581 Open source projects that are alternatives of or similar to Rpot

Extract and aggregate threat intelligence.

Lookup file hashes, domain names and IP addresses using various vendors to assist with triaging potential threats.

A curated list of awesome YARA rules, tools, and people.

YAFRA is a semi-automated framework for analyzing and representing reports about IT Security incidents.

VirusTotal Full api

Malice Yara Plugin

A collection of YARA rules we wish to share with the world, most probably referenced from http://blog.inquest.net.

DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.

The Hunting ELK

Citizen Lab Malware Reports

Your Everyday Threat Intelligence

Tools for hunting for threats.

🐺 Malware analysis platform

MISP (core software) - Open Source Threat Intelligence and Sharing Platform

Malware Sample Sources

A Binary Genetic Traits Lexer Framework

Owlyshield is an EDR framework designed to safeguard vulnerable applications from potential exploitation (C&C, exfiltration and impact))..

Android Application Identifier for Packers, Protectors, Obfuscators and Oddities - PEiD for Android

Threat Hunting with ELK Workshop (InfoSecWorld 2017)

Knowledge base workflow management for YARA rules and C2 artifacts (IP, DNS, SSL) (ALPHA STATE AT THE MOMENT)

Personal compilation of APT malware from whitepaper releases, documents and own research

A file system forensics analysis scanner and threat hunting tool. Scans file systems at the MFT and OS level and stores data in SQL, SQLite or CSV. Threats and data can be probed harnessing the power and syntax of SQL.

Python bindings for Yeti's API

Signature base for my scanner tools

🐺 Malware analysis platform

Defanged Indicator of Compromise (IOC) Extractor.

An open source framework for enterprise level automated analysis.

Sandboxed Execution Environment

Bringing you the best of the worst files on the Internet.

A tool to cluster similar executables (PEs, DEXs, and etc), extract common signature, and generate Yara patterns for malware detection.

Modular file scanning/analysis framework

yarGen is a generator for YARA rules

Investigation Planner for fast running analysis with predictable execution time. For example, static analysis.

Entry point for issues and wiki. Also contains some scripts and sources.

A Splunk app mapped to MITRE ATT&CK to guide your threat hunts

Operation Wocao - Indicators of Compromise

A scanner for taking basic fingerprints

An Active Defense and EDR software to empower Blue Teams

A curated list of awesome neuroscience libraries, software and any content related to the domain.

Utilities for Sysmon

Scripts for the Ghidra software reverse engineering suite.

A static analyzer for PE executables.

An extendable, tabbed, dockable UI widget plugin for BinaryNinja https://binary.ninja.

BeSafe is robust threat analyzer which help to protect your desktop environment and know what's happening around you

Builds malware analysis Windows VMs so that you don't have to.

Guidance for mitigation web shells. #nsacyber

搭建ELK日志分析平台。

Terraform provider to provision infrastructure with Linux's KVM using libvirt

Red Hat CodeReady Containers is a tool that manages a local OpenShift 4.x cluster optimized for testing and development purposes

Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK

Modern Hypervisor for the Cloud

Distributed Storage System for QEMU

A fast, hackable and simple x64 VT-x hypervisor for Windows and Linux. Builtin userspace sandbox and introspection engine.

FAME Automates Malware Evaluation

The educational Animus malware

DIE engine

A Linux Auditd rule set mapped to MITRE's Attack Framework

Allows OpenNebula to manage Linux Containers via LXD

SIEM-From-Scratch is a drop-in ELK based SIEM component for your Vagrant infosec lab

IoC's, PCRE's, YARA's etc