Awesome Open Source
Search
Programming Languages
Languages
All Categories
Categories
About

Search results for python threat hunting

python x
threat-hunting x
92 search results found
Dnstwist ⭐ 3,955
Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation
Intelowl ⭐ 2,768
Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scale
Malwoverview ⭐ 2,113
Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, ThreatFox, Triage, InQuest and it is able to scan Android devices against VT.
Apt_report ⭐ 1,808
Interesting APT Report Collection And Some Special IOC
Yeti ⭐ 1,383
Your Everyday Threat Intelligence
Beagle ⭐ 1,171
Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
Apt Hunter ⭐ 935
APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity
Atomic Threat Coverage ⭐ 740
Actionable analytics designed to combat threats
Cyberthreathunting ⭐ 716
A collection of resources for Threat Hunters - Sponsored by Falcon Guard
Watcher ⭐ 692
Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.
Threatingestor ⭐ 676
Extract and aggregate threat intelligence.
Fatt ⭐ 555
FATT /fingerprintAllTheThings - a pyshark based script for extracting network metadata and fingerprints from pcap files and live network traffic
Opensquat ⭐ 430
The openSquat project is an open-source solution for detecting phishing domains and domain squatting. It searches for newly registered domains that impersonate legitimate domains on a daily basis. This project aims to help protect individuals and organizations from cyber threats by identifying and alerting them to potentially malicious domains.
Misp Galaxy ⭐ 424
Clusters and elements to attach to MISP events or attributes (like threat actors)
Scrummage ⭐ 422
The Ultimate OSINT and Threat Hunting Framework
Stalkphish ⭐ 347
StalkPhish - The Phishing kits stalker, harvesting phishing kits for investigations.
Openuba ⭐ 264
A robust, and flexible open source User & Entity Behavior Analytics (UEBA) framework used for Security Analytics. Developed with luv by Data Scientists & Security Analysts from the Cyber Security Industry. [PRE-ALPHA]
Yara Rules ⭐ 261
A collection of YARA rules we wish to share with the world, most probably referenced from http://blog.inquest.net.
Threatbus ⭐ 239
🚌 Threat Bus – A threat intelligence dissemination layer for open-source security tools.
Osweep ⭐ 237
Don't Just Search OSINT. Sweep It.
Patrowlengines ⭐ 224
PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform
Kestrel Lang ⭐ 219
Kestrel threat hunting language: building reusable, composable, and shareable huntflows across different data sources and threat intel.
Rmeye ⭐ 205
戎码之眼是一个window上的基于att&ck模型的威胁监控工具.有效检测常见的未知威胁与已知威胁.
Stix Shifter ⭐ 184
This project consists of an open source library allowing software to connect to data repositories using STIX Patterning, and return results as STIX Observations.
Epagneul ⭐ 180
Graph Visualization for windows event logs
Bearded Avenger ⭐ 176
CIF v3 -- the fastest way to consume threat intelligence
Phishingkithunter ⭐ 157
Find phishing kits which use your brand/organization's files and image.
Patrowlhears ⭐ 139
PatrowlHears - Vulnerability Intelligence Center / Exploits
Oriana ⭐ 136
Oriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments.
Ioc Finder ⭐ 129
Simple, effective, and modular package for parsing observables (indicators of compromise (IOCs), network data, and other, security related information) from text. It uses grammars rather than regexes which makes it more readable, maintainable, and hackable. Explore our interactive documentation here: https://hightower.space/ioc-finder/
Analyst Arsenal ⭐ 114
A toolkit for Security Researchers
Subcrawl ⭐ 113
SubCrawl is a modular framework for discovering open directories, identifying unique content through signatures and organizing the data with optional output modules, such as MISP.
Detections ⭐ 98
This repository contains all public indicators identified by 401trg during the course of our investigations. It also includes relevant yara rules and ids signatures to detect these indicators.
Thiri Notebook ⭐ 95
The Threat Hunting In Rapid Iterations (THIRI) Jupyter notebook is designed as a research aide to let you rapidly prototype threat hunting rules.
Evtx Hunter ⭐ 93
evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.
Infosec And Hacking Scripts ⭐ 80
🚀 This is a collection of hacking🔥 and pentesting 🧐 scripts to help with enumeration, OSINT, exploitation and post exploitation automated scripts to make hacking easier🌠. Have fun!😎
Open Source Threat Intel Feeds ⭐ 76
This repository contains Open Source freely usable Threat Intel feeds that can be used without additional requirements. Contains multiple types such as IP, URL, CVE and Hash.
Ioc Explorer ⭐ 66
Explore Indicators of Compromise Automatically
Sqhunter ⭐ 65
A simple threat hunting tool based on osquery, Salt Open and Cymon API
Mail_to_misp ⭐ 63
Connect your mail client/infrastructure to MISP in order to create events based on the information contained within mails.
Secbert ⭐ 61
pretrained BERT model for cyber security text, learned CyberSecurity Knowledge
Cif V5 ⭐ 56
The FASTEST way to consume threat intel.
Pylirt ⭐ 52
Pylirt - Python Linux Incident Response Toolkit
Threat Hunting With Notebooks ⭐ 47
Repository with Sample threat hunting notebooks on Security Event Log Data Sources
Rajappan ⭐ 43
An All in one Project for Digital Privacy. A step towards a PRIVATE FUTURE
Sysmonresources ⭐ 40
Consolidation of various resources related to Microsoft Sysmon & sample data/log
Yara Scanner ⭐ 34
YaraScanner is a file pattern-matching tool based on YARA rules.
Csirtg Smrt V1 ⭐ 27
the fastest way to consume threat intelligence.
Verbose Robot ⭐ 26
The Fastest way to consume Threat Intel
Domaincat ⭐ 26
Domain Connectivity Analysis Tools to analyze aggregate connectivity patterns across a set of domains during security investigations
Infrastructure Tracking Schema ⭐ 22
Bluelay ⭐ 21
Searches online paste sites for certain search terms which can indicate a possible data breach.
Censys Recon Ng ⭐ 20
recon-ng modules for Censys
Mass Scanning Tools ⭐ 17
Various scripts for mass-scanning engagements of world-facing services.
Geoipplotter ⭐ 17
GeoIP plotting script written in Python to help security teams draw visualized reports from IP addresses
Yafra ⭐ 16
YAFRA is a semi-automated framework for analyzing and representing reports about IT Security incidents.
Xn Twist ⭐ 16
Find Unicode (including Internationalized) domain squats. https://xntwist.hightower.space/
Misp Tools ⭐ 16
Import CrowdStrike Threat Intelligence into your instance of MISP
Syspce ⭐ 15
System Processes Correlation Engine
Amphunt ⭐ 15
Cisco AMP threat hunting scripts
Pyeti ⭐ 15
Python bindings for Yeti's API
Hanoman ⭐ 15
Hanoman is an GUI antivirus engine singature based detection 🐒
Utilities ⭐ 14
This repository contains tools used by 401trg.
Aws Threathunting ⭐ 13
Projects for AWS ThreatHunting
Pybinaryedge ⭐ 12
Python 3 Wrapper for the BinaryEdge API https://www.binaryedge.io/
File_watchtower ⭐ 12
Lightweight File Integrity Monitoring Tool
Pastebinscrapy ⭐ 10
Threat hunting tool for scraping latest scrapes from Pastebin
Boxcar ⭐ 9
Process the fortune 1000 domains to identify live typo-sites. Save results into a database for later processing and analysis.
Aisle25 ⭐ 9
Detect leaks in security event logs.
Context Graph Analytics ⭐ 9
Time series knowledge graphs for cybersecurity
Cs Discovery ⭐ 9
Finds Cobalt Strike fingerprint on targets via traffic telemetry
Spyglass ⭐ 9
SpyGlass, the all in one tool for a kickass api.
Chad ⭐ 8
Search Google Dorks like Chad.
Domainthreat ⭐ 8
Daily Domain Monitoring for brand names and mailing domain names to detect phishing and brand impersonations
Domain Extractor ⭐ 7
Extract valid or partially valid domain names and IPs from malicious or invalid URLs.
Ail Feeder Leak ⭐ 7
AIL LeakFeeder: A Module for AIL Framework that automate the process to feed leaked files automatically
Plast ⭐ 5
Modular command-line threat hunting tool & framework.
Thethreathuntlibrary ⭐ 5
Library of threat hunts to get any user started!
Packettrail ⭐ 5
Associates netflow data with system processes and logs to syslog
Blackip Rep ⭐ 4
BlackIP-Rep is a tool designed to gather the reputation and information of Bulk IP's. Focused on increasing the workflow of Security Operations(SOC) team during investigation.
Phishdomain_slack ⭐ 4
Detect Phishing Campaigns/Links related to your Organization.
C2finder ⭐ 4
Look for un-sinkholed C&C IPs in your Bro logs (from Bambanek Consulting C&C master list)
Whois_search ⭐ 4
Small python flask application that uses the whoisxmlapi, to search for whois changes via keyword/domain-name in the last 14 days. Purpose is for threat hunting and brand abuse searches.
Mapping Sysmonlogs To Attack ⭐ 4
A set of detection rules in the format of DSL which are extract from opensource attack libraries, and aim to map the Sysmon logs to techniques described in ATT&CK
Misp Extractor ⭐ 4
This is a simple Python script that connects to a MISP instance and retrieves attributes of specific types (such as IP addresses, URLs, and hashes). The retrieved attributes are then written to separate files.
Cybersecurity ⭐ 3
Research, Rules, Books, Tools and more basic stuff you can get anywhere
Dfir Ioc Ut ⭐ 3
DFIR IoC Unit Testing
Shodan Scan Wrapper ⭐ 3
Python3 script that wraps Shodan CLI - it resolves a domain to an IP and then performs a scan
Whoiswhoapt ⭐ 3
Interrelation of APT groups based on their TTPs. Extraction of APT TTP's layers.
Gitter ⭐ 3
GIT Threat Extended Recon
Ioc Matching ⭐ 3
IOC matching for incident responders, threat hunters, detection engineers, and security engineers.
Threatintelligence ⭐ 2
Malicious IP source.
Related Searches
Python Django (27,574)
Python Machine Learning (20,195)
Python Dataset (14,792)
Python Pytorch (14,667)
Python Flask (14,408)
Python Docker (14,113)
Python Tensorflow (13,737)
Python Command Line (13,213)
Python Deep Learning (13,092)
Python Jupyter Notebook (12,976)
1-92 of 92 search results
Privacy | About | Terms | Follow Us On Twitter

Copyright 2018-2023 Awesome Open Source.  All rights reserved.