Displaying 1 to 20 from 24 results

OSSEC - Host-based Intrusion Detection System

  •    C

OSSEC is a full platform to monitor and control your systems. It mixes together all the aspects of HIDS (host-based intrusion detection), log monitoring and SIM/SIEM together in a simple, powerful and open source solution.

MISP - MISP (core software) - Open Source Threat Intelligence Platform (formely known as Malware Information Sharing Platform)

  •    PHP

MISP, is an open source software solution for collecting, storing, distributing and sharing cyber security indicators and threat about cyber security incidents analysis and malware analysis. MISP is designed by and for incident analysts, security and ICT professionals or malware reverser to support their day-to-day operations to share structured informations efficiently. The objective of MISP is to foster the sharing of structured information within the security community and abroad. MISP provides functionalities to support the exchange of information but also the consumption of the information by Network Intrusion Detection System (NIDS), LIDS but also log analysis tools, SIEMs.

malcom - Malcom - Malware Communications Analyzer

  •    Python

Malcom is a tool designed to analyze a system's network communication using graphical representations of network traffic, and cross-reference them with known malware sources. This comes handy when analyzing how certain malware species try to communicate with the outside world. The aim of Malcom is to make malware analysis and intel gathering faster by providing a human-readable version of network traffic originating from a given host or network. Convert network traffic information to actionable intelligence faster.




signature-base - Signature base for my scanner tools

  •    Python

The signature-base repository is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This signature-base is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICLAR PURPOSE. See the GNU General Public License for more details.

Apache Metron - Real-time Big Data Security

  •    Java

Metron integrates a variety of open source big data technologies in order to offer a centralized tool for security monitoring and analysis. Metron provides capabilities for log aggregation, full packet capture indexing, storage, advanced behavioral analytics and data enrichment, while applying the most current threat intelligence information to security telemetry within a single platform.

phishing_catcher - Phishing catcher using Certstream

  •    Python

Catching malicious phishing domain names using certstream SSL certificates live stream. The script should work fine using Python2 or Python3.

misp-osint-collection - Collection of best practices to add OSINT into MISP and/or MISP communities

  •    

The document is available in XMind format and the source is available. Fork the project, download the XMind format document, edit the document with XMind, commit and do a pull-request.


Phishruffus - Intelligent threat hunter and phishing servers

  •    Python

Phishruffus is a tool designed for the identification of DNS servers and Internet threats used for the illegal practice of phishing.

omnibus - The OSINT Omnibus (beta release)

  •    Python

An Omnibus is defined as a volume containing several novels or other items previously published separately and that is exactly what the InQuest Omnibus project intends to be for Open Source Intelligence collection, research, and artifact management. By providing an easy to use interactive command line application, users are able to create sessions to investigate various artifacts such as IP addresses, domain names, email addresses, usernames, file hashes, Bitcoin addresses, and more as we continue to expand.

python-iocextract - Advanced Indicator of Compromise (IOC) extractor.

  •    Python

Advanced Indicator of Compromise (IOC) extractor. This library extracts URLs, IP addresses, MD5/SHA hashes, email addresses, and YARA rules from text corpora. It includes obfuscated and "defanged" IOCs in the output, and optionally deobfuscates them.

falconz - 🦅 Falcon Malware Sandbox APIv2 Connector

  •    Ruby

Falcon Sandbox has a powerful and simple API that can be used to submit files/URLs for analysis, pull report data, but also perform advanced search queries. The API is open and free to the entire IT-security community. To create a client, we can specify our API key or set the HYBRID_ANALYSIS_API_KEY environment variable to communicate with the API.

BeSafe - BeSafe is robust threat analyzer which help to protect your desktop environment and know what's happening around you

  •    CSharp

BeSafe is a robust threat analyzer which helps securing your desktop environment and be aware of what's happening around you. By using VirusTotal public API, BeSafe got power of more than 56 antivirus products without need to install any client engines in light and robust solution. Except VirusTotal's power, BeSafe uses other techniques and tricks to protect your environments from known and unknown threats. ❗️ Dependencies automatically handled by NuGet package manager of VisualStudio.

docker-misp - Automated Docker MISP container - Malware Information Sharing Platform and Threat Sharing

  •    Dockerfile

Following the Official MISP Ubuntu 18.04 LTS build instructions. We follow the official MISP installation steps everywhere possible, while adding automation around tedious manual steps and configurations.

mail_to_misp - Connect your mail client/infrastructure to MISP in order to create events based on the information contained within mails

  •    Python

Connect your mail infrastructure to MISP in order to create events based on the information contained within mails. You should now be able to send your IoC-containing mails to misp_handler@YOURDOMAIN.

misp-dashboard - A dashboard for a real-time overview of threat intelligence from MISP instances

  •    Python

A dashboard showing live data and statistics from the ZMQ feeds of one or more MISP instances. The dashboard can be used as a real-time situational awareness tool to gather threat intelligence information. The misp-dashboard includes a gamification tool to show the contributions of each organisations and how they are ranked over time. The dashboard can be used for SOC (Security Operation Center), security team or during cyber exercise to keep track of what's going on your various MISP instances. ⚠️ Make sure no zmq python3 scripts are running. They block the update.

misp-galaxy - Clusters and elements to attach to MISP events or attributes (like threat actors)

  •    Python

MISP galaxy is a simple method to express a large object called cluster that can be attached to MISP events or attributes. A cluster can be composed of one or more elements. Elements are expressed as key-values. There are default vocabularies available in MISP galaxy but those can be overwritten, replaced or updated as you wish. Existing clusters and vocabularies can be used as-is or as a template. MISP distribution can be applied to each cluster to permit a limited or broader distribution scheme.