defencia/knowledge/autopsy plugins
URLcheck · Pi-hole · MalwareIndicator

Autopsy Plugins

A small collection of custom Autopsy Python plugins that extend the framework toward your investigations — each with a SHA-256 for integrity.

AutopsyPython

Custom Autopsy plugins

A small collection of the author's own Autopsy Python plugins. Each is distributed as a ZIP with a SHA-256 for integrity. Drop the Python module into Autopsy's python_module folder.

URLcheck (URLhaus)

Checks URLs against URLhaus. Version 1.11 avoids accumulation when run multiple times and simplifies copy-paste to a text file.

ZIP
URLcheck v1.114.04 KB · SHA-256 673d98…83d

Pi-hole lookup

Similar to URLcheck, but uses your own Pi-hole as the reference to flag sites worth digging into. Version 1.0 — still under development and test.

ZIP
Pi-hole lookup v1.03.06 KB · SHA-256 b4755f…b61

MalwareIndicator

An experimental plugin (v1.0 / detection logic v4.2) for identifying malware behaviours using a generic approach.

ZIP
MalwareIndicator v1.04.02 KB · SHA-256 1fe877…257