Top 106 threat-intelligence open source projects

StalkPhish - The Phishing kits stalker, harvesting phishing kits for investigations.

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

🐺 Malware analysis platform

Malware hashes for open source projects.

SyntheticSun is a defense-in-depth security automation and monitoring framework which utilizes threat intelligence, machine learning, managed AWS security services and, serverless technologies to continuously prevent, detect and respond to threats.

Yara rules written by me, for free use.

Mapping NSM rules to MITRE ATT&CK

Collection of best practices to add OSINT into MISP and/or MISP communities

Python 3 Wrapper for the BinaryEdge API https://www.binaryedge.io/

Aggregated Indicators of Compromise collected and cross-verified from multiple open and community-supported sources, enriched and ranked using our intelligence platform for you. Threat Intelligence, Threat feed, Open source feed.

DaProfiler allows you to create a profile on your target based in France only. The particularity of this program is its ability to find the e-mail addresses your target.

A Python Bytecode Disassembler helping reverse engineers in dissecting Python binaries by disassembling and analyzing the compiled python byte-code(.pyc) files across all python versions (including Python 3.10.*)

Ayashige provides a list of suspicious newly updated domains as a JSON feed

⚔️MITRE ATT&CK Machinations in R

OpenCTI connectors

Best practices in threat intelligence

Repositório criado com intuito de reunir informações, fontes(websites/portais) e tricks de OSINT dentro do contexto Brasil.

Threat research and reporting from IronNet's Threat Research Teams

YAFRA is a semi-automated framework for analyzing and representing reports about IT Security incidents.

A curses-style interface for automatic takedown notification based on MISP events.

CyCAT.org API back-end server including crawlers

Threat Hunting queries for various attacks

OpenCTI Python Client

This is a project of "#Twiti: Social Listening for Threat Intelligence" (TheWebConf 2021)

The Ultimate OSINT and Threat Hunting Framework

All the IOC's I have gathered which are used directly involved coronavirus / covid-19 / SARS-CoV-2 cyber attack campaigns

Application for keeping feeds from FireHOL https://github.com/firehol/blocklist-ipsets with IP addresses appearance history. HTTP-based API service is developed for search requests.

A simple threat hunting tool based on osquery, Salt Open and Cymon API

#ThreatHunting #DFIR #Malware #Detection Mind Maps

Intelligent threat hunter and phishing servers

Microsoft Sentinel SOC Operations

Defund the Police.

recon-ng modules for Censys

This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.

Capture passwords of login attempts on non-existent and disabled accounts.

Collection of malware persistence and hunting information. Be a persistent persistence hunter!

A (nearly) production ready Dockered MISP

Malware Sample Sources

intelligence-icons is a collection of icons and diagrams for building training and marketing materials around Intelligence sharing; including but not limited to CTI, MISP Threat Sharing, STIX 2.

Tracking APT IOCs

Signatures and IoCs from public Volexity blog posts.

ThePhish: an automated phishing email analysis tool

D4 core software (server and sample sensor client)

Standard-Format Threat Intelligence Feeds

Connect your mail client/infrastructure to MISP in order to create events based on the information contained within mails.

The CyberCX Digger project is designed to help Australian organisations determine if they have been impacted by certain high profile cyber security incidents. Digger provides threat hunting functionality packaged in a simple-to-use tool, allowing users to detect certain attacker activities; all for free.