traceroute-circl by CIRCL

Traceroute improved wrapper for CSIRT and CERT operators

updated at Aug. 6, 2021, 6:54 p.m.

16 +0

36 +0

9 +0

Panorama by AlmCo

Fast incident overview

updated at Jan. 2, 2023, 1:12 a.m.

3 +0

38 +0

6 +0

pyarascanner by nogoodconfig

A simple many-rules to many-files YARA scanner for incident response or malware zoos.

updated at July 6, 2023, 2:10 a.m.

3 +0

25 +0

4 +0

PowerGRR by swisscom

PowerGRR is an API client library in PowerShell working on Windows, Linux and macOS for GRR automation and scripting.

updated at Aug. 26, 2023, 6:23 p.m.

20 +0

56 +0

7 +0

PowerSponse by swisscom

PowerSponse is a PowerShell module focused on targeted containment and remediation during incident response.

updated at Jan. 29, 2024, 5:35 p.m.

15 +0

36 +0

6 +0

CIRTKit by opensourcesec

Tools for the Computer Incident Response Team

updated at Jan. 31, 2024, 10:04 a.m.

19 +0

140 +0

25 +0

lorg by jensvoid

Apache Logfile Security Analyzer

updated at Jan. 31, 2024, 10:42 a.m.

42 +0

207 +0

50 +0

hostintel by keithjjones

A modular Python application to collect intelligence for malicious hosts.

updated at Feb. 9, 2024, 5:33 p.m.

30 +0

258 +0

52 +0

AutoTTP by jymcheong

Automated Tactics Techniques & Procedures

updated at March 8, 2024, 11:16 a.m.

24 +0

244 +0

64 +0

doorman by mwielgoszewski

an osquery fleet manager

updated at March 8, 2024, 11:26 a.m.

33 +0

616 +0

95 +0

VolDiff by aim4r

VolDiff: Malware Memory Footprint Analysis based on Volatility

updated at March 26, 2024, 6:38 a.m.

28 +0

192 +0

50 +0

scot by sandialabs

Sandia Cyber Omni Tracker (SCOT)

updated at March 31, 2024, 6:13 a.m.

38 +0

242 +0

48 +0

evolve by JamesHabben

Web interface for the Volatility Memory Forensics Framework

updated at April 4, 2024, 10:44 p.m.

38 +0

259 +0

42 +0

nightHawkResponse by biggiesmallsAG

Incident Response Forensic Framework

updated at April 27, 2024, 8:49 a.m.

82 +0

596 +0

139 +0

margaritashotgun by ThreatResponse

Remote Memory Acquisition Tool

updated at April 27, 2024, 8:50 a.m.

17 +0

235 +0

50 +0

diffy by Netflix-Skunkworks

(DEPRECATED) Diffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.

updated at April 27, 2024, 8:50 a.m.

143 +0

635 +0

59 +0

mastiff by KoreLogicSecurity

Malware static analysis framework

updated at May 4, 2024, 9:59 p.m.

18 +0

173 +0

39 +0

cuckoo-modified-api by keithjjones

A Python library to interface with a cuckoo-modified instance

updated at May 7, 2024, 12:53 p.m.

6 +0

19 +0

7 +0

SPECTR3 by alpine-sec

Forensic tool for acquisition, triage and analysis of remote block devices via iSCSI protocol.

updated at May 10, 2024, 9:09 a.m.

4 +0

36 +0

3 +0

fileintel by keithjjones

A modular Python application to pull intelligence about malicious files

updated at May 14, 2024, 12:11 p.m.

17 +0

114 +0

25 +0