1130 Open source projects that are alternatives of or similar to Signature Base

Python 3 Wrapper for the BinaryEdge API https://www.binaryedge.io/

Exporting MISP event attributes to yara rules usable with Thor apt scanner

The Ultimate OSINT and Threat Hunting Framework

Repositório criado com intuito de reunir informações, fontes(websites/portais) e tricks de OSINT dentro do contexto Brasil.

Recon Hunt Queries

Clusters and elements to attach to MISP events or attributes (like threat actors)

Capture passwords of login attempts on non-existent and disabled accounts.

A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework

DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.

🐺 Malware analysis platform

Dovehawk is a Zeek module that automatically imports MISP indicators and reports Sightings

recon-ng modules for Censys

Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.

The GOSINT framework is a project used for collecting, processing, and exporting high quality indicators of compromise (IOCs).

Utilities for Sysmon

Find phishing kits which use your brand/organization's files and image.

Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.

Tools for hunting for threats.

Archive of publicly available threat INTel reports (mostly APT Reports but not limited to).

Windows Events Attack Samples

Detection of phishing domains and domain squatting. Supports permutations such as homograph attack, typosquatting and bitsquatting.

Submits multiple domains to VirusTotal API

Warning lists to inform users of MISP about potential false-positives or other information in indicators

A Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.

Oriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments.

Search a filesystem for indicators of compromise (IoC).

Kaspersky's GReAT KLara

Project is in active development and has been moved to the EthereumJS monorepo.

DIE engine

Signatures and IoCs from public Volexity blog posts.

Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs

Malware Sample Sources

Your Everyday Threat Intelligence

🐺 Malware analysis platform

A collection of sources of indicators of compromise.

A Splunk app mapped to MITRE ATT&CK to guide your threat hunts

Bringing you the best of the worst files on the Internet.

An Incident Response tool that visualizes historic process execution evidence (based on Event ID 4688 - Process Creation Event) in a tree view.

BinaryAlert: Serverless, Real-time & Retroactive Malware Detection.

Imports Alienvault OTX pulses to a MISP instance

Opensource Visual Studio extension for compiler instrinsics in C/C++

Single-file minimal C# IoC container

A extremely fast ioc container for high performance applications

golang的扫描框架, 支持协程池和自动调节协程个数.

wyhash fast portable non-cryptographic hashing algorithm and random number generator in Rust

A fast, memory efficient hash map for C++

Scan documents to PDF and other file types, as simply as possible.

Yara-Endpoint is a tool useful for incident response as well as anti-malware enpoint base on Yara signatures.

Smart OSINT collection of common IOC types

🌐 Automatically enumerate and fingerprint SD-WAN nodes on the internet

Melody is a transparent internet sensor built for threat intelligence. Supports custom tagging rules and vulnerable application simulation.

A shell script that automates the process of signing Git sources via GPG

DNS Sub-domain brute forcer, in Python + gevent

Android Application Identifier for Packers, Protectors, Obfuscators and Oddities - PEiD for Android

Balbuzard is a package of malware analysis tools in python to extract patterns of interest from suspicious files (IP addresses, domain names, known file headers, interesting strings, etc). It can also crack malware obfuscation such as XOR, ROL, etc by bruteforcing and checking for those patterns.

Python library to access and use image scanners (Linux/Windows/etc) (Sane/WIA) -- Moved to Gnome's Gitlab

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

Various Yara signatures (possibly to be included in a release later).