This is the official repository for the Cowrie SSH and Telnet Honeypot effort. Cowrie is a medium interaction SSH and Telnet honeypot designed to log brute force attacks and the shell interaction performed by the attacker.
cowrie honeypot ssh telnet security kippo cowrie-ssh telnet-honeypot sftp scp attacker threat-analysis threat-sharing threatintelThis is a Microsoft Sysinternals Sysmon configuration file template with default high-quality event tracing. The file provided should function as a great starting point for system change monitoring in a self-contained package. This configuration and results should give you a good idea of what's possible for Sysmon. Note that this does not track things like authentication and other Windows events that are also vital for incident investigation.
sysmon threatintel threat-hunting sysinternals netsec monitoring loggingA curated list of awesome malware analysis tools and resources. Inspired by awesome-python and awesome-php. View Chinese translation: 恶意软件分析大合集.md.
malware-analysis awesome awesome-list list malware-samples analysis-framework dynamic-analysis static-analysis threat-intelligence automated-analysis domain-analysis network-traffic threatintel malware-collection malware-research threat-sharing chinese-translation chineseMISP, is an open source software solution for collecting, storing, distributing and sharing cyber security indicators and threat about cyber security incidents analysis and malware analysis. MISP is designed by and for incident analysts, security and ICT professionals or malware reverser to support their day-to-day operations to share structured informations efficiently. The objective of MISP is to foster the sharing of structured information within the security community and abroad. MISP provides functionalities to support the exchange of information but also the consumption of the information by Network Intrusion Detection System (NIDS), LIDS but also log analysis tools, SIEMs.
misp threat-sharing threat-hunting threatintel malware-analysis stix information-exchange fraud-management tip security cti cybersecurity fraud-detection fraud-prevention threat-analysis information-security information-sharing threat-intelligence threat-intelligence-platform intelligenceSpiderFoot is an open source intelligence (OSINT) automation tool. It integrates with just about every data source available and utilises a range of methods for data analysis, making that data easy to navigate. SpiderFoot has an embedded web-server for providing a clean and intuitive web-based interface but can also be used completely via the command-line. It's written in Python 3 and GPL-licensed.
osint infosec threatintel intelligence-gathering reconnaissance footprinting attack-surface osint-reconnaissanceSee what sort of trouble users can get in trying to type your domain name. Find similar-looking domains that adversaries can use to attack you. Can detect typosquatters, phishing attacks, fraud and corporate espionage. Useful as an additional source of targeted threat intelligence. The idea is quite straightforward: dnstwist takes in your domain name as a seed, generates a list of potential phishing domains and then checks to see if they are registered. Additionally it can test if the mail server from MX record can be used to intercept misdirected corporate e-mails and it can generate fuzzy hashes of the web pages to see if they are live phishing sites.
phishing typosquatting domains analytics threatintel dns punycode osintCatching malicious phishing domain names using certstream SSL certificates live stream. The script should work fine using Python2 or Python3.
phishing threat-intelligence certificate-transparency osint threatintelYeti is a platform meant to organize observables, indicators of compromise, TTPs, and knowledge on threats in a single, unified repository. Yeti will also automatically enrich observables (e.g. resolve domains, geolocate IPs) so that you don't have to. Yeti provides an interface for humans (shiny Bootstrap-based UI) and one for machines (web API) so that your other tools can talk nicely to it. Yeti was born out of frustration of having to answer the question "where have I seen this artifact before?" or Googling shady domains to tie them to a malware family.
infosec threatintel threat-sharing threat-hunting enrichment intelligence dfirPowerful plugins and add-ons for hackers
ollydbg immunity volatility-framework firefox ida burpsuite osint threatintelAnd edit the config.cfg according to your needs.
misp misp-instance misp-api fireeye-alert fireeye threatintel cybersecurity cyberThis plugin adds Processing Pipeline functions to enrich log messages with threat intelligence data. Please read the usage instructions below for more information and specific guides.
graylog threat otx whois-information abuse graylog-plugin threatintel threat-score threat-analysis spamhaus whois whois-lookupYou need to run sqhunter on your salt-master server.
saltstack osquery threatintel threat-hunting threat-intelligence security security-toolsAdd your api key to the bro-otx.conf configuration file. Add the bro-otx.py script into the crontab of a user with the ability to write to your bro scripts directories.
bro alienvault-otx otx threatintelIntelligence and Reconnaissance Package/Bundle installer. IntRec-Pack is a Bash script designed to download, install and deploy several quality OSINT, Recon and Threat Intelligence tools. Due to the fact it manages the installation of the various dependencies related to these programs as well it aims to be a comprehensive assistant in setting up your intelligence gathering environment. Below is an overview of the tools and utilities it will help you set up.
reconnaissance bash pentest pentesting recon threatintel osint installer install-script enumeration automation security security-toolsOSINT Threat Intel Interface - Named after the old Norse God of knowledge. Mimir functions as a CLI to HoneyDB which in short is an OSINT aggregative threat intel pool. Starting the program brings you to a menu the options for which are as follows.
osint threatintel intel honeypot honeydb cli interface information-retrieval ioc nmap scan-toolAdvanced Indicator of Compromise (IOC) extractor. This library extracts URLs, IP addresses, MD5/SHA hashes, email addresses, and YARA rules from text corpora. It includes obfuscated and "defanged" IOCs in the output, and optionally deobfuscates them.
ioc indicators-of-compromise library ioc-extractor defang threat-intelligence threat-sharing threatintel malware-research osint dfirHippocampe is a threat feed aggregator. It gives your organisation a threat feed 'memory' and lets you query it easily through a REST API or from a Web UI. If you have a Cortex server, there's already an analyzer to query Hippocampe. And if you use TheHive as a security incident response platform, you can customize the JSON output produced by the analyzer to your taste or use the report template that we kindly provide. Hippocampe aggregates feeds from the Internet in an Elasticsearch cluster. It has a REST API which allows to search into its 'memory'. It is based on a Python script which fetchs URLs corresponding to feeds, parses and indexes them.
threat-score threatintel feed intel aggregator thehive open-source free free-softwareDELATOR (lat. informer) is a tool to perform subdomain enumeration and initial reconnaissance through the abusing of certificate transparency (CT) logs. It expands on the original work done by Sheila A. Berta with her CTFR tool and leverages the speed and power of Go. To run DELATOR a domain (-d) and search source (-s) must always be specified.
subdomain-scanner subdomains subdomainlist pentesting reconnaissance recon threat-intelligence threatintel pentest-tool certificate-transparency-logs penetration-testing certificate-transparency-abuseDNSMORPH is a domain name permutation engine, inspired by dnstwist. It is written in Go making for a compact and very fast tool. It robustly handles any domain or subdomain supplied and provides a number of configuration options to tune permutation runs. Downloading the pre-compiled binaries for your platform from the latest release page and extracting in a directory of your choosing.
permutation-algorithms permutations domains dns typosquatting phishing phishing-attacks phishing-sites pentest-tool threatintel threat-intelligence penetration-testing2018-01-30 Updated data. 2017-11-08 Updated data. Sorted JSON keys so future updates should diff more cleanly in git commit logs.
vulnerability-data vulnerability vulnerability-notes cert vulnerability-report threat-intelligence threatintel threat-analysis threat cve
We have large collection of open source products. Follow the tags from
Tag Cloud >>
Open source products are scattered around the web. Please provide information
about the open source projects you own / you use.
Add Projects.