Skip to content
/ stackstorm-forensics Public

Forensics and CTF automation pack to use with StackStorm. Actions and ChatOps aliases.

License

View license
8 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

RandomsCTF/stackstorm-forensics

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits
packs/forensics
packs/forensics
 
 
.gitignore
.gitignore
 
 
LICENSE.md
LICENSE.md
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

StackStorm Forensics

Marceline

An automation pack for StackStorm: various actions and ChatOps aliases for file/stream forensics and CTFs challenges.

Although this pack is meant to power Randoms' own CTF helper, Marceline, it can also be reused as a set of independent StackStorm actions or as code somewhere else. Whatever you want, really.

Commands

So far the list of things Marceline does is really small:

base64 decode {{ string }} - Do a base64 decode of a string.
base64 encode {{ string }} - Do a base64 encode of a string.
crack substitution {{ ciphertext }} - Try to crack a substitution cipher.
rot13 {{ string }} - Apply rot13 to a string.
what.s next? - Look for upcoming CTFs.
when is {{ query }}? - Look for upcoming CTFs.

However, I'm planning to extend it in the nearest future, and you're more than welcome to contribute.

Todo

  • File analysis: file, hachoir-subfile
  • Metadata extraction: hachoir-metadata
  • Output from strings
  • Hash lookups
  • Hex/bin/dec/ascii/unicode conversions
  • Basic steganographic analysis
  • Nmap scanning

Suggestions are always appreciated.

— Ed.

About

Forensics and CTF automation pack to use with StackStorm. Actions and ChatOps aliases.

Resources

Readme

License

View license
Activity
Custom properties

Stars

8 stars

Watchers

7 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages