124 Open source projects that are alternatives of or similar to Operation Wocao

This project is a SIEM with SIRP and Threat Intel, all in one.

Hamburglar -- collect useful information from urls, directories, and files

YARA package for Sublime Text

An ICAP Server with yara scanner for URL and content.

Mapping NSM rules to MITRE ATT&CK

An open source framework for enterprise level automated analysis.

Convert pcap files into richly-typed ZNG summary logs (Zeek, Suricata, and more)

Modular file scanning/analysis framework

🐺 Malware analysis platform

Yara rule making tool (IDA Pro & Binary Ninja & Cutter Plugin)

Yara scan Phishing Kit's Zip archive(s)

A tool to cluster similar executables (PEs, DEXs, and etc), extract common signature, and generate Yara patterns for malware detection.

Real-time, container-based file scanning at enterprise scale

A Suricata Docker image.

DIE engine

Simple yara rule manager

QNSM is network security monitoring framework based on DPDK.

Factual-rules-generator is an open source project which aims to generate YARA rules about installed software from a machine.

Scripts for the Ghidra software reverse engineering suite.

collector for XDR and security posture service

Web Based Event Viewer (GUI) for Suricata EVE Events in Elastic Search

An extremely crude, lightweight Web Frontend for Suricata/Bro to be used with BriarIDS

PEframe is a open source tool to perform static analysis on Portable Executable malware and malicious MS Office documents.

YARA malware query accelerator (web frontend)

C# wrapper around the Yara pattern matching library

Detection in the form of Yara, Snort and ClamAV signatures.

YaraSploit is a collection of Yara rules generated from Metasploit framework shellcodes.

Suricata IDS rules 用来检测红队渗透/恶意行为等，支持检测CobaltStrike/MSF/Empire/DNS隧道/Weevely/菜刀/冰蝎/挖矿/反弹shell/ICMP隧道等

Yara rules written by me, for free use.

Guidance for mitigation web shells. #nsacyber

Analysis of file (doc, pdf, exe, ...) in deep (emmbedded file(s)) with clamscan and yara rules

The Python interface for YARA

gonids is a library to parse IDS rules, with a focus primarily on Suricata rule compatibility. There is a discussion forum available that you can join on Google Groups: https://groups.google.com/forum/#!topic/gonids/

yarGen is a generator for YARA rules

Generate YARA rules for OOXML documents.

Pulled Pork for Snort and Suricata rule management (from Google code)

Knowledge base workflow management for YARA rules and C2 artifacts (IP, DNS, SSL) (ALPHA STATE AT THE MOMENT)

Repository of Yara rules dedicated to Phishing Kits Zip files

16,432 Free Yara rules created by

An Ubuntu 16.04 build containing Suricata, PulledPork, Bro, and Splunk

Please no pull requests for this repository. Thanks!

Funnel is a lightweight yara-based feed scraper

Defanged Indicator of Compromise (IOC) Extractor.

Rust bindings for VirusTotal/Yara

The pattern matching swiss knife

Exploits for YARA 3.7.1 & 3.8.1

Repository of YARA rules made by McAfee ATR Team

RDP honeypot

A Suricata based IDS/IPS distro

Validates yara rules and tries to repair the broken ones.

ReversingLabs YARA Rules

S2AN - Mapper of Sigma/Suricata Rules/Signatures ➡️ MITRE ATT&CK Navigator

Extract and aggregate threat intelligence.

Yara powered NIDS with high speed packet capture powered by PF_RING

Yara Based Detection Engine for web browsers

IoC's, PCRE's, YARA's etc

Investigation Planner for fast running analysis with predictable execution time. For example, static analysis.

A static analyzer for PE executables.

Scirius is a web application for Suricata ruleset management.