202 Open source projects that are alternatives of or similar to Yara Rules

Tools for hunting for threats.

A file system forensics analysis scanner and threat hunting tool. Scans file systems at the MFT and OS level and stores data in SQL, SQLite or CSV. Threats and data can be probed harnessing the power and syntax of SQL.

A curated list of awesome YARA rules, tools, and people.

Signature base for my scanner tools

Real-time Packet Observation Tool

Extract and aggregate threat intelligence.

This repository contains all public indicators identified by 401trg during the course of our investigations. It also includes relevant yara rules and ids signatures to detect these indicators.

Oriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments.

Real-time HTTP Intrusion Detection

A repository of sysmon configuration modules

Open-source framework to detect outliers in Elasticsearch events

All-in-one bundle of MISP, TheHive and Cortex

Explore Indicators of Compromise Automatically

PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform

Dovehawk is a Zeek module that automatically imports MISP indicators and reports Sightings

PatrowlHears - Vulnerability Intelligence Center / Exploits

Find phishing kits which use your brand/organization's files and image.

Windows Events Attack Samples

Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scale

Yara-Endpoint is a tool useful for incident response as well as anti-malware enpoint base on Yara signatures.

YARA Rules I come across on the internet

Bringing you the best of the worst files on the Internet.

WALKOFF-enabled applications. #nsacyber

BinaryAlert: Serverless, Real-time & Retroactive Malware Detection.

Various Yara signatures (possibly to be included in a release later).

PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform

JSON DataSet for macOS mapped to MITRE ATT&CK Tactics.

CLI tool to analyze PE files

Django web interface for managing Yara rules

Build a fast, free, and effective Threat Hunting/Incident Response Console with Windows Event Forwarding and PowerBI

ThreatHunt is a PowerShell repository that allows you to train your threat hunting skills.

CIF v3 -- the fastest way to consume threat intelligence

🔍 Mindmaps for threat hunting - work in progress.

🔧 Automatically deploy customizable Active Directory labs in Azure

Detect potentially malicious PHP files

Detection of phishing domains and domain squatting. Supports permutations such as homograph attack, typosquatting and bitsquatting.

PCAP Samples for Different Post Exploitation Techniques

Android Application Identifier for Packers, Protectors, Obfuscators and Oddities - PEiD for Android

Yara Ruleset for scanning Linux servers for shells, spamming, phishing and other webserver baddies

🚌 The missing link to connect open-source threat intelligence tools.

A Web Malware Scanner

Citizen Lab Malware Reports

Trigram database written in C++, suited for malware indexing

Sophos-originated indicators-of-compromise from published reports

Balbuzard is a package of malware analysis tools in python to extract patterns of interest from suspicious files (IP addresses, domain names, known file headers, interesting strings, etc). It can also crack malware obfuscation such as XOR, ROL, etc by bruteforcing and checking for those patterns.

IOC from articles, tweets for archives

Splunk code (SPL) useful for serious threat hunters.

Your Everyday Threat Intelligence

Open Source EDR for Windows

A curated list of awesome threat detection and hunting resources

A toolkit for Security Researchers

An extendable, tabbed, dockable UI widget plugin for BinaryNinja https://binary.ninja.

Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.

Loki - Simple IOC and Incident Response Scanner

Indicators of Compromises (IOC) of our various investigations

Parse YARA rules and operate over them more easily.

Misc Threat Hunting Resources

Go bindings for YARA

APT & CyberCriminal Campaign Collection