The Top 67 Threat Hunting Open Source Projects

Awesome Open Source

Awesome Open Source

Combined Topics

threat-hunting x

Advertising 📦 10

Application Programming Interfaces 📦 124

Applications 📦 192

Artificial Intelligence 📦 78

Blockchain 📦 73

Build Tools 📦 113

Cloud Computing 📦 80

Code Quality 📦 28

Collaboration 📦 32

Command Line Interface 📦 49

Community 📦 83

Companies 📦 60

Compilers 📦 63

Computer Science 📦 80

Configuration Management 📦 42

Content Management 📦 175

Control Flow 📦 213

Data Formats 📦 78

Data Processing 📦 276

Data Storage 📦 135

Economics 📦 64

Frameworks 📦 215

Graphics 📦 110

Hardware 📦 152

Integrated Development Environments 📦 49

Learning Resources 📦 166

Libraries 📦 129

Lists Of Projects 📦 22

Machine Learning 📦 347

Mapping 📦 64

Marketing 📦 15

Mathematics 📦 55

Messaging 📦 98

Networking 📦 315

Operating Systems 📦 89

Operations 📦 121

Package Managers 📦 55

Programming Languages 📦 245

Runtime Environments 📦 100

Science 📦 42

Security 📦 396

Social Media 📦 27

Software Architecture 📦 72

Software Development 📦 72

Software Performance 📦 58

Software Quality 📦 133

Text Editors 📦 49

Text Processing 📦 136

User Interface 📦 330

User Interface Components 📦 514

Version Control 📦 30

Virtualization 📦 71

Web Browsers 📦 42

Web Servers 📦 26

Web User Interface 📦 210

The Top 67 Threat Hunting Open Source Projects

Categories > Security > Threat Hunting

MISP (core software) - Open Source Threat Intelligence and Sharing Platform (formely known as Malware Information Sharing Platform)

Sysmon Config ⭐ 2,865

Sysmon configuration file template with default high-quality event tracing

The Hunting ELK

Dnstwist ⭐ 2,824

Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation

Threathunter Playbook ⭐ 2,564

A Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.

Intelowl ⭐ 1,812

Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scale

Awesome Threat Detection ⭐ 1,530

A curated list of awesome threat detection and hunting resources

Awesome Yara ⭐ 1,442

A curated list of awesome YARA rules, tools, and people.

Teler ⭐ 1,316

Real-time HTTP Intrusion Detection

Evtx Attack Samples ⭐ 1,289

Windows Events Attack Samples

Sysmon Modular ⭐ 1,268

A repository of sysmon configuration modules

Signature Base ⭐ 1,255

Signature base for my scanner tools

Your Everyday Threat Intelligence

Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.

Sysmontools ⭐ 914

Utilities for Sysmon

Bluespawn ⭐ 768

An Active Defense and EDR software to empower Blue Teams

Threathunting ⭐ 760

A Splunk app mapped to MITRE ATT&CK to guide your threat hunts

Sentinel Attack ⭐ 688

Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK

Auditd Attack ⭐ 644

A Linux Auditd rule set mapped to MITRE's Attack Framework

Kaspersky's GReAT KLara

FATT /fingerprintAllTheThings - a pyshark based script for extracting network metadata and fingerprints from pcap files and live network traffic

Threatingestor ⭐ 450

Extract and aggregate threat intelligence.

FCL (Fileless Command Lines) - Known command lines of fileless malicious executions

Patrowlmanager ⭐ 379

PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform

Watcher ⭐ 357

Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.

Apt Hunter ⭐ 346

APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity

A framework for continuous OSINT based threat hunting

Meerkat ⭐ 288

A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.

Detectionlabelk ⭐ 282

DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.

Misp Galaxy ⭐ 281

Clusters and elements to attach to MISP events or attributes (like threat actors)

Attackdatamap ⭐ 267

A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework

Stalkphish ⭐ 264

StalkPhish - The Phishing kits stalker, harvesting phishing kits for investigations.

Threatpinchlookup ⭐ 262

Documentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension

Threat Intel ⭐ 252

Archive of publicly available threat INTel reports (mostly APT Reports but not limited to).

Don't Just Search OSINT. Sweep It.

Threat Hunting ⭐ 222

Personal compilation of APT malware from whitepaper releases, documents and own research

Werdlists ⭐ 220

⌨️ Wordlists, Dictionaries and Other Data Sets for Writing Software Security Test Cases

Open Source EDR for Windows

Misc Threat Hunting Resources

Yara Rules ⭐ 210

A collection of YARA rules we wish to share with the world, most probably referenced from http://blog.inquest.net.

🔧 Automatically deploy customizable Active Directory labs in Azure

Pcap Attack ⭐ 190

PCAP Samples for Different Post Exploitation Techniques

Weffles ⭐ 178

Build a fast, free, and effective Threat Hunting/Incident Response Console with Windows Event Forwarding and PowerBI

Phishingkithunter ⭐ 178

Find phishing kits which use your brand/organization's files and image.

Ee Outliers ⭐ 174

Open-source framework to detect outliers in Elasticsearch events

SIEM Tactics, Techiques, and Procedures

Patrowlengines ⭐ 164

PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform

Threathunting ⭐ 158

Tools for hunting for threats.

Bearded Avenger ⭐ 153

CIF v3 -- the fastest way to consume threat intelligence

Oriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments.

Opensquat ⭐ 152

Detection of phishing domains and domain squatting. Supports permutations such as homograph attack, typosquatting and bitsquatting.

Threatbus ⭐ 145

🚌 The missing link to connect open-source threat intelligence tools.

All-in-one bundle of MISP, TheHive and Cortex

Threathunting Spl ⭐ 119

Splunk code (SPL) useful for serious threat hunters.

Macos Attack Dataset ⭐ 116

JSON DataSet for macOS mapped to MITRE ATT&CK Tactics.

Analyst Arsenal ⭐ 113

A toolkit for Security Researchers

Patrowldocs ⭐ 108

PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform

Dovehawk ⭐ 103

Dovehawk is a Zeek module that automatically imports MISP indicators and reports Sightings

Detections ⭐ 98

This repository contains all public indicators identified by 401trg during the course of our investigations. It also includes relevant yara rules and ids signatures to detect these indicators.

Threathunt ⭐ 93

ThreatHunt is a PowerShell repository that allows you to train your threat hunting skills.

Patrowlhears ⭐ 93

PatrowlHears - Vulnerability Intelligence Center / Exploits

Hunting Mindmaps ⭐ 88

🔍 Mindmaps for threat hunting - work in progress.

Malware Feed ⭐ 83

Bringing you the best of the worst files on the Internet.

Ioc Explorer ⭐ 75

Explore Indicators of Compromise Automatically

Real-time Packet Observation Tool

A scanner for taking basic fingerprints

BeSafe is robust threat analyzer which help to protect your desktop environment and know what's happening around you

1-67 of 67 projects

Advertising 📦 10

Application Programming Interfaces 📦 124

Applications 📦 192

Artificial Intelligence 📦 78

Blockchain 📦 73

Build Tools 📦 113

Cloud Computing 📦 80

Code Quality 📦 28

Collaboration 📦 32

Command Line Interface 📦 49

Community 📦 83

Companies 📦 60

Compilers 📦 63

Computer Science 📦 80

Configuration Management 📦 42

Content Management 📦 175

Control Flow 📦 213

Data Formats 📦 78

Data Processing 📦 276

Data Storage 📦 135

Economics 📦 64

Frameworks 📦 215

Graphics 📦 110

Hardware 📦 152

Integrated Development Environments 📦 49

Learning Resources 📦 166

Libraries 📦 129

Lists Of Projects 📦 22

Machine Learning 📦 347

Mapping 📦 64

Marketing 📦 15

Mathematics 📦 55

Messaging 📦 98

Networking 📦 315

Operating Systems 📦 89

Operations 📦 121

Package Managers 📦 55

Programming Languages 📦 245

Runtime Environments 📦 100

Science 📦 42

Security 📦 396

Social Media 📦 27

Software Architecture 📦 72

Software Development 📦 72

Software Performance 📦 58

Software Quality 📦 133

Text Editors 📦 49

Text Processing 📦 136

User Interface 📦 330

User Interface Components 📦 514

Version Control 📦 30

Virtualization 📦 71

Web Browsers 📦 42

Web Servers 📦 26

Web User Interface 📦 210