202 Open source projects that are alternatives of or similar to Threathunting

Real-time Packet Observation Tool

A file system forensics analysis scanner and threat hunting tool. Scans file systems at the MFT and OS level and stores data in SQL, SQLite or CSV. Threats and data can be probed harnessing the power and syntax of SQL.

A curated list of awesome YARA rules, tools, and people.

Signature base for my scanner tools

A collection of YARA rules we wish to share with the world, most probably referenced from http://blog.inquest.net.

Extract and aggregate threat intelligence.

ThreatHunt is a PowerShell repository that allows you to train your threat hunting skills.

Android Application Identifier for Packers, Protectors, Obfuscators and Oddities - PEiD for Android

Indicators of Compromises (IOC) of our various investigations

A curated list of awesome threat detection and hunting resources

Detect potentially malicious PHP files

Please no pull requests for this repository. Thanks!

Balbuzard is a package of malware analysis tools in python to extract patterns of interest from suspicious files (IP addresses, domain names, known file headers, interesting strings, etc). It can also crack malware obfuscation such as XOR, ROL, etc by bruteforcing and checking for those patterns.

Dovehawk is a Zeek module that automatically imports MISP indicators and reports Sightings

Your Everyday Threat Intelligence

Splunk code (SPL) useful for serious threat hunters.

Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.

🔍 Mindmaps for threat hunting - work in progress.

BeSafe is robust threat analyzer which help to protect your desktop environment and know what's happening around you

🚌 The missing link to connect open-source threat intelligence tools.

A scanner for taking basic fingerprints

A repository of sysmon configuration modules

yarGen is a generator for YARA rules

An Active Defense and EDR software to empower Blue Teams

Parse YARA rules and operate over them more easily.

Yara Ruleset for scanning Linux servers for shells, spamming, phishing and other webserver baddies

A static analyzer for PE executables.

Bringing you the best of the worst files on the Internet.

BinaryAlert: Serverless, Real-time & Retroactive Malware Detection.

WALKOFF-enabled applications. #nsacyber

Various Yara signatures (possibly to be included in a release later).

This repository contains all public indicators identified by 401trg during the course of our investigations. It also includes relevant yara rules and ids signatures to detect these indicators.

CLI tool to analyze PE files

Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scale

PatrowlHears - Vulnerability Intelligence Center / Exploits

An extendable, tabbed, dockable UI widget plugin for BinaryNinja https://binary.ninja.

JSON DataSet for macOS mapped to MITRE ATT&CK Tactics.

Operation Wocao - Indicators of Compromise

Real-time HTTP Intrusion Detection

IoC's, PCRE's, YARA's etc

Oriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments.

Investigation Planner for fast running analysis with predictable execution time. For example, static analysis.

Windows Events Attack Samples

Utilities for Sysmon

A toolkit for Security Researchers

A Splunk app mapped to MITRE ATT&CK to guide your threat hunts

Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK

Scripts for the Ghidra software reverse engineering suite.

All-in-one bundle of MISP, TheHive and Cortex

Guidance for mitigation web shells. #nsacyber

Yara-Endpoint is a tool useful for incident response as well as anti-malware enpoint base on Yara signatures.

🔍 Offline Analyzer for extracting features, artifacts and IoCs from Windows, Linux, Android, iPhone, Blackberry, macOS binaries, emails and more

DIE engine

A Web Malware Scanner

A Linux Auditd rule set mapped to MITRE's Attack Framework

Kaspersky's GReAT KLara

Explore Indicators of Compromise Automatically

CIF v3 -- the fastest way to consume threat intelligence

Detection of phishing domains and domain squatting. Supports permutations such as homograph attack, typosquatting and bitsquatting.