Skip to content

dfirws tools

pycares

dfirws tools

Welcome to the dfirws wiki
Changelog
Customize dfirws
Didier Stevens tools
Getting started
Jupyter notebooks
KAPE
Network forensics
Notebook for PE with Ghidra and capa
Obsidian
Samples
Windows forensics
Investigations
Investigations
Tools
Tools
- Categories
- Cloud
  Cloud
  - Cloud
  - Azure CLI
- Development
  Development
- Editors
  Editors
- Enrichment geolocation
  Enrichment geolocation
- Enrichment ids
  Enrichment ids
- Enrichment network
  Enrichment network
- Enrichment threat intelligence
  Enrichment threat intelligence
- Enrichment vulnerability
  Enrichment vulnerability
  - Enrichment / Vulnerability
  - CVE Data
- Enrichment yara
  Enrichment yara
- Files and apps
  Files and apps
  - Files and apps
  - autoit-ripper
  - binlex
  - bulk_extractor
  - cabarchive
  - DensityScout
  - Detect It Easy
  - Dumpbin
  - fq
  - jq
  - lessmsi
  - magika
  - msidump
  - oletools
  - Python-dsstore
  - python-magic
  - pyzipper
  - QEMU
  - qrtool
  - ripgrep
  - TrID
  - unpy2exe
  - WinMerge
- Files and apps browser
  Files and apps browser
- Files and apps database
  Files and apps database
  - Files and apps / Database
  - DB Browser for SQLite
  - DBeaver
  - dsq
  - elasticsearch
  - ese-analyst
  - fqlite
  - h2database
  - litecli
  - neo4j
  - Neo4j
  - sqlit-tui
  - SQLite Tools
- Files and apps disk
  Files and apps disk
- Files and apps email
  Files and apps email
- Files and apps javascript
  Files and apps javascript
- Files and apps log
  Files and apps log
- Files and apps mobile
  Files and apps mobile
- Files and apps office
  Files and apps office
- Files and apps pdf
  Files and apps pdf
- Files and apps pe
  Files and apps pe
  - Files and apps / PE
  - 4n4lDetector
  - ASL
  - capa Explorer Web
  - capa-rules
  - capa
  - debloat
  - dll_to_exe
  - hachoir
  - HollowsHunter
  - lief
  - PE-bear
  - PE-sieve
  - PE-utils
  - pefile
  - pestudio
  - peutils
  - pfp
  - readpe
  - WinObjEx64
- Files and apps rdp
  Files and apps rdp
- Forensics
  Forensics
- Incident response
  Incident response
- Ir
  Ir
  - IR
  - PowerSponse
  - Trawler
  - Velociraptor
  - white-phoenix
- Logs
  Logs
  - Logs
  - FullEventLogView
- Malware analysis
  Malware analysis
- Malware analysis cobalt strike
  Malware analysis cobalt strike
- Malware tools
  Malware tools
- Malware tools gootloader
  Malware tools gootloader
  - Malware tools / Gootloader
  - gootloader
- Memory
  Memory
- Network
  Network
  - Network
  - Burp Suite
  - dnslib
  - dpkt
  - Flare-Fakenet-NG
  - geoip2
  - hfs
  - maclookup
  - Microsoft.etl2pcapng
  - netaddr
  - NetworkMiner
  - Nmap
  - Npcap
  - OpenVPN
  - PacketCircle
  - paramiko
  - protodeep
  - PuTTY
  - pycares
  - pydivert
  - pyshark
  - PySocks
  - scapy
  - Tailscale
  - WireGuard
  - Wireshark
  - zaproxy
  - Zui
- Os android
  Os android
- Os linux
  Os linux
- Os windows
  Os windows
  - OS / Windows
  - API Monitor
  - BlueTuxedo
  - CimSweep
  - Fibratus
  - Jumplist Browser
  - LnkParse3
  - Prefetch Browser
  - ProcDOT
  - psexposed
  - recbin
  - sidr
  - srum_dump
  - Thumbcacheviewer
  - TotalRecall
  - usnjrnl
- Os windows active directory
  Os windows active directory
- Os windows registry
  Os windows registry
- Programming
  Programming
  - Programming
  - JavaFX SDK
  - NodeJS
  - PHP
  - Python 3.11
  - Strawberry Perl
- Programming dotnet
  Programming dotnet
- Programming go
  Programming go
  - Programming / Go
  - gftrace
  - GoLang
  - GoReSym
  - GoReSym
  - gostringungarbler
  - redress
- Programming java
  Programming java
- Programming powershell
  Programming powershell
- Programming python
  Programming python
  - Programming / Python
  - aiodns
  - aiohttp
  - BeautifulSoup4
  - bitstruct
  - matplotlib
  - networkx
  - numpy
  - orjson
  - ptpython
  - pyasn1
  - python-dotenv
  - requests
  - simplejson
  - termcolor
  - textsearch
  - tomlkit
  - treelib
  - uv
  - xxhash
- Programming ruby
  Programming ruby
  - Programming / Ruby
  - Ruby
- Programming rust
  Programming rust
  - Programming / Rust
  - Rust
- Reverse engineering
  Reverse engineering
  - Reverse Engineering
  - Binary Ninja
  - CapaExplorer
  - cutter-jupyter
  - Cutter
  - cutterref
  - decai
  - dnSpy
  - FASM
  - frida-tools
  - Ghidra BTIGhidra
  - Ghidra Cartographer
  - Ghidra GhidrAssistMCP
  - Ghidra GolangAnalyzerExtension
  - Ghidra
  - ghidrecomp
  - ghidriff
  - Iaito
  - IDR
  - ILSpy
  - keystone-engine
  - NetExt
  - pyghidra
  - r2ai
  - r2ai
  - radare2-deep-graph
  - radare2-mcp
  - Radare2
  - rzpipe
  - scare
  - unicorn
  - WinDbg
  - x64dbg
- Signatures and information
  Signatures and information
- Signatures and information online tools
  Signatures and information online tools
- Sysinternals
  Sysinternals
  - Sysinternals
  - Sysinternals Suite
- Uncategorized
  Uncategorized
- Utilities
  Utilities
  - Utilities
  - 7-Zip
  - ai-fs-proxy
  - cmder
  - DCode
  - deep_translator
  - Dependencies
  - dictionaries
  - docsify-cli
  - edit
  - ExifTool
  - Flare-Floss
  - geolocus-cli
  - git
  - go-size-analyzer
  - godap
  - Google Earth Pro
  - graphviz
  - Graphviz
  - grip
  - hexdump
  - jpterm
  - jupyter-collection
  - jupyterlab
  - markitdown
  - @marp-team/marp-cli
  - mcp-server-elasticsearch
  - mkdocs
  - mmdbinspect
  - Nerd Fonts
  - oh-my-posh
  - opencode-ai
  - prettytable
  - pwncat
  - pyvis
  - Resource Hacker
  - rexi
  - RpcView
  - time-decode
  - ULogViewer
  - upx
  - Velociraptor Artifact Exchange
  - visidata
  - Windows Terminal (Canary)
  - zensical
  - zstd
- Utilities browsers
  Utilities browsers
- Utilities cryptography
  Utilities cryptography
- Utilities ctf
  Utilities ctf
- Utilities media
  Utilities media
  - Utilities / Media
  - Audacity
  - ffmpeg
  - IrfanView
  - SmartDeblur
  - VLC

pycares¶

Category: Network

Source: Python

Profiles: Full, Basic

Tags: network, dns

Made with Zensical