126 Open source projects that are alternatives of or similar to IRScripts

A simple many-rules to many-files YARA scanner for incident response or malware zoos.

🔮 Visibility Across Space and Time

CDIR (Cyber Defense Institute Incident Response) Collector - live collection tool based on oss tool/library

Cyber Range including Velociraptor + HELK system with a Windows VM for security testing and R&D. Azure and AWS terraform support.

Python script to decode common encoded PowerShell scripts

Docker configurations for TheHive, Cortex and 3rd party tools

Timeline of Active Directory changes with replication metadata

WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅（ウェラ）

Test Blue Team detections without running any attack.

Minimalistic DNS logging tool

An Incident Response tool to extract console command history and screen output buffer

Imago is a python tool that extract digital evidences from images.

Trace ScriptBlock execution for powershell v2

Deploy and maintain Symon through the Splunk Deployment Sever

System Management RAM analysis tool

A repo for centralizing ongoing research on the new Windows 10/11 DFIR artifact, EventTranscript.db.

Python 3 Script to parse out iTunes backups

Cortex Analyzers Repository

Catalyst is an open source SOAR system that helps to automate alert handling and incident response processes

A knowledge base of actionable Incident Response techniques

A Splunk Technology Add-on to forward filtered ETW events.

Forensics artefact collection tool for systems running Microsoft Windows

Python based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)

Open Source EDR for Windows

SQLite queries

This toolkit aims to help forensicators perform different kinds of acquisitions on iOS devices

Zombie Ant Farm: Primitives and Offensive Tooling for Linux EDR evasion.

Parses Windows event logs files based on SANS Poster

RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.

Validates yara rules and tries to repair the broken ones.

Documentation for Zeek

PowerShell module for Office 365 and Azure log collection

This is a python tool aiming to make using TheHive webhooks easier.

A script to assist in processing forensic RAM captures for malware triage

Live system forensic collector

Provides various Windows Server Active Directory (AD) security-focused reports.

The CyberCX Digger project is designed to help Australian organisations determine if they have been impacted by certain high profile cyber security incidents. Digger provides threat hunting functionality packaged in a simple-to-use tool, allowing users to detect certain attacker activities; all for free.

Python tool and library to help analyze files during malware triage and analysis.

Automate the creation of a lab environment complete with security tooling and logging best practices

UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.

DFIRTrack - The Incident Response Tracking Application

🚨 The artifactcollector is a customizable agent to collect forensic artifacts on any Windows, macOS or Linux system

A Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.

Analyst Unknown Cyber Range - a micro web service framework

Query and report user logons relations from MS Windows Security Events

DDTTX Tabletop Trainings

Misc Threat Hunting Resources

#ThreatHunting #DFIR #Malware #Detection Mind Maps

A portable OSINT Swiss Army Knife for DFIR/OSINT professionals 🕵️ 🕵️ 🕵️

Dumps all of the Key/Value pairs from a LevelDB database

Everything related to Linux Forensics

Carve file metadata from NTFS index ($I30) attributes

Warning lists to inform users of MISP about potential false-positives or other information in indicators

MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR

You didn't think I'd go and leave the blue team out, right?

incident response scripts

A repo to centralize some of the regular expressions I've found useful over the course of my DFIR career.

Edited version of Lee Christensen's Get-NetworkConnection which includes timestamp for each network connection

Virustotal Data to Timesketch

Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.