Skip to main content

SSF Tools - Forensic Analysis Toolkit for cybersecurity professionals

Project description

SSF Tools - Forensic Analysis Toolkit

A forensic analysis toolkit for cybersecurity professionals performing PCI Secure Software Framework assessments and general forensic analysis.

Full documentation on [ReadtheDocs]

Features

  • Volatility Integration: Automated memory analysis workflows using Volatility 3
  • Rich CLI Interface: Beautiful, user-friendly command-line interface with colored output
  • Intelligent Process Matching: Handles process name truncation and partial extension matching
  • File Collision Management: Smart handling of existing files with user-controlled resolution
  • Cross-Platform Support: Works on Windows, macOS, and Linux

Installation

Prerequisites

  1. Python 3.13+ - Required for the SSF Tools CLI
  2. Volatility 3 - Required for memory analysis (installed automatically)
  3. Detect Secrets -- Required for credential detection (installed automatically)

Install SSF Tools

These instructions assume you'll use PyPI's PIPX to manage the behind-the-scenese Python virtual environment.

On Windows

# Install PIPX (recommended)
py -m pip install --user pipx
pipx ensurepath

# Restart your terminal

# Install SSF Tools
pipx install kp-ssf-tools

On MacOS

# Install PIPX
brew install pipx
pipx ensurepath

# Restart your terminal

# Install SSF Tools
pipx install kp-ssf-tools

On Linux

# Install PIPX (use your distro's package manager)
sudo apt update; sudo apt install pipx
pipx ensurepath

# Restart your terminal

# Install SSF Tools
pipx install kp-ssf-tools

Usage

Volatility Memory Analysis

The volatility sub-command automates extracting useful information from RAM images:

# Help page
ssf_tools volatility --help

# Basic usage
ssf_tools volatility memory-dump.raw windows interesting-processes.txt

Entropy Analysis

The analyze entropy command will compute Shannon entropy using a sliding window over each file. Results will be stored in analyze-credentials-<timestamp>.xlsx.

# Help page
ssf_tools analyze entropy --help

# Basic usage
ssf_tools analyze entropy src/

Credential Detection

The analyze credentials command uses the detect-secrets package to identify API keys, credentials, Base64-encoded secrets and other potential secrets. Results will be stored in analyze-credentials-<timestamp>.xlsx.

# Help page
ssf_tools analyze credentials --help

# Basic usage
ssf_tools analyze credentials src/

Development

# Install development dependencies
uv sync --dev --extra docs

# Run tests
uv run pytest

# Run linting
uv run ruff check .

# Format code
uv run ruff format .

Contributing

  1. Fork the repository
  2. Create a feature branch
  3. Make your changes
  4. Add tests
  5. Submit a pull request

License

MIT License - see LICENSE file for details.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

kp_ssf_tools-0.2.0.tar.gz (100.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

kp_ssf_tools-0.2.0-py3-none-any.whl (136.7 kB view details)

Uploaded Python 3

File details

Details for the file kp_ssf_tools-0.2.0.tar.gz.

File metadata

  • Download URL: kp_ssf_tools-0.2.0.tar.gz
  • Upload date:
  • Size: 100.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.7.2

File hashes

Hashes for kp_ssf_tools-0.2.0.tar.gz
Algorithm Hash digest
SHA256 9c4042787ae69fed97118b021e9b54bd718140f04bf907e2ff55eeaafde147f7
MD5 4ef92fb3002d0ac595168da4b7e38b3d
BLAKE2b-256 34a4281557e441ee7fdc473319fa0bdd1049e462dd2199031bacca6834103b64

See more details on using hashes here.

File details

Details for the file kp_ssf_tools-0.2.0-py3-none-any.whl.

File metadata

File hashes

Hashes for kp_ssf_tools-0.2.0-py3-none-any.whl
Algorithm Hash digest
SHA256 ab1c8bdbcc45dba82986e2efab857237a8a38864551c6b79a6f7c66f283f1290
MD5 63e2761764b40edab801910bc850043b
BLAKE2b-256 dfc1f5e8724850f525d1cc97b1179ad3fa469820787da3e218b999b82574df85

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page