We have collection of more than 1 Million open source products ranging from Enterprise product to small libraries in all platforms. We aggregate information from all open source repositories. Search and find the best for your needs. Check out projects section.
OSSEC - Host-based Intrusion Detection System
OSSEC is a full platform to monitor and control your systems. It mixes together all the aspects of HIDS (host-based intrusion detection), log monitoring and SIM/SIEM together in a simple, powerful and open source solution.
intrusion-detection siem threat-intelligence security-analytics threat-analytics monitoringawesome-malware-analysis - A curated list of awesome malware analysis tools and resources.
A curated list of awesome malware analysis tools and resources. Inspired by awesome-python and awesome-php. View Chinese translation: 恶意软件分析大合集.md.
malware-analysis awesome awesome-list list malware-samples analysis-framework dynamic-analysis static-analysis threat-intelligence automated-analysis domain-analysis network-traffic threatintel malware-collection malware-research threat-sharing chinese-translation chineseMISP - MISP (core software) - Open Source Threat Intelligence Platform (formely known as Malware Information Sharing Platform)
MISP, is an open source software solution for collecting, storing, distributing and sharing cyber security indicators and threat about cyber security incidents analysis and malware analysis. MISP is designed by and for incident analysts, security and ICT professionals or malware reverser to support their day-to-day operations to share structured informations efficiently. The objective of MISP is to foster the sharing of structured information within the security community and abroad. MISP provides functionalities to support the exchange of information but also the consumption of the information by Network Intrusion Detection System (NIDS), LIDS but also log analysis tools, SIEMs.
misp threat-sharing threat-hunting threatintel malware-analysis stix information-exchange fraud-management tip security cti cybersecurity fraud-detection fraud-prevention threat-analysis information-security information-sharing threat-intelligence threat-intelligence-platform intelligencemalcom - Malcom - Malware Communications Analyzer
Malcom is a tool designed to analyze a system's network communication using graphical representations of network traffic, and cross-reference them with known malware sources. This comes handy when analyzing how certain malware species try to communicate with the outside world. The aim of Malcom is to make malware analysis and intel gathering faster by providing a human-readable version of network traffic originating from a given host or network. Convert network traffic information to actionable intelligence faster.
malware network-traffic pcap threat-intelligence malware-analysis infosec dfirsignature-base - Signature base for my scanner tools
The signature-base repository is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This signature-base is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICLAR PURPOSE. See the GNU General Public License for more details.
signature yara-rules ioc scanner yara anti-virus hash threat-hunting threat-intelligence dfirApache Metron - Real-time Big Data Security
Metron integrates a variety of open source big data technologies in order to offer a centralized tool for security monitoring and analysis. Metron provides capabilities for log aggregation, full packet capture indexing, storage, advanced behavioral analytics and data enrichment, while applying the most current threat intelligence information to security telemetry within a single platform.
security-framework cyber-crime anomoly-detection monitoring security big-data threat-intelligence security-analytics opensoc siem threat-analyticsphishing_catcher - Phishing catcher using Certstream
Catching malicious phishing domain names using certstream SSL certificates live stream. The script should work fine using Python2 or Python3.
phishing threat-intelligence certificate-transparency osint threatintelGOSINT - The GOSINT framework is a project used for collecting, processing, and exporting high quality indicators of compromise (IOCs)
The GOSINT framework is a project used for collecting, processing, and exporting high quality indicators of compromise (IOCs). GOSINT allows a security analyst to collect and standardize structured and unstructured threat intelligence. Applying threat intelligence to security operations enriches alert data with additional confidence, context, and co-occurrence. This means that you apply research from third parties to security event data to identify similar, or identical, indicators of malicious behavior. The framework is written in Go with a JavaScript frontend. Updating is simple and encouraged as bugs are reported and fixed or new features are added. To update your instance of GOSINT, pull the latest version of GOSINT from the repository and re-run the build command to compile the updated binary.
security ioc threat-intelligencePatrowlManager - PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform
To try PatrOwl, install it by reading the Installation Guide and the User Guide. Fully-Developed in Python, PatrOwl is composed of a Front-end application PatrowlManager (Django) communicating with one or multiple PatrowlEngines micro-applications (Flask) which perform the scans, analyze the results and format them in a normalized way. It remains incredibly easy to customize all components. Asynchronous tasks and engine scalability are supported by RabbitMQ and Celery. The PatrowlManager application is reachable using the embedded WEB interface or using the JSON-API. PatrowlEngines are only available through generic JSON-API calls (see Documentation).
api ioc automation incident-response orchestration secops scans threat-hunting vulnerabilities thehive vulnerability-detection vulnerability-management vulnerability-scanners security-scanner security-automation security-tools threat-intelligence patrowlmisp-osint-collection - Collection of best practices to add OSINT into MISP and/or MISP communities
The document is available in XMind format and the source is available. Fork the project, download the XMind format document, edit the document with XMind, commit and do a pull-request.
osint misp threat-intelligence threat-sharing cyber-securitysqhunter - A simple threat hunting tool based on osquery, Salt Open and Cymon API
You need to run sqhunter on your salt-master server.
saltstack osquery threatintel threat-hunting threat-intelligence security security-toolsPhishruffus - Intelligent threat hunter and phishing servers
Phishruffus is a tool designed for the identification of DNS servers and Internet threats used for the illegal practice of phishing.
phishing phishing-servers threat-intelligence threat-analysisomnibus - The OSINT Omnibus (beta release)
An Omnibus is defined as a volume containing several novels or other items previously published separately and that is exactly what the InQuest Omnibus project intends to be for Open Source Intelligence collection, research, and artifact management. By providing an easy to use interactive command line application, users are able to create sessions to investigate various artifacts such as IP addresses, domain names, email addresses, usernames, file hashes, Bitcoin addresses, and more as we continue to expand.
osint security-automation security threat-intelligence iocspython-iocextract - Advanced Indicator of Compromise (IOC) extractor.
Advanced Indicator of Compromise (IOC) extractor. This library extracts URLs, IP addresses, MD5/SHA hashes, email addresses, and YARA rules from text corpora. It includes obfuscated and "defanged" IOCs in the output, and optionally deobfuscates them.
ioc indicators-of-compromise library ioc-extractor defang threat-intelligence threat-sharing threatintel malware-research osint dfirvirustotal - Malice VirusTotal Plugin
This repository contains a Dockerfile of the VirusTotal malice plugin malice/virustotal. Find a bug? Want more features? Find something missing in the documentation? Let me know! Please don't hesitate to file an issue and I'll get right on it.
malice docker plugin malware intel threat-intelligence virustotaldelator - Golang-based subdomain miner leveraging certificate transparency logs
DELATOR (lat. informer) is a tool to perform subdomain enumeration and initial reconnaissance through the abusing of certificate transparency (CT) logs. It expands on the original work done by Sheila A. Berta with her CTFR tool and leverages the speed and power of Go. To run DELATOR a domain (-d) and search source (-s) must always be specified.
subdomain-scanner subdomains subdomainlist pentesting reconnaissance recon threat-intelligence threatintel pentest-tool certificate-transparency-logs penetration-testing certificate-transparency-abusednsmorph - Domain name permutation engine written in Go
DNSMORPH is a domain name permutation engine, inspired by dnstwist. It is written in Go making for a compact and very fast tool. It robustly handles any domain or subdomain supplied and provides a number of configuration options to tune permutation runs. Downloading the pre-compiled binaries for your platform from the latest release page and extracting in a directory of your choosing.
permutation-algorithms permutations domains dns typosquatting phishing phishing-attacks phishing-sites pentest-tool threatintel threat-intelligence penetration-testingfalconz - 🦅 Falcon Malware Sandbox APIv2 Connector
Falcon Sandbox has a powerful and simple API that can be used to submit files/URLs for analysis, pull report data, but also perform advanced search queries. The API is open and free to the entire IT-security community. To create a client, we can specify our API key or set the HYBRID_ANALYSIS_API_KEY environment variable to communicate with the API.
malware-analysis api-client vxstream payload-security threat-intelligenceVulnerability-Data-Archive - With the hope that someone finds the data useful, we're publishing an archive of almost all of the non-sensitive vulnerability information in our vulnerability reports database
2018-01-30 Updated data. 2017-11-08 Updated data. Sorted JSON keys so future updates should diff more cleanly in git commit logs.
vulnerability-data vulnerability vulnerability-notes cert vulnerability-report threat-intelligence threatintel threat-analysis threat cveBeSafe - BeSafe is robust threat analyzer which help to protect your desktop environment and know what's happening around you
BeSafe is a robust threat analyzer which helps securing your desktop environment and be aware of what's happening around you. By using VirusTotal public API, BeSafe got power of more than 56 antivirus products without need to install any client engines in light and robust solution. Except VirusTotal's power, BeSafe uses other techniques and tricks to protect your environments from known and unknown threats. ❗️ Dependencies automatically handled by NuGet package manager of VisualStudio.
threat-analysis threat-hunting threat-intelligence cybersecurity malware-analysis
We have large collection of open source products. Follow the tags from
Tag Cloud >>
Open source products are scattered around the web. Please provide information
about the open source projects you own / you use.
Add Projects.
