Skip to content
View zavetsec's full-sized avatar
1 follower · 1 following

Block or report zavetsec

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
zavetsec/README.md
ZavetSec

Anonymous SOC/DFIR toolsmith. Single-file defensive tooling for air-gapped, incident response, and hardened environments.

No install. No dependencies. No agents. No telemetry.

Why ZavetSec

  • Single-file execution — one script, run and done
  • No installation, no prerequisites, no admin infrastructure
  • Air-gap friendly — works fully offline
  • MITRE ATT&CK aligned — findings mapped to tactics and techniques
  • Dark HTML reporting — structured, self-contained, ready to share

Tools

Endpoint Monitoring & DLP

Tool Platform Capability
ZavetSec-DLP Windows / .NET 8 Endpoint activity monitoring • keylogger • screenshots • clipboard • USB • DNS • network • web dashboard • EN/RU

SOC / DFIR / Hardening

Tool Platform Capability
Invoke-ZavetSecTriage Windows / PS 5.1 DFIR triage • 17 modules • MITRE ATT&CK
ZavetSec-Harden Windows / PS 5.1 Hardening baseline • CIS / DISA STIG • Audit / Apply / Rollback
ZLT Linux / Bash Linux triage • 12 modules • single command
Invoke-ADSecurityAudit Windows / PS 5.1 Active Directory audit • findings • remediation
ZavetSec-NetworkInventory Windows / PS 5.1 Network scanner • asset inventory • offline
ZavetSec-NetworkConnections Windows / PS 5.1 Live connections • GeoIP • process context • risk
ZavetSec-BrowserHistory Windows / PS 5.1 Browser forensics • all users • all browsers
Invoke-MBHashCheck Windows / PS 5.1 Hash lookup • MalwareBazaar • ThreatFox
ZavetSec-Vault Any browser Offline password manager • AES-256-GCM • no cloud

Personal Security & Privacy

Tool Platform Capability
opsec-checklist Any browser OPSEC assessment framework • 70+ items • RU/CIS + US/EU editions

Design Standard

All tools share a consistent output format:

  • #0a0d10 dark background — readable in SOC environments at 3 AM
  • #00ff88 green accent — high contrast, low eye strain
  • JetBrains Mono for code and data, Rajdhani for headers
  • Severity tag badges, MITRE ATT&CK references inline
  • 100% self-contained HTML — one file, no CDN, no external requests

Coverage

Endpoint Monitoring   ZavetSec-DLP
Windows Triage        Invoke-ZavetSecTriage
Linux Triage          ZLT
Active Directory      Invoke-ADSecurityAudit
Network Discovery     ZavetSec-NetworkInventory
Live Connections      ZavetSec-NetworkConnections
Browser Forensics     ZavetSec-BrowserHistory
Hash Intel            Invoke-MBHashCheck
Hardening             ZavetSec-Harden
Secure Storage        ZavetSec-Vault
Personal OPSEC        opsec-checklist

Built for defenders. Designed for real-world operations.
MIT Licensed — open, practical, unrestricted.

Pinned Loading

  1. Invoke-ZavetSecTriage Invoke-ZavetSecTriage Public

    Zero-dependency DFIR triage script for Windows systems. PowerShell 5.1, no external tools required.

    PowerShell 1 1

  2. ZavetSec-BrowserHistory ZavetSec-BrowserHistory Public

    Forensic browser history extractor for Windows — all users, all browsers, one report

    PowerShell 1

  3. ZavetSec-Harden ZavetSec-Harden Public

    Windows security hardening baseline — CIS / DISA STIG / MS Security Baseline. Audit, Apply, Rollback. PowerShell 5.1+

    PowerShell 1

  4. ZavetSec-NetworkConnections ZavetSec-NetworkConnections Public

    Live network connection snapshot with process context, GeoIP enrichment, DNS analysis and risk classification

    PowerShell 1

  5. Invoke-ADSecurityAudit Invoke-ADSecurityAudit Public

    Single-file PowerShell script. Run it on a domain-joined machine and get a structured HTML report with findings, MITRE ATT&CK mappings, and remediation guidance. No agents, no databases, no persist…

    PowerShell 1

  6. ZLT ZLT Public

    ZavetSec Linux Triage is a bash script for first-response DFIR triage of Linux hosts. Run it with a single command, collect telemetry across 12 modules, automatically analyze it against a curated r…

    Shell 1