All Categories → Security → threat-hunting

Top 115 threat-hunting open source projects

Threat Intel
Archive of publicly available threat INTel reports (mostly APT Reports but not limited to).
Mihari
A helper to run OSINT queries & manage results continuously
Threathunter Playbook
A Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.
Threat Hunting
Personal compilation of APT malware from whitepaper releases, documents and own research
Yara Rules
A collection of YARA rules we wish to share with the world, most probably referenced from http://blog.inquest.net.
Slides
Misc Threat Hunting Resources
Adaz
🔧 Automatically deploy customizable Active Directory labs in Azure
Whids
Open Source EDR for Windows
Weffles
Build a fast, free, and effective Threat Hunting/Incident Response Console with Windows Event Forwarding and PowerBI
Phishingkithunter
Find phishing kits which use your brand/organization's files and image.
Pcap Attack
PCAP Samples for Different Post Exploitation Techniques
Ee Outliers
Open-source framework to detect outliers in Elasticsearch events
Threathunting
Tools for hunting for threats.
Bearded Avenger
CIF v3 -- the fastest way to consume threat intelligence
Oriana
Oriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments.
Opensquat
Detection of phishing domains and domain squatting. Supports permutations such as homograph attack, typosquatting and bitsquatting.
Threatbus
🚌 The missing link to connect open-source threat intelligence tools.
Mthc
All-in-one bundle of MISP, TheHive and Cortex
Threathunting Spl
Splunk code (SPL) useful for serious threat hunters.
Macos Attack Dataset
JSON DataSet for macOS mapped to MITRE ATT&CK Tactics.
Awesome Threat Detection
A curated list of awesome threat detection and hunting resources
Dovehawk
Dovehawk is a Zeek module that automatically imports MISP indicators and reports Sightings
Detections
This repository contains all public indicators identified by 401trg during the course of our investigations. It also includes relevant yara rules and ids signatures to detect these indicators.
Threathunt
ThreatHunt is a PowerShell repository that allows you to train your threat hunting skills.
Hunting Mindmaps
🔍 Mindmaps for threat hunting - work in progress.
Sysmon Modular
A repository of sysmon configuration modules
Yeti
Your Everyday Threat Intelligence
Beagle
Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
Besafe
BeSafe is robust threat analyzer which help to protect your desktop environment and know what's happening around you
Apullo
A scanner for taking basic fingerprints
Threathunting
A Splunk app mapped to MITRE ATT&CK to guide your threat hunts
Bluespawn
An Active Defense and EDR software to empower Blue Teams
Sentinel Attack
Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
Auditd Attack
A Linux Auditd rule set mapped to MITRE's Attack Framework
Klara
Kaspersky's GReAT KLara
Fatt
FATT /fingerprintAllTheThings - a pyshark based script for extracting network metadata and fingerprints from pcap files and live network traffic
Fcl
FCL (Fileless Command Lines) - Known command lines of fileless malicious executions
Watcher
Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.
Apt Hunter
APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity
Meerkat
A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.
Misp Galaxy
Clusters and elements to attach to MISP events or attributes (like threat actors)
1-60 of 115 threat-hunting projects