249 Open source projects that are alternatives of or similar to Threathunting

Repository for different Windows DFIR related CMDs, PowerShell CMDlets, etc, plus workshops that I did for different conferences or events.

Scripts and a (future) library to improve users' interactions with the ATT&CK content

A sort of a toolkit to decrypt Dropbox Windows DBX files

A tool for forensic file system reconstruction.

A list of cyber-chef recipes and curated links

🚨 The artifactcollector is a customizable agent to collect forensic artifacts on any Windows, macOS or Linux system

Security Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management

Shuffle: A general purpose security automation platform platform. We focus on accessibility for all.

MITRE Shield website

CyCAT.org API back-end server including crawlers

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

Threat Hunting queries for various attacks

List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

Dumps all of the Key/Value pairs from a LevelDB database

Virustotal Data to Timesketch

ATT&CK Evaluations website (DEPRECATED)

Threat Detection & Anomaly Detection rules for popular open-source components

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.

Edited version of Lee Christensen's Get-NetworkConnection which includes timestamp for each network connection

Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation

Web browser forensics for Google Chrome/Chromium

System Management RAM analysis tool

Trace ScriptBlock execution for powershell v2

WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅（ウェラ）

PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform

The Ultimate OSINT and Threat Hunting Framework

Yara Based Detection Engine for web browsers

Educational, CTF-styled labs for individuals interested in Memory Forensics

macOS Artifact Parsing Tool

Lightweight File Integrity Monitoring Tool

Docker configurations for TheHive, Cortex and 3rd party tools

hassh-utils: Nmap NSE Script and Docker image for HASSH - the SSH client/server fingerprinting method (https://github.com/salesforce/hassh)

Yara rules written by me, for free use.

Documentation of TheHive

Parses Windows event logs files based on SANS Poster

Repository with Sample KQL Query examples for Threat Hunting

PowerShell module for Office 365 and Azure log collection

Diffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.

Provides various Windows Server Active Directory (AD) security-focused reports.

Mapping NSM rules to MITRE ATT&CK

Python 3 Script to parse out iTunes backups

UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.

Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.

Python 3 Wrapper for the BinaryEdge API https://www.binaryedge.io/

A simple threat hunting tool based on osquery, Salt Open and Cymon API

Random hunting ordiented yara rules

This repository contains all the config files and scripts used for our Open Source Endpoint monitoring project.

CDIR (Cyber Defense Institute Incident Response) Collector - live collection tool based on oss tool/library

ETWNetMonv3 is simple C# code for Monitoring TCP Network Connection via ETW & ETWProcessMon/2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detection by VirtualMemAlloc Events (in-memory) etc.

Cortex: a Powerful Observable Analysis and Active Response Engine

FATT /fingerprintAllTheThings - a pyshark based script for extracting network metadata and fingerprints from pcap files and live network traffic

A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.

enpoint detection / live analysis & sandbox host / signatures quality test

Analyst Unknown Cyber Range - a micro web service framework

Pushes Sysmon Configs

My personal experience in Threat Hunting and knowledge gained so far.

A Splunk Technology Add-on to forward filtered ETW events.

MISP (core software) - Open Source Threat Intelligence and Sharing Platform

Bash script to Check for malicious Cryptomining

PowerGRR is an API client library in PowerShell working on Windows, Linux and macOS for GRR automation and scripting.