Threat Intelligence
Showing 27 of 99 projects
A deprecated threat intelligence platform for collecting, processing, and sharing security indicators.
Import 28+ threat intelligence feeds into CrowdSec with automatic deduplication, normalization, and real-time sync.
A lightweight authenticated publish-subscribe protocol for binary data feeds, commonly used for security data sharing.
Python library for creating, editing, and managing OpenIOC objects for threat intelligence indicators.
A curated list of resources for understanding and securing the Ethereum Virtual Machine (EVM) ecosystem.
A honeypot designed to detect and log attacks targeting Elasticsearch remote code execution vulnerabilities.
A curated collection of information and tools for detecting, analyzing, and hunting malware persistence mechanisms across operating systems.
A low-interaction honeypot that mimics Android Debug Bridge (ADB) over TCP/IP to capture malware targeting exposed port 5555.
A tool for data visualization and statistical analysis of threat intelligence indicator feeds to measure their quality and effectiveness.
A Python-based multithreaded threat intelligence gathering tool that collects, stores, and serves indicators of compromise from various sources.
SpiderFoot is an open-source intelligence (OSINT) automation platform that integrates with 309+ data sources for threat intelligence and attack surface mapping.
A TypeDB schema for representing STIX 2.1 cyber threat intelligence data, enabling structured querying of threat actors, malware, and infrastructure.
A Python-based Telnet honeypot that emulates a Telnet service inside a chroot environment to capture malicious activity.
A low-interaction honeypot that mimics network services and clones websites with AI-powered responses to detect intruders.
An open-source malware analysis pipeline system that automates sample collection, processing, and JSON-based artifact storage.
A Python-based spam honeypot that acts as an SMTP server to collect, analyze, and track spam campaigns for threat intelligence.
A low-interaction honeypot that responds to network scanners and bots across multiple protocols, designed for self-hosted threat intelligence.
An open-source framework for receiving, processing, and redistributing abuse feeds and threat intelligence.
A PowerShell module for interacting with VirusTotal's API to analyze suspicious files, URLs, domains, and IP addresses.
A modular Python tool that collects threat intelligence from multiple sources for files identified by their hash.
An open-source repository of cybersecurity detection rules and threat identifiers for security teams to enhance threat detection capabilities.
A simple framework to extract actionable data like C&C servers and phone numbers from Android malware samples.
A signature-based, multi-threaded honeypot detection tool written in Go that identifies emulated services via crafted requests.
A modular malware and IOC ingestion framework that collects, enriches, and exports threat intelligence from multiple feeds.
A low-to-medium interaction SSH honeypot written in Go that captures terminal sessions and logs attacker activity.
A Home Assistant add-on that installs Crowdsec, an open-source IPS for analyzing visitor behavior and blocking attacks.
A set of Maltego transforms for VirusTotal Public API v2.0 with daily query caching to speed up resolutions.
Related Tags
Found a gem we're missing?
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.