392 Open source projects that are alternatives of or similar to ir_scripts

Explore Indicators of Compromise Automatically

🔮 Visibility Across Space and Time

PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform

Docker configurations for TheHive, Cortex and 3rd party tools

Provides various Windows Server Active Directory (AD) security-focused reports.

A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework

Utilities for Sysmon

Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scale

This repository is created only for infosec professionals whom work day to day basis to equip ourself with uptodate skillset, We can daily contribute daily one hour for day to day tasks and work on problem statements daily, Please contribute by providing problem statements and solutions

Python API Client for TheHive

Python 3 Script to parse out iTunes backups

Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK

Minimalistic DNS logging tool

A Splunk app mapped to MITRE ATT&CK to guide your threat hunts

Test Blue Team detections without running any attack.

Truehunter

Misc Threat Hunting Resources

swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics. It automates swap extraction and searches for Linux user credentials, web forms credentials, web forms emails, http basic authentication, Wifi SSID and keys, etc.

macOS Artifact Parsing Tool

Diffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.

Imago is a python tool that extract digital evidences from images.

Collaborative forensic timeline analysis

Event Trace Log file parser in pure Python

Query and report user logons relations from MS Windows Security Events

Automagically extract forensic timeline from volatile memory dump

Build a fast, free, and effective Threat Hunting/Incident Response Console with Windows Event Forwarding and PowerBI

A portable OSINT Swiss Army Knife for DFIR/OSINT professionals 🕵️ 🕵️ 🕵️

Catalyst is an open source SOAR system that helps to automate alert handling and incident response processes

An Incident Response tool that visualizes historic process execution evidence (based on Event ID 4688 - Process Creation Event) in a tree view.

Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.

DFIRTrack - The Incident Response Tracking Application

Forensics artefact collection tool for systems running Microsoft Windows

Dumps all of the Key/Value pairs from a LevelDB database

System Management RAM analysis tool

A list of cyber-chef recipes and curated links

A curated list of tools for incident response

Python API Client for Cortex

APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity

PS / Bash / Python / Other scripts For FUN!

Cortex Analyzers Repository

evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.

The Sleuth Kit® (TSK) is a library and collection of command line digital forensics tools that allow you to investigate volume and file system data. The library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence.

A simple many-rules to many-files YARA scanner for incident response or malware zoos.

A file system forensics analysis scanner and threat hunting tool. Scans file systems at the MFT and OS level and stores data in SQL, SQLite or CSV. Threats and data can be probed harnessing the power and syntax of SQL.

A simple threat hunting tool based on osquery, Salt Open and Cymon API

Python tool and library to help analyze files during malware triage and analysis.

Random hunting ordiented yara rules

Python bindings for Yeti's API

ETWNetMonv3 is simple C# code for Monitoring TCP Network Connection via ETW & ETWProcessMon/2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detection by VirtualMemAlloc Events (in-memory) etc.

Analyst Unknown Cyber Range - a micro web service framework

No description or website provided.

Wazuh - Tools for packages creation

Sysmon Splunk App

Threat Detection & Anomaly Detection rules for popular open-source components

DDTTX Tabletop Trainings

A Splunk Technology Add-on to forward filtered ETW events.

Android process memory dump tool without ndk.

Pre-configured response & remediation playbooks for AWS Security Hub

Searches online paste sites for certain search terms which can indicate a possible data breach.

Simple Live Data Collection Tool