Awesome Open Source
Search
Programming Languages
Languages
All Categories
Categories
About
Search results for python dfir
dfir
x
python
x
107 search results found
Intelowl
⭐
3,108
IntelOwl: manage your Threat Intelligence at scale
Loki
⭐
3,106
Loki - Simple IOC and YARA Scanner
Logontracer
⭐
2,619
Investigate malicious Windows logon by visualizing and analyzing Windows event log
Timesketch
⭐
2,435
Collaborative forensic timeline analysis
Yeti
⭐
1,568
Your Everyday Threat Intelligence
Cortex
⭐
1,237
Cortex: a Powerful Observable Analysis and Active Response Engine
Digital Forensics Guide
⭐
1,232
Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.
Beagle
⭐
1,171
Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
Chirp
⭐
977
A DFIR tool written in Python.
Malcom
⭐
957
Malcom - Malware Communications Analyzer
Hindsight
⭐
925
Web browser forensics for Google Chrome/Chromium
Hunting Queries Detection Rules
⭐
865
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
Dissect
⭐
797
Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats, developed by Fox-IT (part of NCC Group).
Cyberthreathunting
⭐
755
A collection of resources for Threat Hunters - Sponsored by Falcon Guard
Threatingestor
⭐
730
Extract and aggregate threat intelligence.
Turbinia
⭐
689
Automation and Scaling of Digital Forensics Tools
Mac_apt
⭐
675
macOS (& ios) Artifact Parsing Tool
Ileapp
⭐
586
iOS Logs, Events, And Plist Parser
Misp Warninglists
⭐
437
Warning lists to inform users of MISP about potential false-positives or other information in indicators
Cloud Forensics Utils
⭐
418
Python library to carry out DFIR analysis on the Cloud
Aleapp
⭐
405
Android Logs Events And Protobuf Parser
Cortex Analyzers
⭐
400
Cortex Analyzers Repository
Atc React
⭐
392
A knowledge base of actionable Incident Response techniques
Loobins
⭐
366
Living Off the Orchard: macOS Binaries (LOOBins) is designed to provide detailed information on various built-in "living off the land" macOS binaries and how they can be used by threat actors for malicious purposes.
Pockint
⭐
251
A portable OSINT Swiss Army Knife for DFIR/OSINT professionals 🕵️ 🕵️ 🕵️
Userline
⭐
217
Query and report user logons relations from MS Windows Security Events
Varc
⭐
210
Volatile Artifact Collector collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of particular use when investigating a security incident.
Thehive4py
⭐
201
Python API Client for TheHive
Pypowershellxray
⭐
184
Python script to decode common encoded PowerShell scripts
Emailanalyzer
⭐
183
With EmailAnalyzer you can analyze your suspicious emails. You can extract headers, links, and hashes from the .eml file and you can generate reports.
Regrippy
⭐
166
A modern Python-3-based alternative to RegRipper
Dfir_ntfs
⭐
166
An NTFS/FAT parser for digital forensics & incident response
Cve 2020 0796 Lpe Poc
⭐
155
CVE-2020-0796 Local Privilege Escalation POC
Imago Forensics
⭐
144
Imago is a python tool that extract digital evidences from images.
Cirtkit
⭐
140
Tools for the Computer Incident Response Team 💻
Oriana
⭐
136
Oriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments.
Autotimeliner
⭐
108
Automagically extract forensic timeline from volatile memory dump
Hashlookup Forensic Analyser
⭐
105
Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service - https://circl.lu/services/hashlookup/
Hayabusa Rules
⭐
101
Detection rules for Hayabusa
Itunes_backup_reader
⭐
98
Python 3 Script to parse out iTunes backups
Ccl_chrome_indexeddb
⭐
98
(Sometimes partial) Python re-implementations of the technologies involved in reading various data sources in Chrome-esque applications.
Yaralyzer
⭐
95
Visually inspect and force decode YARA and regex matches found in both binary and text data. With Colors.
Onedrive
⭐
91
OneDrive log .ODL reader
Dfir Toolset
⭐
88
Dump of organized knowledge on DFIR
Ma2tl
⭐
84
macOS forensic timeline generator using the analysis result DBs of mac_apt
Pftriage
⭐
73
Python tool and library to help analyze files during malware triage and analysis.
Macosac
⭐
71
Forensic Artifact Collection Tool for macOS
Btg
⭐
62
BTG's purpose is to make fast and efficient search on IOC
Eventtranscriptparser
⭐
58
Python based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)
Check_rep
⭐
58
Check IP or Domain reputation against open-source Blacklists.
Etl Parser
⭐
57
Event Trace Log file parser in pure Python
Ransomcoinpublic
⭐
47
A DFIR tool to extract cryptocoin addresses and other indicators of compromise from binaries.
Historicprocesstree
⭐
46
An Incident Response tool that visualizes historic process execution evidence (based on Event ID 4688 - Process Creation Event) in a tree view.
Indxripper
⭐
45
Carve file metadata from NTFS index ($I30) attributes
Artifactextractor
⭐
44
Extract common Windows artifacts from source images and VSCs
Scripting
⭐
42
PS / Bash / Python / Other scripts For FUN!
Compsec
⭐
41
Exercises for (legacy) Computer Security course in the University of Oulu
Synapse
⭐
40
Synapse: a Meta Alert Feeder for TheHive, a Security Incident Response Platform
Bgiparser
⭐
39
A parsing tool for backgrounditems.btm
Deobshell
⭐
39
Powershell script deobfuscation using AST in Python
Xleapp
⭐
37
xLEAPP - Merging of iLEAPP/RLEAPP/vLEAPP, ALEAPP, cLEAPP
Dnslog
⭐
36
Minimalistic DNS logging tool
Threathunting Keywords Sigma Rules
⭐
32
Sigma detection rules for hunting with the threathunting-keywords project
Ds4n6_lib
⭐
32
Library of functions to apply Data Science in several forensics artifacts
Decap
⭐
32
Factual Rules Generator
⭐
30
Factual-rules-generator is an open source project which aims to generate YARA rules about installed software from a machine.
Hashlookup Server
⭐
30
Fast lookup server for NSRL and other hash database used in digital forensic
Elrond
⭐
30
Accelerating the collection, processing, analysis and outputting of digital forensic artefacts.
Meat
⭐
28
This toolkit aims to help forensicators perform different kinds of acquisitions on iOS devices
Cortex4py
⭐
26
Python API Client for Cortex
Isodump
⭐
25
isodump - ISO dump utility
Aucr
⭐
24
Analyst Unknown Cyber Range - a micro web service framework
Utils
⭐
23
Different DFIR and CTI utilities
Hstsparser
⭐
22
A tool to parse Firefox and Chrome HSTS databases into forensic artifacts!
Truehunter
⭐
22
Truehunter
Evtx2json
⭐
21
evtx2json extracts events of interest from event logs, dedups them, and exports them to json.
Opensource Endpoint Monitoring
⭐
21
This repository contains all the config files and scripts used for our Open Source Endpoint monitoring project.
Ds4n6_scripts
⭐
20
Library of python scripts to apply Data Science in several forensics artifacts
Yara Validator
⭐
18
Validates yara rules and tries to repair the broken ones.
Citrix Netscaler Triage
⭐
17
Dissect triage script for Citrix NetScaler devices
Pyarascanner
⭐
17
A simple many-rules to many-files YARA scanner for incident response or malware zoos.
Thehivehooks
⭐
15
This is a python tool aiming to make using TheHive webhooks easier.
Volatility Docker
⭐
15
A suite of Volatility 3 plugins for memory forensics of Docker containers
Defender Dump
⭐
15
Dump quarantined files from Windows Defender
Dfdewey
⭐
14
Ufdr2dir
⭐
14
A script to convert a Cellebrite UFDR to the original file structure.
O365auditparser
⭐
14
Microsoft Office365 Protection Center Audit Log Parser
Macripper
⭐
14
A DFIR tool to analyze artifacts on macOS
Iris Client
⭐
13
Python client for DFIR-IRIS
Pywindowsthingies
⭐
13
Windows Thingies in Python for live use.
Osint_to_timesketch
⭐
13
Virustotal Data to Timesketch
Dfir Tools
⭐
12
All the useful tools interesting to be used
Maldump
⭐
12
Multi-quarantine extractor
Osxripper
⭐
12
Tool to rip system and user data from OSX and macOS
__dfir Scripts
⭐
10
Quick & Dirty DFIR scripts developed by Ebryx DFIR team to keep handy during field assignment
Aisle25
⭐
9
Detect leaks in security event logs.
Pythonforensics
⭐
9
Jupyter Notebooks from Python as a Forensic Tool presentation
Digitalshadows2th
⭐
9
DigitalShadows Alert Feeder for TheHive, an Open Source and Free Security Incident Response Platform
Dfir
⭐
9
This is a repository dedicated to the DFIR journey. Contains notes, reflections and links to tools.
Mac_int
⭐
8
macOS Artifact Intelligence Tool
Related Searches
Python Script (17,004)
Python Docker (14,113)
Python Network (11,495)
Python Plugin (9,264)
Python Amazon Web Services (7,850)
Python Google (6,420)
Python Graph (6,224)
Python Json (5,730)
Python Scraper (5,725)
Python Csv (4,902)
1-100 of 107 search results
Next >
Privacy
|
About
|
Terms
|
Follow Us On Twitter
Copyright 2018-2024 Awesome Open Source. All rights reserved.