126 Open source projects that are alternatives of or similar to Cacador

A tool for forensic file system reconstruction.

A repo that contains recursive directory listings (using PowerShell) of a vanilla (clean) install of every Windows OS version to compare and see what's been added with each update.

Educational, CTF-styled labs for individuals interested in Memory Forensics

Documentation of TheHive

A sort of a toolkit to decrypt Dropbox Windows DBX files

CIRCL system forensic tools or a jumble of tools to support forensic

A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework

Event Trace Log file parser in pure Python

Bash script to Check for malicious Cryptomining

Web browser forensics for Google Chrome/Chromium

Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other.

incident response scripts

Malcom - Malware Communications Analyzer

A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.

Signature base for my scanner tools

DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.

Python API Client for Cortex

Documentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension

ThreatHunt is a PowerShell repository that allows you to train your threat hunting skills.

Recon Hunt Queries

Cortex: a Powerful Observable Analysis and Active Response Engine

Factual-rules-generator is an open source project which aims to generate YARA rules about installed software from a machine.

Automagically extract forensic timeline from volatile memory dump

Incident Response - Fast suspicious file finder

Automation and Scaling of Digital Forensics Tools

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.

🚨 The artifactcollector is a customizable agent to collect forensic artifacts on any Windows, macOS or Linux system

An Incident Response tool that visualizes historic process execution evidence (based on Event ID 4688 - Process Creation Event) in a tree view.

swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics. It automates swap extraction and searches for Linux user credentials, web forms credentials, web forms emails, http basic authentication, Wifi SSID and keys, etc.

A repository of sysmon configuration modules

macOS Artifact Parsing Tool

Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.

Defanged Indicator of Compromise (IOC) Extractor.

A curated list of awesome forensic analysis tools and resources

Security Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management

📇 Digital Forensics Artifact Repository (forensicanalysis edition)

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

Yara Ruleset for scanning Linux servers for shells, spamming, phishing and other webserver baddies

Digital Forensics Investigation Platform

A Splunk app mapped to MITRE ATT&CK to guide your threat hunts

Yara Based Detection Engine for web browsers

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

Yara rules written by me, for free use.

List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

This repository contains all the config files and scripts used for our Open Source Endpoint monitoring project.

Smart OSINT collection of common IOC types

Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service - https://circl.lu/services/hashlookup/

A list of cyber-chef recipes and curated links

Repository for different Windows DFIR related CMDs, PowerShell CMDlets, etc, plus workshops that I did for different conferences or events.

VirusTotal Wanna Be - Now with 100% more Hipster

Truehunter

Diffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.

Incident Response Scripts

PS / Bash / Python / Other scripts For FUN!

Extract and aggregate threat intelligence.

Invoke-LiveResponse

A port of Kaitai to the Hiew hex editor

Windows Events Attack Samples

Your Everyday Threat Intelligence

A curated list of tools for incident response