Threat Detection
Showing 36 of 82 projects
A macOS security tool that continually monitors persistence locations to block malware installation attempts.
A collection of nearly 40,000 JavaScript malware samples for security research and analysis.
An automated malware analysis tool for Linux ELF files, extracting static and dynamic features for security assessment.
An LLM-powered web honeypot that dynamically crafts realistic HTTP responses to mimic various applications and detect malicious traffic.
An open-source security analytics platform that integrates big data technologies for centralized security monitoring, threat detection, and investigation.
An open-source framework for detecting command and control communication through network traffic analysis using Zeek logs.
A Linux daemon that detects and blocks USB keystroke injection attacks through monitoring and device ejection.
A network fingerprinting standard that identifies SSH client and server implementations via MD5 hashes of algorithm sets.
A security-hardened container runtime for AI coding agents using Incus system containers with real-time threat detection and credential isolation.
A serverless application to create and monitor fake HTTP endpoints (URL honeytokens) on AWS Lambda and API Gateway.
Collects Windows forensic artifacts to detect early system compromises through analysis of live data.
A collection of example YARA-L detection rules and dashboards for Google Security Operations (SecOps).
A Python framework for creating protocol decoders and detectors to analyze APT tradecraft in network traffic.
An open-source Python framework for creating honeypots and honeynets to detect and analyze cyber attacks.
A collection of built-in detection rules and policies for Panther, a modern SIEM, enabling security monitoring as code.
A security analysis tool that visualizes Sysmon event logs using Elasticsearch and Kibana to investigate suspicious activity.
A curated list of resources for detecting threats and defending Kubernetes systems.
A modified fork of Cuckoo Sandbox with enhanced malware analysis capabilities, improved stability, and additional features.
A Go HTTP middleware that protects web services from OWASP Top 10 threats, known vulnerabilities, malicious actors, and brute force attacks.
A community-driven collection of pre-built security analytics queries and rules for auditing and threat detection in Google Cloud.
Open-source platform for network security analytics using flow and packet analysis to detect unknown threats at cloud scale.
A modular OSINT honeypot that monitors adversary reconnaissance attempts and generates early-warning intelligence for blue teams.
An open-source blue team tool that protects Linux and Windows operating systems through multiple security methods.
A network security tool that detects the presence of a Responder LLMNR/NBT-NS poisoner in the network.
A curated reference hub of tools and real-world examples for designing effective threat detection and response pipelines.
A modern SMTP honeypot that simulates a vulnerable mail server to capture and log email-based attacks with database integration.
A curated list of awesome tools, libraries, dashboards, and resources for the Suricata intrusion detection/prevention system.
A lightweight rules-based malware scanner for USB drives, local files, and folders with a privacy-friendly approach.
A medium interaction printer honeypot that mimics an exposed network printer to detect and log attacks.
A Python toolset for malware analysis using function-level fuzzy hashing to catalog and compare malicious binaries.
An Active Defense PowerShell framework for detecting and responding to phishing attacks in Office 365 environments.
A honeypot that simulates Veeder Root Guardian AST tank gauges used in gas stations to detect and log cyber threats.
Outlook add-in that enables users to report suspicious emails to security teams with one click.
A honeypot that emulates vulnerable TR-069 (CWMP) devices to detect and analyze attacks targeting IoT modems/routers.
A PowerShell script that monitors and logs newly created WMI consumers and processes to the Windows Application event log.
A PowerShell module for interacting with VirusTotal's API to analyze suspicious files, URLs, domains, and IP addresses.
Related Tags
Found a gem we're missing?
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.