144 Open source projects that are alternatives of or similar to Artifacts

swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics. It automates swap extraction and searches for Linux user credentials, web forms credentials, web forms emails, http basic authentication, Wifi SSID and keys, etc.

Cybersecurity Career Path

Bash script to Check for malicious Cryptomining

A list of cyber-chef recipes and curated links

A curated list of tools for incident response

Documentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension

WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅（ウェラ）

Loki - Simple IOC and Incident Response Scanner

#ThreatHunting #DFIR #Malware #Detection Mind Maps

Factual-rules-generator is an open source project which aims to generate YARA rules about installed software from a machine.

macOS Artifact Parsing Tool

Information Security Library

A sort of a toolkit to decrypt Dropbox Windows DBX files

Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

ThePhish: an automated phishing email analysis tool

Incident Response - Fast suspicious file finder

RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.

Defanged Indicator of Compromise (IOC) Extractor.

Documentation for Zeek

Cyber-investigation Analysis Standard Expression (CASE) Ontology

This is a python tool aiming to make using TheHive webhooks easier.

Diffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.

A simple many-rules to many-files YARA scanner for incident response or malware zoos.

A repo for centralizing ongoing research on the new Windows 10/11 DFIR artifact, EventTranscript.db.

Security Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management

Timeline of Active Directory changes with replication metadata

Log what files are accessed by any Linux process

Oriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments.

Python based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)

All-in-one bundle of MISP, TheHive and Cortex

🔮 Visibility Across Space and Time

The Python implementation of the AFF4 standard.

A knowledge base of actionable Incident Response techniques

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

Test Blue Team detections without running any attack.

A list of free and open forensics analysis tools and other resources

Forensics artefact collection tool for systems running Microsoft Windows

Extract and aggregate threat intelligence.

Validates yara rules and tries to repair the broken ones.

Open Source EDR for Windows

Tools for the Computer Incident Response Team 💻

Imago is a python tool that extract digital evidences from images.

Python tool and library to help analyze files during malware triage and analysis.

documentation, scripts, tools related to Zena Forensics (http://blog.digital-forensics.it)

Indicator Extractor

Invoke-LiveResponse

List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

DDTTX Tabletop Trainings

Investigate malicious Windows logon by visualizing and analyzing Windows event log

Yara Based Detection Engine for web browsers

Collaborative forensic timeline analysis

The Red Rabbit project is just what a hacker needs for everyday automation. Red Rabbit unlike most frameworks out there does not automate other peoples tools like the aircrack suite or the wifite framework, it rather has its own code and is raw source with over 270+ options. This framework might just be your everyday key to your workflow

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

A repo that contains recursive directory listings (using PowerShell) of a vanilla (clean) install of every Windows OS version to compare and see what's been added with each update.

Parses Windows event logs files based on SANS Poster

Virustotal Data to Timesketch

Python API Client for Cortex

A Splunk app mapped to MITRE ATT&CK to guide your threat hunts

Trace ScriptBlock execution for powershell v2