Repo is listed in the script, please see their sites for more info or issue with their repo's. It should be noted that since these are all publically available then they are to be used for education purposes only. Do not use for Evil.
17 | 
18 | This is free and unencumbered software released into the public domain.
19 | 
20 | Anyone is free to copy, modify, publish, use, compile, sell, or
21 | distribute this software, either in source code form or as a compiled
22 | binary, for any purpose, commercial or non-commercial, and by any
23 | means.
24 | 
25 | In jurisdictions that recognize copyright laws, the author or authors
26 | of this software dedicate any and all copyright interest in the
27 | software to the public domain. We make this dedication for the benefit
28 | of the public at large and to the detriment of our heirs and
29 | successors. We intend this dedication to be an overt act of
30 | relinquishment in perpetuity of all present and future rights to this
31 | software under copyright law.
32 | 
33 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
34 | EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
35 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
36 | IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
37 | OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
38 | ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
39 | OTHER DEALINGS IN THE SOFTWARE.
40 | 
41 | For more information, please refer to <http://unlicense.org>
42 | 


--------------------------------------------------------------------------------
/install.ps1:
--------------------------------------------------------------------------------
 1 | function Git ($URI,$CurrentDir)
 2 | {
 3 | 	$CurrentDir=(Get-Item -Path ".\").FullName
 4 |     $GitName = $URI[0].trimend('/').split('/')[-1] -replace "\.zip$", ''
 5 |     #Invoke-WebRequest -Uri $URI+"/archive/master.zip" -OutFile $CurrentDir+"\"+$GitName+"\master.zip"
 6 | 	mkdir $CurrentDir"\Windows_Toolbox\"$GitName -force
 7 | 	(New-Object System.Net.WebClient).DownloadFile($URI[0]+"/archive/master.zip",$CurrentDir+"\Windows_Toolbox\"+$GitName+"\master.zip")
 8 | }
 9 | 
10 | function DownloadFromWeb ($URI,$CurrentDir)
11 | {
12 | 	$CurrentDir=(Get-Item -Path ".\").FullName
13 |     $FielName = $URI.trimend('/').split('/')
14 |     (New-Object System.Net.WebClient).DownloadFile($URI[0],$CurrentDir+"\"+$FielName)
15 | }
16 | 
17 | foreach($line in Get-Content (Get-Item -Path ".\").FullName+'Windows.txt') {
18 |     $CurrentDir=Get-Location
19 |     if ($line -like '*github.com*')
20 |     {
21 |     Git ($line,$CurrentDir)
22 |     }
23 |     else
24 |     {
25 |     DownloadFromWeb ($line,$CurrentDir)
26 |     }
27 | }
28 | 


--------------------------------------------------------------------------------
/install.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/python
 2 | import os
 3 | from subprocess import call
 4 | 
 5 | currentdir=os.getcwd()
 6 | 
 7 | os.chdir(str(currentdir))
 8 | 
 9 | if (os.path.isdir(str(currentdir)+"/Blue_ToolBox")) is False:
10 | 	os.makedirs(str(currentdir)+"/Blue_ToolBox")
11 | 
12 | os.chdir(str(currentdir)+ "/Lists")
13 | 
14 | files = [x for x in os.listdir(currentdir+str("/Lists")) if x.endswith('.txt')]
15 | 
16 | for filename in files:
17 | 	dirname= os.path.splitext(str(filename))[0]
18 | 	os.chdir(str(currentdir)+"/Blue_ToolBox/")
19 | 	if (os.path.isdir(str(currentdir)+"/Blue_ToolBox/")) is False:
20 | 		os.system("rm -rf "+str(dirname))
21 | 	os.makedirs(str(currentdir)+"/Blue_ToolBox/"+str(dirname))
22 | 	os.chdir(str(currentdir)+"/Blue_ToolBox/"+str(dirname))
23 | 	f=open(str(currentdir)+ "/Lists/"+str(filename))
24 | 	line=f.readline()
25 | 	while line:
26 | 		os.system(str(line))
27 | 		line=f.readline()
28 | 	f.close()
29 | 


--------------------------------------------------------------------------------