Displaying 1 to 15 from 15 results

cowrie - Cowrie SSH/Telnet Honeypot

  •    Python

This is the official repository for the Cowrie SSH and Telnet Honeypot effort. Cowrie is a medium interaction SSH and Telnet honeypot designed to log brute force attacks and the shell interaction performed by the attacker.

MISP - MISP (core software) - Open Source Threat Intelligence Platform (formely known as Malware Information Sharing Platform)

  •    PHP

MISP, is an open source software solution for collecting, storing, distributing and sharing cyber security indicators and threat about cyber security incidents analysis and malware analysis. MISP is designed by and for incident analysts, security and ICT professionals or malware reverser to support their day-to-day operations to share structured informations efficiently. The objective of MISP is to foster the sharing of structured information within the security community and abroad. MISP provides functionalities to support the exchange of information but also the consumption of the information by Network Intrusion Detection System (NIDS), LIDS but also log analysis tools, SIEMs.

yeti - Your Everyday Threat Intelligence

  •    Python

Yeti is a platform meant to organize observables, indicators of compromise, TTPs, and knowledge on threats in a single, unified repository. Yeti will also automatically enrich observables (e.g. resolve domains, geolocate IPs) so that you don't have to. Yeti provides an interface for humans (shiny Bootstrap-based UI) and one for machines (web API) so that your other tools can talk nicely to it. Yeti was born out of frustration of having to answer the question "where have I seen this artifact before?" or Googling shady domains to tie them to a malware family.




misp-osint-collection - Collection of best practices to add OSINT into MISP and/or MISP communities

  •    

The document is available in XMind format and the source is available. Fork the project, download the XMind format document, edit the document with XMind, commit and do a pull-request.

python-iocextract - Advanced Indicator of Compromise (IOC) extractor.

  •    Python

Advanced Indicator of Compromise (IOC) extractor. This library extracts URLs, IP addresses, MD5/SHA hashes, email addresses, and YARA rules from text corpora. It includes obfuscated and "defanged" IOCs in the output, and optionally deobfuscates them.

docker-misp - Automated Docker MISP container - Malware Information Sharing Platform and Threat Sharing

  •    Dockerfile

Following the Official MISP Ubuntu 18.04 LTS build instructions. We follow the official MISP installation steps everywhere possible, while adding automation around tedious manual steps and configurations.

misp-rfc - Specifications used in the MISP project including MISP core format

  •    HTML

This repository is the official source of the specification and formats used in the MISP project. The formats are described to support other implementations which reuse the format and ensuring an interoperability with existing MISP software and other Threat Intelligence Platforms.


MISP-STIX-Converter - A utility repo to assist with converting between MISP and STIX formats

  •    Python

This is the open-sourced version of BAE Systems' internal sync script. It's a bit limited, and it isn't perfect, nor is it bug-free. should have you covered. This relies on me actually updating PyPI every time I update the project, so I'd use the git repo wherever possible.

misp-takedown - A curses-style interface for automatic takedown notification based on MISP events.

  •    Python

A curses-style interface for generating automatic takedown notifications through RT/RTIR using MISP events as input. This code is a surprisingly well working result of an experiment. However, the code needs improvements here and there. Also, the installation process regarding urlabuse, uwhoisd, MISP and RT/RTIR is not the most straight forward. We'd be happy to find contributors for code improvements and installation documentation. Both could be part of an internship at CIRCL. Reach out if you are interested.

pyeti - Python bindings for Yeti's API

  •    Python

$ python setup.py install should get you started. After this gets a little more maturity, we will submit it to Pypy for usage with pip. First thing is to import the library and instantiate a client.

bearded-avenger - CIF v3 -- the fastest way to consume threat intelligence

  •    Python

Do NOT try to install from the master repo. For installation instructions and various unix distribution guides, use the DeploymentKit.

csirtg-indicator-py - python implementation of the indicator-protocol

  •    Python

If you've never worked on a GitHub project, this is a good piece for getting started. Free use of this software is granted under the terms of the Mozilla Public License (MPL2). For details see the file LICENSE included with the distribution.

csirtg-smrt-py - the fastest way to consume threat intelligence.

  •    Python

Parse data using simple YAML and throw it just about anywhere. If you've never worked on a GitHub project, this is a good piece for getting started.