SSF Tools - Forensic Analysis Toolkit

A forensic analysis toolkit for cybersecurity professionals performing PCI Secure Software Framework assessments and general forensic analysis.

Full documentation on GitHub Pages

Features

Volatility Integration: Automated memory analysis workflows using Volatility 3
Rich CLI Interface: Beautiful, user-friendly command-line interface with colored output
Intelligent Process Matching: Handles process name truncation and partial extension matching
File Collision Management: Smart handling of existing files with user-controlled resolution
Cross-Platform Support: Works on Windows, macOS, and Linux

Installation

Prerequisites

Python 3.13+ - Required for the SSF Tools CLI
Volatility 3 - Required for memory analysis (installed automatically)
Detect Secrets -- Required for credential detection (installed automatically)

Install SSF Tools

These instructions assume you'll use PyPI's PIPX to manage the behind-the-scenese Python virtual environment.

On Windows

# Install PIPX (recommended)
py -m pip install --user pipx
pipx ensurepath

# Restart your terminal

# Install SSF Tools
pipx install kp-ssf-tools

On MacOS

# Install PIPX
brew install pipx
pipx ensurepath

# Restart your terminal

# Install SSF Tools
pipx install kp-ssf-tools

On Linux

# Install PIPX (use your distro's package manager)
sudo apt update; sudo apt install pipx
pipx ensurepath

# Restart your terminal

# Install SSF Tools
pipx install kp-ssf-tools

Usage

Volatility Memory Analysis

The volatility sub-command automates extracting useful information from RAM images:

# Help page
ssf_tools volatility --help

# Basic usage
ssf_tools volatility memory-dump.raw windows interesting-processes.txt

Entropy Analysis

The analyze entropy command will compute Shannon entropy using a sliding window over each file. Results will be stored in analyze-credentials-<timestamp>.xlsx.

# Help page
ssf_tools analyze entropy --help

# Basic usage
ssf_tools analyze entropy src/

Credential Detection

The analyze credentials command uses the detect-secrets package to identify API keys, credentials, Base64-encoded secrets and other potential secrets. Results will be stored in analyze-credentials-<timestamp>.xlsx.

# Help page
ssf_tools analyze credentials --help

# Basic usage
ssf_tools analyze credentials src/

Development

# Install development dependencies
uv sync --dev --extra docs

# Run tests
uv run pytest

# Run linting
uv run ruff check .

# Format code
uv run ruff format .

Contributing

Fork the repository
Create a feature branch
Make your changes
Add tests
Submit a pull request

License

MIT License - see LICENSE file for details.

Name		Name	Last commit message	Last commit date
Latest commit History 8 Commits
.github		.github
.vscode		.vscode
docs		docs
examples		examples
src/kp_ssf_tools		src/kp_ssf_tools
tests		tests
.gitignore		.gitignore
.python-version		.python-version
CHANGELOG.md		CHANGELOG.md
CLAUDE.md		CLAUDE.md
LICENSE.txt		LICENSE.txt
NOTICE		NOTICE
README.md		README.md
combine_testssl_csv.py		combine_testssl_csv.py
hash_comp.py		hash_comp.py
mkdocs.yml		mkdocs.yml
mypy.ini		mypy.ini
pyproject.toml		pyproject.toml
run_testssl.py		run_testssl.py
uv.lock		uv.lock

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

SSF Tools - Forensic Analysis Toolkit

Features

Installation

Prerequisites

Install SSF Tools

Usage

Volatility Memory Analysis

Entropy Analysis

Credential Detection

Development

Contributing

License

About

Uh oh!

Releases

Packages

Uh oh!

Uh oh!

Contributors

Uh oh!

Languages

Folders and files

Latest commit

History

Repository files navigation

SSF Tools - Forensic Analysis Toolkit

Features

Installation

Prerequisites

Install SSF Tools

Usage

Volatility Memory Analysis

Entropy Analysis

Credential Detection

Development

Contributing

License

About

Resources

License

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Uh oh!

Contributors

Uh oh!

Languages

Packages