Awesome Open Source
Awesome Open Source
Combined Topics
threat-hunting
x
Advertising
📦 10
All Projects
Application Programming Interfaces
📦 124
Applications
📦 192
Artificial Intelligence
📦 78
Blockchain
📦 73
Build Tools
📦 113
Cloud Computing
📦 80
Code Quality
📦 28
Collaboration
📦 32
Command Line Interface
📦 49
Community
📦 83
Companies
📦 60
Compilers
📦 63
Computer Science
📦 80
Configuration Management
📦 42
Content Management
📦 175
Control Flow
📦 213
Data Formats
📦 78
Data Processing
📦 276
Data Storage
📦 135
Economics
📦 64
Frameworks
📦 215
Games
📦 129
Graphics
📦 110
Hardware
📦 152
Integrated Development Environments
📦 49
Learning Resources
📦 166
Legal
📦 29
Libraries
📦 129
Lists Of Projects
📦 22
Machine Learning
📦 347
Mapping
📦 64
Marketing
📦 15
Mathematics
📦 55
Media
📦 239
Messaging
📦 98
Networking
📦 315
Operating Systems
📦 89
Operations
📦 121
Package Managers
📦 55
Programming Languages
📦 245
Runtime Environments
📦 100
Science
📦 42
Security
📦 396
Social Media
📦 27
Software Architecture
📦 72
Software Development
📦 72
Software Performance
📦 58
Software Quality
📦 133
Text Editors
📦 49
Text Processing
📦 136
User Interface
📦 330
User Interface Components
📦 514
Version Control
📦 30
Virtualization
📦 71
Web Browsers
📦 42
Web Servers
📦 26
Web User Interface
📦 210
The Top 67 Threat Hunting Open Source Projects
Categories
>
Security
>
Threat Hunting
Misp
⭐
3,164
MISP (core software) - Open Source Threat Intelligence and Sharing Platform (formely known as Malware Information Sharing Platform)
Sysmon Config
⭐
2,865
Sysmon configuration file template with default high-quality event tracing
Helk
⭐
2,834
The Hunting ELK
Dnstwist
⭐
2,824
Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation
Threathunter Playbook
⭐
2,564
A Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.
Intelowl
⭐
1,812
Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scale
Awesome Threat Detection
⭐
1,530
A curated list of awesome threat detection and hunting resources
Awesome Yara
⭐
1,442
A curated list of awesome YARA rules, tools, and people.
Teler
⭐
1,316
Real-time HTTP Intrusion Detection
Evtx Attack Samples
⭐
1,289
Windows Events Attack Samples
Sysmon Modular
⭐
1,268
A repository of sysmon configuration modules
Signature Base
⭐
1,255
Signature base for my scanner tools
Yeti
⭐
1,067
Your Everyday Threat Intelligence
Beagle
⭐
986
Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
Sysmontools
⭐
914
Utilities for Sysmon
Bluespawn
⭐
768
An Active Defense and EDR software to empower Blue Teams
Threathunting
⭐
760
A Splunk app mapped to MITRE ATT&CK to guide your threat hunts
Sentinel Attack
⭐
688
Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
Auditd Attack
⭐
644
A Linux Auditd rule set mapped to MITRE's Attack Framework
Klara
⭐
570
Kaspersky's GReAT KLara
Fatt
⭐
493
FATT /fingerprintAllTheThings - a pyshark based script for extracting network metadata and fingerprints from pcap files and live network traffic
Threatingestor
⭐
450
Extract and aggregate threat intelligence.
Fcl
⭐
414
FCL (Fileless Command Lines) - Known command lines of fileless malicious executions
Patrowlmanager
⭐
379
PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform
Watcher
⭐
357
Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.
Apt Hunter
⭐
346
APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity
Mihari
⭐
302
A framework for continuous OSINT based threat hunting
Meerkat
⭐
288
A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.
Detectionlabelk
⭐
282
DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.
Misp Galaxy
⭐
281
Clusters and elements to attach to MISP events or attributes (like threat actors)
Attackdatamap
⭐
267
A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework
Stalkphish
⭐
264
StalkPhish - The Phishing kits stalker, harvesting phishing kits for investigations.
Threatpinchlookup
⭐
262
Documentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension
Threat Intel
⭐
252
Archive of publicly available threat INTel reports (mostly APT Reports but not limited to).
Osweep
⭐
226
Don't Just Search OSINT. Sweep It.
Threat Hunting
⭐
222
Personal compilation of APT malware from whitepaper releases, documents and own research
Werdlists
⭐
220
⌨️ Wordlists, Dictionaries and Other Data Sets for Writing Software Security Test Cases
Whids
⭐
218
Open Source EDR for Windows
Slides
⭐
218
Misc Threat Hunting Resources
Yara Rules
⭐
210
A collection of YARA rules we wish to share with the world, most probably referenced from http://blog.inquest.net.
Adaz
⭐
205
🔧 Automatically deploy customizable Active Directory labs in Azure
Pcap Attack
⭐
190
PCAP Samples for Different Post Exploitation Techniques
Weffles
⭐
178
Build a fast, free, and effective Threat Hunting/Incident Response Console with Windows Event Forwarding and PowerBI
Phishingkithunter
⭐
178
Find phishing kits which use your brand/organization's files and image.
Ee Outliers
⭐
174
Open-source framework to detect outliers in Elasticsearch events
Siem
⭐
165
SIEM Tactics, Techiques, and Procedures
Patrowlengines
⭐
164
PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform
Threathunting
⭐
158
Tools for hunting for threats.
Bearded Avenger
⭐
153
CIF v3 -- the fastest way to consume threat intelligence
Oriana
⭐
153
Oriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments.
Opensquat
⭐
152
Detection of phishing domains and domain squatting. Supports permutations such as homograph attack, typosquatting and bitsquatting.
Threatbus
⭐
145
🚌 The missing link to connect open-source threat intelligence tools.
Mthc
⭐
135
All-in-one bundle of MISP, TheHive and Cortex
Threathunting Spl
⭐
119
Splunk code (SPL) useful for serious threat hunters.
Macos Attack Dataset
⭐
116
JSON DataSet for macOS mapped to MITRE ATT&CK Tactics.
Analyst Arsenal
⭐
113
A toolkit for Security Researchers
Patrowldocs
⭐
108
PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform
Dovehawk
⭐
103
Dovehawk is a Zeek module that automatically imports MISP indicators and reports Sightings
Detections
⭐
98
This repository contains all public indicators identified by 401trg during the course of our investigations. It also includes relevant yara rules and ids signatures to detect these indicators.
Threathunt
⭐
93
ThreatHunt is a PowerShell repository that allows you to train your threat hunting skills.
Patrowlhears
⭐
93
PatrowlHears - Vulnerability Intelligence Center / Exploits
Hunting Mindmaps
⭐
88
🔍 Mindmaps for threat hunting - work in progress.
Malware Feed
⭐
83
Bringing you the best of the worst files on the Internet.
Ioc Explorer
⭐
75
Explore Indicators of Compromise Automatically
Rpot
⭐
38
Real-time Packet Observation Tool
Apullo
⭐
25
A scanner for taking basic fingerprints
Besafe
⭐
21
BeSafe is robust threat analyzer which help to protect your desktop environment and know what's happening around you
1-67 of 67 projects
Advertising
📦 10
All Projects
Application Programming Interfaces
📦 124
Applications
📦 192
Artificial Intelligence
📦 78
Blockchain
📦 73
Build Tools
📦 113
Cloud Computing
📦 80
Code Quality
📦 28
Collaboration
📦 32
Command Line Interface
📦 49
Community
📦 83
Companies
📦 60
Compilers
📦 63
Computer Science
📦 80
Configuration Management
📦 42
Content Management
📦 175
Control Flow
📦 213
Data Formats
📦 78
Data Processing
📦 276
Data Storage
📦 135
Economics
📦 64
Frameworks
📦 215
Games
📦 129
Graphics
📦 110
Hardware
📦 152
Integrated Development Environments
📦 49
Learning Resources
📦 166
Legal
📦 29
Libraries
📦 129
Lists Of Projects
📦 22
Machine Learning
📦 347
Mapping
📦 64
Marketing
📦 15
Mathematics
📦 55
Media
📦 239
Messaging
📦 98
Networking
📦 315
Operating Systems
📦 89
Operations
📦 121
Package Managers
📦 55
Programming Languages
📦 245
Runtime Environments
📦 100
Science
📦 42
Security
📦 396
Social Media
📦 27
Software Architecture
📦 72
Software Development
📦 72
Software Performance
📦 58
Software Quality
📦 133
Text Editors
📦 49
Text Processing
📦 136
User Interface
📦 330
User Interface Components
📦 514
Version Control
📦 30
Virtualization
📦 71
Web Browsers
📦 42
Web Servers
📦 26
Web User Interface
📦 210