IRScripts

Collection of Incident Response scripts.

Scripts

• bhistory.py - Parse Firefox or Chrome browser history.
• ipquery.py - Query VT for information on the IP.
• ipinfo.py - Get information about an ip address.
• gsbcheck.py - Query Google SafeBrowse for URL
• fglookup.py - Check FortiGuard Rep or Blacklist
• dridex-xml.py - Extract compressed Dridex document from xml file.
• alienspy-decrypt - Extract AlienSpy Properties (config.xml) or the packed jar file.
• hawkeye-decrypt.ps1 - Configuration decryptor for Hawkeye/GolRoted Key Logger.