Threat Intelligence
Showing 36 of 99 projects
A desktop application for incident responders to track findings, tasks, and visualize timelines during cybersecurity investigations.
A curated collection of public JSON APIs for cybersecurity professionals, covering threat intelligence, malware analysis, and security tools.
A Python package with 30 low-high level honeypots for monitoring network traffic, bots, and credential attacks.
An extendable Python tool to extract and aggregate Indicators of Compromise (IOCs) from various threat intelligence feeds.
An extendable Python tool to extract and aggregate Indicators of Compromise (IOCs) from various threat intelligence feeds.
A Python utility for checking file hashes against multiple malware analysis services like VirusTotal, Hybrid Analysis, and MISP.
A low-interaction honeypot that emulates vulnerable services to capture malware and analyze attacks.
Enumerates persistently installed software on macOS, similar to AutoRuns for Windows.
A utility for analyzing and studying malicious JavaScript by emulating a Windows JScript environment.
A collection of metadata repositories for NextDNS security, privacy, and parental control features.
A tool to gather and enrich threat intelligence indicators from publicly available sources into a structured CSV format.
An extension of Cuckoo Sandbox that adds automated Android malware analysis capabilities for executing and analyzing Android applications.
A Python library and CLI for extracting and refanging defanged Indicators of Compromise (IOCs) from text.
Open-source detection rules for identifying SolarWinds SunBurst backdoor activities and related vulnerabilities across multiple security tools.
A collection of public exploits targeting malware infrastructure for security research and analysis.
A Python tool for collecting security intelligence from public feeds about IPs, domains, URLs, emails, hashes, and SSL fingerprints.
A Volatility plugin that extracts configuration data and decoded strings from known malware families in memory images.
A Python tool for extracting malware family names and tags from antivirus engine labels, designed for large-scale malware analysis.
A Node.js sandbox for semi-automatic JavaScript malware analysis, deobfuscation, and payload extraction.
A collection of publicly shared Indicators of Compromise (IOCs) from FireEye for threat intelligence and security research.
A comprehensive macOS security suite combining a PF firewall, privatizing proxy, and ClamAV anti-virus to block trackers, malware, and attacks.
A lightweight investigation notebook for security analysts to document and track threat intelligence.
A collection of prescriptive recipes for preparing and applying countermeasures against cyber threats and attacks.
A browser extension that streamlines security investigations by providing quick lookups for IPs, domains, hashes, and other indicators.
A collection of native security controls for major cloud platforms mapped to MITRE ATT&CK techniques to enable threat-informed defense decisions.
A Python RESTful API framework for querying multiple online malware analysis and threat intelligence services.
A framework for parsing configuration information from malware, extracting items like addresses, passwords, and filenames.
A Python telnet honeypot that emulates a shell environment to catch IoT botnet binaries and analyze malware networks.
A modular, recursive file scanning framework that extends Yara signatures to extract and analyze file objects for malware analysis and intelligence.
A curated list of tools and resources for understanding, detecting, and removing malware persistence techniques across operating systems.
A modular Python tool that collects threat intelligence for hosts (IPs, domains, FQDNs) from multiple sources and outputs CSV data.
A heavily modified version of Cuckoo Sandbox with enhanced malware analysis capabilities, 64-bit support, and anti-evasion techniques.
A pub-sub broker for threat intelligence data that connects open-source security tools like OpenCTI, MISP, Zeek, and VAST.
A daily updated summary of the most frequent security advisories from multiple global CERTs and threat intelligence sources.
A Splunk-based platform for deploying honeypots and analyzing attacker sessions with intelligence dashboards and threat feeds.
A cyber security incident response management system and knowledge base designed to coordinate team efforts and capture team knowledge.
Related Tags
Found a gem we're missing?
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.