1242 Open source projects that are alternatives of or similar to Scripting

#ThreatHunting #DFIR #Malware #Detection Mind Maps

CDIR (Cyber Defense Institute Incident Response) Collector - live collection tool based on oss tool/library

Cortex Analyzers Repository

Docker configurations for TheHive, Cortex and 3rd party tools

Imago is a python tool that extract digital evidences from images.

🔮 Visibility Across Space and Time

This toolkit aims to help forensicators perform different kinds of acquisitions on iOS devices

Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.

Incident Response - Fast suspicious file finder

Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.

Python API Client for TheHive

Oriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments.

A knowledge base of actionable Incident Response techniques

Python script to decode common encoded PowerShell scripts

A binary visualization tool to aid with reverse engineering and malware detection similar to Cantor.Dust

RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.

Carve file metadata from NTFS index ($I30) attributes

Automate the creation of a lab environment complete with security tooling and logging best practices

Modern C++ CS:GO base

Authentication bypass for outdated WoW emulation authentication servers

Digital Forensics Investigation Platform

Bash script to Check for malicious Cryptomining

A repository for using osquery for incident detection and response

Hypervisor Memory Introspection Core Library

Cortex: a Powerful Observable Analysis and Active Response Engine

All-in-one bundle of MISP, TheHive and Cortex

Invoke-LiveResponse

TheHive: a Scalable, Open Source and Free Security Incident Response Platform

A port of Kaitai to the Hiew hex editor

Forensics artefact collection tool for systems running Microsoft Windows

A portable OSINT Swiss Army Knife for DFIR/OSINT professionals 🕵️ 🕵️ 🕵️

DFIRTrack - The Incident Response Tracking Application

ThreatHunt is a PowerShell repository that allows you to train your threat hunting skills.

A simple many-rules to many-files YARA scanner for incident response or malware zoos.

Live system forensic collector

ThePhish: an automated phishing email analysis tool

The CyberCX Digger project is designed to help Australian organisations determine if they have been impacted by certain high profile cyber security incidents. Digger provides threat hunting functionality packaged in a simple-to-use tool, allowing users to detect certain attacker activities; all for free.

I created a dll injector I am going to Open source its Code. But remember one thing that is any one can use it only for Educational purpose .I again say do not use it to damage anyone's Computer.But one thing if you are using it for some good purpose like to help someone who really need help then I permit you to use it.

Python API Client for Cortex

UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.

Yara Ruleset for scanning Linux servers for shells, spamming, phishing and other webserver baddies

Catalyst is an open source SOAR system that helps to automate alert handling and incident response processes

MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR

incident response scripts

A memory editor for iOS/macOS with JavaScript support

Documentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension

Recon Hunt Queries

Documentation of TheHive

Parses Windows event logs files based on SANS Poster

A curated list of tools for incident response

FCL (Fileless Command Lines) - Known command lines of fileless malicious executions

A list of cyber-chef recipes and curated links

Ladon Pentest Scanner framework 全平台LadonGo开源内网渗透扫描器框架，使用它可轻松一键批量探测C段、B段、A段存活主机、高危漏洞检测MS17010、SmbGhost，远程执行SSH/Winrm，密码爆破SMB/SSH/FTP/Mysql/Mssql/Oracle/Winrm/HttpBasic/Redis，端口扫描服务识别PortScan指纹识别/HttpBanner/HttpTitle/TcpBanner/Weblogic/Oxid多网卡主机，端口扫描服务识别PortScan。

DrSemu - Sandboxed Malware Detection and Classification Tool Based on Dynamic Behavior

Trace ScriptBlock execution for powershell v2

Read and write process memory in Node.js (Windows API functions exposed via Node bindings)

List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

An Incident Response tool that visualizes historic process execution evidence (based on Event ID 4688 - Process Creation Event) in a tree view.

C++ GUI for TegraRcmSmash (Fusée Gelée exploit for Nintendo Switch)