1130 Open source projects that are alternatives of or similar to Signature Base

Loki - Simple IOC and Incident Response Scanner

Extract and aggregate threat intelligence.

Defanged Indicator of Compromise (IOC) Extractor.

PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform

PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform

PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform

Yara Ruleset for scanning Linux servers for shells, spamming, phishing and other webserver baddies

#ThreatHunting #DFIR #Malware #Detection Mind Maps

YAFRA is a semi-automated framework for analyzing and representing reports about IT Security incidents.

Yara Based Detection Engine for web browsers

A curated list of awesome YARA rules, tools, and people.

🔍 Offline Analyzer for extracting features, artifacts and IoCs from Windows, Linux, Android, iPhone, Blackberry, macOS binaries, emails and more

Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation

Yara rules written by me, for free use.

Malware hashes for open source projects.

A toolkit for Security Researchers

Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scale

All-in-one bundle of MISP, TheHive and Cortex

A file system forensics analysis scanner and threat hunting tool. Scans file systems at the MFT and OS level and stores data in SQL, SQLite or CSV. Threats and data can be probed harnessing the power and syntax of SQL.

Capture passwords of login attempts on non-existent and disabled accounts.

recon-ng modules for Censys

Microsoft Sentinel SOC Operations

Detection in the form of Yara, Snort and ClamAV signatures.

A simple threat hunting tool based on osquery, Salt Open and Cymon API

Validates yara rules and tries to repair the broken ones.

incident response scripts

Collection of malware persistence and hunting information. Be a persistent persistence hunter!

Malware Sample Sources

Tracking APT IOCs

Leverage Sophos Central API

The Ultimate OSINT and Threat Hunting Framework

All the IOC's I have gathered which are used directly involved coronavirus / covid-19 / SARS-CoV-2 cyber attack campaigns

Threat Hunting queries for various attacks

A small wrapper class providing an unified interface to search for various memory signatures

Repositório criado com intuito de reunir informações, fontes(websites/portais) e tricks de OSINT dentro do contexto Brasil.

Threat research and reporting from IronNet's Threat Research Teams

Python 3 Wrapper for the BinaryEdge API https://www.binaryedge.io/

Factual-rules-generator is an open source project which aims to generate YARA rules about installed software from a machine.

Recon Hunt Queries

🐺 Malware analysis platform

Signatures and IoCs from public Volexity blog posts.

Incident Response - Fast suspicious file finder

StalkPhish - The Phishing kits stalker, harvesting phishing kits for investigations.

Explore Indicators of Compromise Automatically

Clusters and elements to attach to MISP events or attributes (like threat actors)

DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.

ioc2rpz is a place where threat intelligence meets DNS.

A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework

🐺 Malware analysis platform

MISP (core software) - Open Source Threat Intelligence and Sharing Platform

The GOSINT framework is a project used for collecting, processing, and exporting high quality indicators of compromise (IOCs).

Project is in active development and has been moved to the EthereumJS monorepo.

Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.

A collection of sources of indicators of compromise.

Kaspersky's GReAT KLara

BeSafe is robust threat analyzer which help to protect your desktop environment and know what's happening around you

Utilities for Sysmon

Submits multiple domains to VirusTotal API

Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.

A Splunk app mapped to MITRE ATT&CK to guide your threat hunts