CIRTKit is not just a collection of tools, but also a framework to aid in the ongoing unification of Incident Response and Forensics investigation processes.

Investigations

Investigations are the core of CIRTKit. Incident responders and forensic analysts generate large amounts of data during investigations. Normally this data is stored in ticketing systems, governance and risk systems, or some other variation of persistent data storage.

CIRTKit aims to bring core DFIR (Digital Forensics and Incident Response) tools into one console, centralizing the investigation process. There are many tools available that incident responders use to collect, parse, and interpret data. If we can bring all of these tools together to one console that can store information and malware artifacts centrally, we may be able to better combat the adversaries.

Inspiration

The inspiration behind CIRTKit came from the Metasploit Framework. Metasploit was revolutionary to the offensive security industry, allowing users to not only centrally manage penetration tests, but also use and develop new tools/exploits to further their cause. The key question that spurred the initiation of CIRTKit was this: "Why are attackers more equipped than defenders?"

With Metasploit, attackers are always equipped, constantly sharing new exploits and tools with the framework to enable others to take advantage of known vulnerabilities. The time has come for network defenders to centralize our toolsets and share new detection and response capabilities easily with the community.

Installation

Database Setup

lib/core/database.py

CIRTKit requires a database to store malware artifacts and investigation data. Currently, CIRTKit is equipped to use SQLite and Postgres SQL databases. If you need to have multiple analysts collaborate on investigations, then you need to setup CIRTKit to use Postgres, otherwise if you want to store information locally, you can use SQLite.

SQLite

For SQLite, you can simply run CIRTKit, and it will create and connect to a local SQLite file. Or you can specify the connection string to use a different file.

Postgres

Setup your Postgres database and edit the lines at the top of the database.py with the credentials for the database you just configured.

DB_USER = '<username>'
DB_PASSWD = '<password>'

Install Dependencies

You can install decencies with pip (Python packaging system) using the provided requirements.txt file "pip install -r requirements.txt"

Execute

python cirtkity.py

You can also specify the '-i' flag and specify a specific investigation. If it does not exist, CIRTKit will create a new investigation

Github Project

Disclaimer

This website uses cookies, and also collects some information using Google Analytics. Any actions and or activities related to the material contained within this Website is solely your responsibility.The misuse of the information in this website can result in criminal charges brought against the persons in question. The authors and www.hack4.net will not be held responsible in the event any criminal charges be brought against any individuals misusing the information in this website to break the law.

HACK4NET 🤖 Pentest Tools and News

CIRTKit - Tools for the Computer Incident Response Team

Investigations

Inspiration

Installation

Database Setup

Install Dependencies

Execute

Post a Comment

No comments

Search This Blog

Recommend You

Build Your Own PwnPhone

Follow Us

Random Posts

Popular Posts

Disclaimer

Popular Posts

HACK4NET 🤖 Pentest Tools and News

CIRTKit - Tools for the Computer Incident Response Team

Investigations

Inspiration

Installation

Database Setup

Install Dependencies

Execute

Related Posts

Post a Comment

No comments

Search This Blog

Recommend You

Build Your Own PwnPhone

Follow Us

Random Posts

Popular Posts

Disclaimer

Popular Posts