UrlextractorInformation gathering & website reconnaissance | https://phishstats.info/
WatcherWatcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.
Ir RescueA Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.
Apt HunterAPT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity
KuiperDigital Forensics Investigation Platform
ThreatpinchlookupDocumentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension
InfosecHouseInfosec resource center for offensive and defensive security operations.
bits parserExtract BITS jobs from QMGR queue and store them as CSV records
SyntheticSunSyntheticSun is a defense-in-depth security automation and monitoring framework which utilizes threat intelligence, machine learning, managed AWS security services and, serverless technologies to continuously prevent, detect and respond to threats.
YAFRAYAFRA is a semi-automated framework for analyzing and representing reports about IT Security incidents.
fastfinderIncident Response - Fast suspicious file finder
CASECyber-investigation Analysis Standard Expression (CASE) Ontology
catalystCatalyst is an open source SOAR system that helps to automate alert handling and incident response processes
complianceLegal, procedural and policies document templates for operating an IRT
GDPatrolA Lambda-powered Security Orchestration framework for AWS GuardDuty
MemProcFS-AnalyzerMemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR
EvilizeParses Windows event logs files based on SANS Poster
PSTraceTrace ScriptBlock execution for powershell v2
LinuxCatScaleIncident Response collection and processing scripts with automated reporting scripts
uacUAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.
CDIRCDIR (Cyber Defense Institute Incident Response) Collector - live collection tool based on oss tool/library
PowerGRRPowerGRR is an API client library in PowerShell working on Windows, Linux and macOS for GRR automation and scripting.
MindMaps#ThreatHunting #DFIR #Malware #Detection Mind Maps
INDXRipperCarve file metadata from NTFS index ($I30) attributes
iris-webCollaborative Incident Response platform
MEATThis toolkit aims to help forensicators perform different kinds of acquisitions on iOS devices
ThePhishThePhish: an automated phishing email analysis tool
RdpCacheStitcherRdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.
macOS-irPrototype to collect data and analyse it from a compromised macOS device.
yara-exporterExporting MISP event attributes to yara rules usable with Thor apt scanner
pyarascannerA simple many-rules to many-files YARA scanner for incident response or malware zoos.
PackratLive system forensic collector
PowerSponsePowerSponse is a PowerShell module focused on targeted containment and remediation during incident response.
CCXDiggerThe CyberCX Digger project is designed to help Australian organisations determine if they have been impacted by certain high profile cyber security incidents. Digger provides threat hunting functionality packaged in a simple-to-use tool, allowing users to detect certain attacker activities; all for free.
evtx-hunterevtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.