142 Open source projects that are alternatives of or similar to best-practices-in-threat-intelligence

MISP (core software) - Open Source Threat Intelligence and Sharing Platform

A curses-style interface for automatic takedown notification based on MISP events.

Defund the Police.

Tracking APT IOCs

Collection of best practices to add OSINT into MISP and/or MISP communities

A (nearly) production ready Dockered MISP

Connect your mail client/infrastructure to MISP in order to create events based on the information contained within mails.

YAFRA is a semi-automated framework for analyzing and representing reports about IT Security incidents.

intelligence-icons is a collection of icons and diagrams for building training and marketing materials around Intelligence sharing; including but not limited to CTI, MISP Threat Sharing, STIX 2.

Cowrie SSH/Telnet Honeypot https://cowrie.readthedocs.io

Definition, description and relationship types of MISP objects

SyntheticSun is a defense-in-depth security automation and monitoring framework which utilizes threat intelligence, machine learning, managed AWS security services and, serverless technologies to continuously prevent, detect and respond to threats.

Python bindings for Yeti's API

the fastest way to consume threat intelligence.

Utilities for Sysmon

Aggregated Indicators of Compromise collected and cross-verified from multiple open and community-supported sources, enriched and ranked using our intelligence platform for you. Threat Intelligence, Threat feed, Open source feed.

A simple threat hunting tool based on osquery, Salt Open and Cymon API

Fang and defang indicators of compromise. You can test this project in a GUI here: http://ioc-fanger.hightower.space .

Threat research and reporting from IronNet's Threat Research Teams

This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.

StalkPhish - The Phishing kits stalker, harvesting phishing kits for investigations.

CyCAT.org API back-end server including crawlers

Standard-Format Threat Intelligence Feeds

With the hope that someone finds the data useful, we periodically publish an archive of almost all of the non-sensitive vulnerability information in our vulnerability reports database. See also https://github.com/CERTCC/Vulnerability-Data-Archive-Tools

Bringing you the best of the worst files on the Internet.

Phishing catcher using Certstream

An extendable tool to extract and aggregate IoCs from threat feeds

PatrowlHears - Vulnerability Intelligence Center / Exploits

recon-ng modules for Censys

OpenCTI connectors

The Correlated CVE Vulnerability And Threat Intelligence Database API

CLI tool for open source and threat intelligence

MISP trainings, threat intel and information sharing training materials with source code

A dashboard for a real-time overview of threat intelligence from MISP instances

This repo contains logstash of various honeypots

ThePhish: an automated phishing email analysis tool

🚌 The missing link to connect open-source threat intelligence tools.

Python 3 Wrapper for the BinaryEdge API https://www.binaryedge.io/

Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scale

Extract and aggregate threat intelligence.

Defanged Indicator of Compromise (IOC) Extractor.

Imports Alienvault OTX pulses to a MISP instance

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

internet monitoring osint telegram bot for windows

Domain name permutation engine written in Go

Repositório criado com intuito de reunir informações, fontes(websites/portais) e tricks de OSINT dentro do contexto Brasil.

All the IOC's I have gathered which are used directly involved coronavirus / covid-19 / SARS-CoV-2 cyber attack campaigns

Collection of malware persistence and hunting information. Be a persistent persistence hunter!

Virustotal Data to Timesketch

Malware Sample Sources

This script will automatically set up an OSINT workstation starting from a Ubuntu OS.

Deploy MISP Project software with Vagrant.

Application for keeping feeds from FireHOL https://github.com/firehol/blocklist-ipsets with IP addresses appearance history. HTTP-based API service is developed for search requests.

Signatures and IoCs from public Volexity blog posts.

A collaborative platform for creating, editing and sharing JSON objects.

This is a project of "#Twiti: Social Listening for Threat Intelligence" (TheWebConf 2021)

Build Automated Machine Images for MISP

Hashes of infamous malware

Exporting MISP event attributes to yara rules usable with Thor apt scanner

Awesome collection of great and useful resources concerning intelligence writing such as manuals/guides, standards, books, and articles