We have collection of more than 1 Million open source products ranging from Enterprise product to small libraries in all platforms. We aggregate information from all open source repositories. Search and find the best for your needs. Check out projects section.
omnibus - The OSINT Omnibus (beta release)
- 29
An Omnibus is defined as a volume containing several novels or other items previously published separately and that is exactly what the InQuest Omnibus project intends to be for Open Source Intelligence collection, research, and artifact management. By providing an easy to use interactive command line application, users are able to create sessions to investigate various artifacts such as IP addresses, domain names, email addresses, usernames, file hashes, Bitcoin addresses, and more as we continue to expand.
https://github.com/InQuest/omnibus| Tags | osint security-automation security threat-intelligence iocs |
| Implementation | Python |
| License | MIT |
| Platform | Windows Linux |
Related Projects
GOSINT - The GOSINT framework is a project used for collecting, processing, and exporting high quality indicators of compromise (IOCs)
The GOSINT framework is a project used for collecting, processing, and exporting high quality indicators of compromise (IOCs). GOSINT allows a security analyst to collect and standardize structured and unstructured threat intelligence. Applying threat intelligence to security operations enriches alert data with additional confidence, context, and co-occurrence. This means that you apply research from third parties to security event data to identify similar, or identical, indicators of malicious behavior. The framework is written in Go with a JavaScript frontend. Updating is simple and encouraged as bugs are reported and fixed or new features are added. To update your instance of GOSINT, pull the latest version of GOSINT from the repository and re-run the build command to compile the updated binary.
security ioc threat-intelligenceintelmq - IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol
IntelMQ is a solution for IT security teams (CERTs, CSIRTs, abuse departments,...) for collecting and processing security feeds (such as log files) using a message queuing protocol. It's a community driven initiative called IHAP (Incident Handling Automation Project) which was conceptually designed by European CERTs/CSIRTs during several InfoSec events. Its main goal is to give to incident responders an easy way to collect & process threat intelligence thus improving the incident handling processes of CERTs. See INSTALL.
cybersecurity threat ioc malware phishing cert csirt intelligence incident-response alerts feeds incident handling automation ihapMISP - MISP (core software) - Open Source Threat Intelligence Platform (formely known as Malware Information Sharing Platform)
MISP, is an open source software solution for collecting, storing, distributing and sharing cyber security indicators and threat about cyber security incidents analysis and malware analysis. MISP is designed by and for incident analysts, security and ICT professionals or malware reverser to support their day-to-day operations to share structured informations efficiently. The objective of MISP is to foster the sharing of structured information within the security community and abroad. MISP provides functionalities to support the exchange of information but also the consumption of the information by Network Intrusion Detection System (NIDS), LIDS but also log analysis tools, SIEMs.
misp threat-sharing threat-hunting threatintel malware-analysis stix information-exchange fraud-management tip security cti cybersecurity fraud-detection fraud-prevention threat-analysis information-security information-sharing threat-intelligence threat-intelligence-platform intelligencePatrowlManager - PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform
To try PatrOwl, install it by reading the Installation Guide and the User Guide. Fully-Developed in Python, PatrOwl is composed of a Front-end application PatrowlManager (Django) communicating with one or multiple PatrowlEngines micro-applications (Flask) which perform the scans, analyze the results and format them in a normalized way. It remains incredibly easy to customize all components. Asynchronous tasks and engine scalability are supported by RabbitMQ and Celery. The PatrowlManager application is reachable using the embedded WEB interface or using the JSON-API. PatrowlEngines are only available through generic JSON-API calls (see Documentation).
api ioc automation incident-response orchestration secops scans threat-hunting vulnerabilities thehive vulnerability-detection vulnerability-management vulnerability-scanners security-scanner security-automation security-tools threat-intelligence patrowlApache Metron - Real-time Big Data Security
Metron integrates a variety of open source big data technologies in order to offer a centralized tool for security monitoring and analysis. Metron provides capabilities for log aggregation, full packet capture indexing, storage, advanced behavioral analytics and data enrichment, while applying the most current threat intelligence information to security telemetry within a single platform.
security-framework cyber-crime anomoly-detection monitoring security big-data threat-intelligence security-analytics opensoc siem threat-analyticsh4cker - This repository is primarily maintained by Omar Santos and includes resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more
This repository includes thousands of cybersecurity-related references and resources and it is maintained by Omar Santos. This GitHub repository has been created to provide supplemental material to several books, video courses, and live training created by Omar Santos and other co-authors. It provides over 6,000 references, scripts, tools, code, and other resources that help offensive and defensive security professionals learn and develop new skills. This GitHub repository provides guidance on how build your own hacking environment, learn about offensive security (ethical hacking) techniques, vulnerability research, exploit development, reverse engineering, malware analysis, threat intelligence, threat hunting, digital forensics and incident response (DFIR), includes examples of real-life penetration testing reports, and more. These courses serve as comprehensive guide for any network and security professional who is starting a career in ethical hacking and penetration testing. It also can help individuals preparing for the Offensive Security Certified Professional (OSCP), the Certified Ethical Hacker (CEH), CompTIA PenTest+ and any other ethical hacking certification. This course helps any cyber security professional that want to learn the skills required to becoming a professional ethical hacker or that want to learn more about general hacking methodologies and concepts.
hacking penetration-testing hacking-series video-course cybersecurity ethical-hacking ethicalhacking hacker exploit exploits exploit-development vulnerability vulnerability-scanners vulnerability-assessment vulnerability-management vulnerability-identification awesome-lists awesome-list training hackersawesome-threat-intelligence - A curated list of Awesome Threat Intelligence resources
A concise definition of Threat Intelligence: evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject’s response to that menace or hazard. Feel free to contribute.
security awesomeTheHive - TheHive: a Scalable, Open Source and Free Security Incident Response Platform
TheHive is a scalable 3-in-1 open source and free Security Incident Response Platform designed to make life easier for SOCs, CSIRTs, CERTs and any information security practitioner dealing with security incidents that need to be investigated and acted upon swiftly. It is the perfect companion to MISP. You can synchronize it with one or multiple MISP instances to start investigations out of MISP events. You can also export an investigation's results as a MISP event to help your peers detect and react to attacks you've dealt with. Additionally, when TheHive is used in conjunction with Cortex, security analysts and researchers can easily analyze tens if not hundred of observables. Collaboration is at the heart of TheHive. Multiple analysts can work on the same case simultaneously. For example, an analyst may deal with malware analysis while another may work on tracking C2 beaconing activity on proxy logs as soon as IOCs have been added by their coworker. Using TheHive's live stream, everyone can keep an eye on what's happening on the platform, in real time.
misp security-incidents analyzer iocs thehive digital-forensics incident-response rest api investigations analyst dfir free free-software open-source platform misp-events cortex agplv3opensoc - OpenSOC Apache Hadoop Code
OpenSOC integrates a variety of open source big data technologies in order to offer a centralized tool for security monitoring and analysis. OpenSOC provides capabilities for log aggregation, full packet capture indexing, storage, advanced behavioral analytics and data enrichment, while applying the most current threat intelligence information to security telemetry within a single platform. A mechanism to capture, store, and normalize any type of security telemetry at extremely high rates. Because security telemetry is constantly being generated, it requires a method for ingesting the data at high speeds and pushing it to various processing units for advanced computation and analytics.
OSSEC - Host-based Intrusion Detection System
OSSEC is a full platform to monitor and control your systems. It mixes together all the aspects of HIDS (host-based intrusion detection), log monitoring and SIM/SIEM together in a simple, powerful and open source solution.
intrusion-detection siem threat-intelligence security-analytics threat-analytics monitoringxray - XRay is a tool for recon, mapping and OSINT gathering from public networks.
XRay is a tool for network OSINT gathering, its goal is to make some of the initial tasks of information gathering and network mapping automatic. The shodan.io API key parameter ( -shodan-key KEY ) is optional, however if not specified, no service fingerprinting will be performed and a lot less information will be shown (basically it just gonna be DNS subdomain enumeration).
osint security network shodan intelligence mappingspiderfoot - SpiderFoot automates OSINT so you can focus on analysis.
SpiderFoot is an open source intelligence (OSINT) automation tool. It integrates with just about every data source available and utilises a range of methods for data analysis, making that data easy to navigate. SpiderFoot has an embedded web-server for providing a clean and intuitive web-based interface but can also be used completely via the command-line. It's written in Python 3 and GPL-licensed.
osint infosec threatintel intelligence-gathering reconnaissance footprinting attack-surface osint-reconnaissancengx-graph - Graph visualization library for angular
This library is focused on handling graph data (anything with nodes and edges) rather than chart data. Currently the only visualization uses the Dagre layout, which is specialized for directed graphs. The plan is to implement multiple visualisations for graph data within this same library. Eventually, ngx-charts-force-directed-graph may be imported into this library as another option to visualize your graph data. ngx-graph is a Swimlane open-source project; we believe in giving back to the open-source community by sharing some of the projects we build for our application. Swimlane is an automated cyber security operations and incident response platform that enables cyber security teams to leverage threat intelligence, speed up incident response and automate security operations.
dag directed-graph chart svg angular angular2 data-viz workflow angularjs charts charting d3 viz graph dataviz d3.js d3js angular4 directed-acyclic-graph visualization treedsiem - Security event correlation engine for ELK stack
Dsiem is a security event correlation engine for ELK stack, allowing the platform to be used as a dedicated and full-featured SIEM system. Dsiem provides OSSIM-style correlation for normalized logs/events, perform lookup/query to threat intelligence and vulnerability information sources, and produces risk-adjusted alarms.
security elasticsearch logstash elk siem ossimsubfinder - SubFinder is a subdomain discovery tool that discovers valid subdomains for websites
SubFinder is a subdomain discovery tool that discovers valid subdomains for websites by using passive online sources. It has a simple modular architecture and has been aimed as a successor to sublist3r project. SubFinder uses Passive Sources, Search Engines, Pastebins, Internet Archives, etc to find subdomains and then it uses a permutation module inspired by altdns to generate permutations and resolve them quickly using a powerful bruteforcing engine. It can also perform plain bruteforce if needed. The tool is highly customizable, and the code is built with a modular approach in mind making it easy to add functionalities and remove errors. We have designed SubFinder to comply with all passive sources licenses, and usage restrictions, as well as maintained a consistently passive model to make it useful to both penetration testers and bug bounty hunters alike.
subdomain subdomain-enumeration subdomain-bruteforcing bruteforcing hacking bug-bounty penetration-testing reconaissance subdomain-scanner enumeration discover-services hacking-tool security-tools security-audit security-scanner subdomain-brute subdomain-takeover osint osint-resources pentestingDetectionLab - Vagrant & Packer scripts to build a lab environment complete with security tooling and logging best practices
This lab has been designed with defenders in mind. Its primary purpose is to allow the user to quickly build a Windows domain that comes pre-loaded with security tooling and some best practices when it comes to system logging configurations. It can easily be modified to fit most needs or expanded to include additional hosts.NOTE: This lab has not been hardened in any way and runs with default vagrant credentials. Please do not connect or bridge it to any networks you care about. This lab is deliberately designed to be insecure; the primary purpose of it is to provide visibility and introspection into each host.
vagrant vagrantfile packer information-security lab-environment dfir threat-detection threat-hunting threat huntingApache Spot - A Community Approach to Fighting Cyber Threats
Apache Spot is a community-driven cybersecurity project, built from the ground up, to bring advanced analytics to all IT Telemetry data on an open, scalable platform. pot expedites threat detection, investigation, and remediation via machine learning and consolidates all enterprise security data into a comprehensive IT telemetry hub based on open data models.
threat-analytics threat-detection threat-analysis cybersecurity threat machine-learningDeepFence - Identify vulnerabilities in running containers, images, hosts and repositories
Deepfence ThreatMapper helps you to monitor and secure your running applications, in Cloud, Kubernetes, Docker, and Fargate Serverless. ThreatMapper scans your platforms and identifies pods, containers, applications, and infrastructure. Use ThreatMapper to discover the topology of your applications and attack surface. It obtains manifests of dependencies from running pods and containers, serverless apps, applications, and operating system. ThreatMapper matches these against vulnerability feeds to identify vulnerable components.
vulnerability-scanning security-vulnerability vulnerability-management threat-analysis vulnerability github docker kubernetes jenkins devops circleci gitlab serverless secops cloud-native security-tools devsecops compliance-automation registry-scanningrita - Real Intelligence Threat Analytics
Brought to you by Active Countermeasures. RITA is an open source framework for network traffic analysis.
rita network-traffic threat scanning offensive-countermeasures bro-ids blueteam security logs analytics analysis bhis beacon beacon-sniffer dns dns-tunneling dgaShuffle - Shuffle: A general purpose security automation platform
Shuffle is an automation platform focused on accessibility. We believe everyone should have access to efficient processes, and are striving to make that a possibility by making integrations for YOUR tools. Security Operations is complex, but it doesn't have to be. Please consider sponsoring the project if you want to see more rapid development.
security integrations automation discord openapi orchestration cybersecurity shuffle agplv3 hacktoberfest orchestrator security-automation soar orchestrator-gui workflow-editor mitre-attack security-orchestrator
We have large collection of open source products. Follow the tags from
Tag Cloud >>
Open source products are scattered around the web. Please provide information
about the open source projects you own / you use.
Add Projects.
