Awesome Open Source
Awesome Open Source
Combined Topics
threat-hunting x
Advertising 📦 9
All Projects
Application Programming Interfaces 📦 120
Applications 📦 181
Artificial Intelligence 📦 72
Blockchain 📦 70
Build Tools 📦 111
Cloud Computing 📦 79
Code Quality 📦 28
Collaboration 📦 30
Command Line Interface 📦 48
Community 📦 81
Companies 📦 60
Compilers 📦 60
Computer Science 📦 74
Configuration Management 📦 39
Content Management 📦 167
Control Flow 📦 197
Data Formats 📦 77
Data Processing 📦 266
Data Storage 📦 132
Economics 📦 60
Frameworks 📦 198
Games 📦 122
Graphics 📦 103
Hardware 📦 148
Integrated Development Environments 📦 47
Learning Resources 📦 147
Legal 📦 28
Libraries 📦 119
Lists Of Projects 📦 21
Machine Learning 📦 336
Mapping 📦 61
Marketing 📦 15
Mathematics 📦 55
Media 📦 228
Messaging 📦 97
Networking 📦 304
Operating Systems 📦 84
Operations 📦 120
Package Managers 📦 52
Programming Languages 📦 229
Runtime Environments 📦 96
Science 📦 42
Security 📦 375
Social Media 📦 26
Software Architecture 📦 70
Software Development 📦 68
Software Performance 📦 57
Software Quality 📦 127
Text Editors 📦 45
Text Processing 📦 131
User Interface 📦 310
User Interface Components 📦 465
Version Control 📦 29
Virtualization 📦 68
Web Browsers 📦 38
Web Servers 📦 25
Web User Interface 📦 194

The Top 225 Threat Hunting Open Source Projects on Github

Categories > Security > Threat Hunting
Misp ⭐ 3,348
MISP (core software) - Open Source Threat Intelligence and Sharing Platform (formely known as Malware Information Sharing Platform)
Sysmon Config ⭐ 3,131
Sysmon configuration file template with default high-quality event tracing
Dnstwist ⭐ 2,910
Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation
Helk ⭐ 2,861
The Hunting ELK
Threathunter Playbook ⭐ 2,596
A Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.
Intelowl ⭐ 2,017
Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scale
Awesome Threat Detection ⭐ 1,628
A curated list of awesome threat detection and hunting resources
Awesome Yara ⭐ 1,625
A curated list of awesome YARA rules, tools, and people.
Malwoverview ⭐ 1,487
Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, ThreatCrowd, Valhalla, Malware Bazaar, ThreatFox, Triage and it is able to scan Android devices against VT and HA.
Sysmon Modular ⭐ 1,477
A repository of sysmon configuration modules
Evtx Attack Samples ⭐ 1,422
Windows Events Attack Samples
Teler ⭐ 1,412
Real-time HTTP Intrusion Detection
Signature Base ⭐ 1,406
Signature base for my scanner tools
Yeti ⭐ 1,131
Your Everyday Threat Intelligence
Beagle ⭐ 994
Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
Sysmontools ⭐ 986
Utilities for Sysmon
Bluespawn ⭐ 773
An Active Defense and EDR software to empower Blue Teams
Threathunting ⭐ 772
A Splunk app mapped to MITRE ATT&CK to guide your threat hunts
Threatpursuit Vm ⭐ 758
Threat Pursuit Virtual Machine (VM): A fully customizable, open-sourced Windows-based distribution focused on threat intelligence analysis and hunting designed for intel and malware analysts as well as threat hunters to get up and running quickly.
Sentinel Attack ⭐ 692
Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
Atomic Threat Coverage ⭐ 668
Actionable analytics designed to combat threats
Klara ⭐ 572
Kaspersky's GReAT KLara
Auditd Attack ⭐ 533
A Linux Auditd rule set mapped to MITRE's Attack Framework
Sysmon Config ⭐ 529
Advanced Sysmon configuration, Installer & Auto Updater with high-quality event tracing
Fatt ⭐ 493
FATT /fingerprintAllTheThings - a pyshark based script for extracting network metadata and fingerprints from pcap files and live network traffic
Threatingestor ⭐ 454
Extract and aggregate threat intelligence.
Mihari ⭐ 430
A framework for continuous OSINT based threat hunting
Watcher ⭐ 421
Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.
Patrowlmanager ⭐ 412
PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform
Fcl ⭐ 411
FCL (Fileless Command Lines) - Known command lines of fileless malicious executions
Osint Brazuca ⭐ 376
Repositório criado com intuito de reunir informações, fontes(websites/portais) e tricks de OSINT dentro do contexto Brasil.
Apt Hunter ⭐ 369
APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity
Yara Rules ⭐ 360
Repository of YARA rules made by McAfee Enterprise ATR Team
Chameleon ⭐ 349
🦎 19 Customizable honeypots for monitoring network traffic, bots activities and username\password credentials (DNS, HTTP Proxy, HTTP, HTTPS, SSH, POP3, IMAP, STMP, RDP, VNC, SMB, SOCKS5, Redis, TELNET, Postgres, MySQL, MSSQL, Elastic and ldap)
Misp Galaxy ⭐ 320
Clusters and elements to attach to MISP events or attributes (like threat actors)
Vast ⭐ 313
🔮 Visibility Across Space and Time – The network telemetry engine for data-driven security investigations.
Meerkat ⭐ 306
A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.
Whids ⭐ 302
Open Source EDR for Windows
Detectionlabelk ⭐ 299
DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.
Attackdatamap ⭐ 279
A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework
Stalkphish ⭐ 276
StalkPhish - The Phishing kits stalker, harvesting phishing kits for investigations.
Threathunting ⭐ 265
Tools for hunting for threats.
Threat Intel ⭐ 251
Archive of publicly available threat INTel reports (mostly APT Reports but not limited to).
Osweep ⭐ 237
Don't Just Search OSINT. Sweep It.
Threatpinchlookup ⭐ 236
Documentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension
Werdlists ⭐ 229
⌨️ Wordlists, Dictionaries and Other Data Sets for Writing Software Security Test Cases
Threathunting Book ⭐ 226
Threat hunting Web Windows AD linux ATT&CK TTPs
Yara Rules ⭐ 224
A collection of YARA rules we wish to share with the world, most probably referenced from http://blog.inquest.net.
Threat Hunting ⭐ 196
Personal compilation of APT malware from whitepaper releases, documents and own research
Siem ⭐ 183
SIEM Tactics, Techiques, and Procedures
Ee Outliers ⭐ 178
Open-source framework to detect outliers in Elasticsearch events
Threatbus ⭐ 177
🚌 Threat Bus – A threat intelligence dissemination layer for open-source security tools.
Patrowlengines ⭐ 173
PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform
Slides ⭐ 171
Misc Threat Hunting Resources
Litmus_test ⭐ 168
Detecting ATT&CK techniques & tactics for Linux
Openuba ⭐ 168
A robust, and flexible open source User & Entity Behavior Analytics (UEBA) framework used for Security Analytics. Developed with luv by Data Scientists & Security Analysts from the Cyber Security Industry. [PRE-ALPHA]
Opensquat ⭐ 164
Detection of phishing domains and domain squatting. Supports permutations such as homograph attack, typosquatting and bitsquatting.
Weffles ⭐ 161
Build a fast, free, and effective Threat Hunting/Incident Response Console with Windows Event Forwarding and PowerBI
Phishingkithunter ⭐ 157
Find phishing kits which use your brand/organization's files and image.
Threathunting Spl ⭐ 154
Splunk code (SPL) for serious threat hunters and detection engineers.
Bearded Avenger ⭐ 152
CIF v3 -- the fastest way to consume threat intelligence
Mthc ⭐ 140
All-in-one bundle of MISP, TheHive and Cortex
Oriana ⭐ 136
Oriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments.
Pcap Attack ⭐ 132
PCAP Samples for Different Post Exploitation Techniques
Adaz ⭐ 124
🔧 Automatically deploy customizable Active Directory labs in Azure
Analyzer ⭐ 117
🧬 Offline Analyzer for extracting features, artifacts and IoCs from malware (Windows, Linux, Android, iPhone, Blackberry, macOS binaries, emails and more)
Analyst Arsenal ⭐ 114
A toolkit for Security Researchers
Patrowlhears ⭐ 107
PatrowlHears - Vulnerability Intelligence Center / Exploits
Dovehawk ⭐ 107
Dovehawk is a Zeek module that automatically imports MISP indicators and reports Sightings
Macos Attack Dataset ⭐ 103
JSON DataSet for macOS mapped to MITRE ATT&CK Tactics.
Yara Rules ⭐ 102
Collection of private Yara rules.
Patrowldocs ⭐ 98
PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform
Detections ⭐ 98
This repository contains all public indicators identified by 401trg during the course of our investigations. It also includes relevant yara rules and ids signatures to detect these indicators.
Posint ⭐ 95
Gather Open-Source Intelligence using PowerShell.
Scrummage ⭐ 90
The Ultimate OSINT and Threat Hunting Framework
Gene ⭐ 88
Signature Engine for Windows Event Logs
Malware Feed ⭐ 82
Bringing you the best of the worst files on the Internet.
Threathunt ⭐ 70
ThreatHunt is a PowerShell repository that allows you to train your threat hunting skills.
Blue Teaming With Kql ⭐ 68
Repository with Sample KQL Query examples for Threat Hunting
Ioc Explorer ⭐ 66
Explore Indicators of Compromise Automatically
Malware Persistence ⭐ 66
Collection of malware persistence and hunting information. Be a persistent persistence hunter!
Ioc Finder ⭐ 63
Simple, effective, and modular package for parsing observables (indicators of compromise (IOCs), network data, and other, security related information) from text. It uses grammars rather than regexes which makes it more readable, maintainable, and hackable. Explore our interactive documentation here: https://hightower.space/ioc-finder/
Yarahunts ⭐ 61
Random hunting ordiented yara rules
Sqhunter ⭐ 60
A simple threat hunting tool based on osquery, Salt Open and Cymon API
Hunting Rules ⭐ 59
Suricata rules for network anomaly detection
Hunting Mindmaps ⭐ 54
🔍 Mindmaps for threat hunting - work in progress.
Mail_to_misp ⭐ 53
Connect your mail client/infrastructure to MISP in order to create events based on the information contained within mails.
Rhq ⭐ 53
Recon Hunt Queries
S2an ⭐ 51
S2AN - Mapper of Sigma Rules ➡️ MITRE ATT&CK
Powergrr ⭐ 47
PowerGRR is an API client library in PowerShell working on Windows, Linux and macOS for GRR automation and scripting.
Judge Jury And Executable ⭐ 45
A file system forensics analysis scanner and threat hunting tool. Scans file systems at the MFT and OS level and stores data in SQL, SQLite or CSV. Threats and data can be probed harnessing the power and syntax of SQL.
Evtx To Mitre Attack ⭐ 42
Set of EVTX samples (>170) mapped to MITRE [email protected] tactic and techniques to measure your SIEM coverage or developed new use cases.
Elk Hunting ⭐ 39
Threat Hunting with ELK Workshop (InfoSecWorld 2017)
Murmurhash ⭐ 38
This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.
Rpot ⭐ 37
Real-time Packet Observation Tool
Rajappan ⭐ 35
An All in one Project for Digital Privacy. A step towards a PRIVATE FUTURE
Intel Notes ⭐ 34
Actively maintained first-aid box for investigators, pentesters, journalists, red team and many more peep from various fields.
Sshapendoes ⭐ 31
Capture passwords of login attempts on non-existent and disabled accounts.
Cif V5 ⭐ 29
The FASTEST way to consume threat intel.
Hassh Utils ⭐ 29
hassh-utils: Nmap NSE Script and Docker image for HASSH - the SSH client/server fingerprinting method (https://github.com/salesforce/hassh)
1-100 of 225 projects

Related Projects

Python Threat Hunting Projects (84)
Cybersecurity Threat Hunting Projects (40)
Threat Hunting Threatintel Projects (40)
Security Threat Hunting Projects (33)
Threat Hunting Incident Response Projects (32)
Dfir Threat Hunting Projects (31)
Malware Analysis Threat Hunting Projects (22)
Python Threat Hunting Threatintel Projects (20)
Ioc Threat Hunting Projects (18)
Threat Hunting Sysmon Projects (17)
Osint Threat Hunting Projects (17)
Malware Threat Hunting Projects (17)
Threat Hunting Mitre Attack Projects (17)
Infosec Threat Hunting Projects (17)
Yara Threat Hunting Projects (16)
Security Tools Threat Hunting Projects (16)
Python Threat Hunting Incident Response Projects (16)
Threat Hunting Siem Projects (16)
Threat Hunting Analysis Projects (4)
Advertising 📦 9
All Projects
Application Programming Interfaces 📦 120
Applications 📦 181
Artificial Intelligence 📦 72
Blockchain 📦 70
Build Tools 📦 111
Cloud Computing 📦 79
Code Quality 📦 28
Collaboration 📦 30
Command Line Interface 📦 48
Community 📦 81
Companies 📦 60
Compilers 📦 60
Computer Science 📦 74
Configuration Management 📦 39
Content Management 📦 167
Control Flow 📦 197
Data Formats 📦 77
Data Processing 📦 266
Data Storage 📦 132
Economics 📦 60
Frameworks 📦 198
Games 📦 122
Graphics 📦 103
Hardware 📦 148
Integrated Development Environments 📦 47
Learning Resources 📦 147
Legal 📦 28
Libraries 📦 119
Lists Of Projects 📦 21
Machine Learning 📦 336
Mapping 📦 61
Marketing 📦 15
Mathematics 📦 55
Media 📦 228
Messaging 📦 97
Networking 📦 304
Operating Systems 📦 84
Operations 📦 120
Package Managers 📦 52
Programming Languages 📦 229
Runtime Environments 📦 96
Science 📦 42
Security 📦 375
Social Media 📦 26
Software Architecture 📦 70
Software Development 📦 68
Software Performance 📦 57
Software Quality 📦 127
Text Editors 📦 45
Text Processing 📦 131
User Interface 📦 310
User Interface Components 📦 465
Version Control 📦 29
Virtualization 📦 68
Web Browsers 📦 38
Web Servers 📦 25
Web User Interface 📦 194
"GitHub" is a registered trademark of GitHub, Inc. Awesome Open Source is not affiliated with GitHub.

All non readme contents or Github based topics or project metadata copyright Awesome Open Source 2018-2021