Panorama by AlmCo

Fast incident overview

updated at Jan. 2, 2023, 1:12 a.m.

3 +0

38 +0

6 +0

pyarascanner by nogoodconfig

A simple many-rules to many-files YARA scanner for incident response or malware zoos.

updated at July 6, 2023, 2:10 a.m.

3 +0

25 +0

4 +0

sqhunter by 0x4D31

A simple threat hunting tool based on osquery, Salt Open and Cymon API

updated at Jan. 3, 2024, 2:14 p.m.

12 +0

65 +0

15 +0

domfind by diogo-fernan

A Python DNS crawler to find identical domain names under different TLDs.

updated at Jan. 4, 2024, 12:28 p.m.

4 +0

20 +0

3 +0

CIRTKit by opensourcesec

Tools for the Computer Incident Response Team

updated at Jan. 31, 2024, 10:04 a.m.

19 +0

140 +0

25 +0

hostintel by keithjjones

A modular Python application to collect intelligence for malicious hosts.

updated at Feb. 9, 2024, 5:33 p.m.

30 +0

258 +0

52 +0

AutoTTP by jymcheong

Automated Tactics Techniques & Procedures

updated at March 8, 2024, 11:16 a.m.

24 +0

244 +0

64 +0

doorman by mwielgoszewski

an osquery fleet manager

updated at March 8, 2024, 11:26 a.m.

33 +0

616 +0

95 +0

VolDiff by aim4r

VolDiff: Malware Memory Footprint Analysis based on Volatility

updated at March 26, 2024, 6:38 a.m.

28 +0

192 +0

50 +0

winreg-kb by libyal

Windows Registry Knowledge Base

updated at April 9, 2024, 6:50 a.m.

16 +0

151 +0

20 +0

VolatilityBot by mkorman90

VolatilityBot – An automated memory analyzer for malware samples and memory dumps

updated at April 9, 2024, 9:41 p.m.

27 +0

259 +0

59 +0

Hoarder by muteb

This script is made to collect the most valiable artifacts for foreniscs or incident reponse investigation rather than imaging the whole har drive.

updated at April 25, 2024, 5:48 p.m.

10 +0

187 +0

18 +0

margaritashotgun by ThreatResponse

Remote Memory Acquisition Tool

updated at April 27, 2024, 8:50 a.m.

17 +0

235 +0

50 +0

diffy by Netflix-Skunkworks

(DEPRECATED) Diffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.

updated at April 27, 2024, 8:50 a.m.

143 +0

635 +0

59 +0

rastrea2r by rastrea2r

Collecting & Hunting for IOCs with gusto and style

updated at May 2, 2024, 7:34 a.m.

18 +0

234 +0

53 +0

mastiff by KoreLogicSecurity

Malware static analysis framework

updated at May 4, 2024, 9:59 p.m.

18 +0

173 +0

39 +0

playbooks by phantomcyber

Phantom Community Playbooks

updated at May 6, 2024, 8:19 a.m.

61 +0

453 +0

192 +1

cuckoo-modified-api by keithjjones

A Python library to interface with a cuckoo-modified instance

updated at May 7, 2024, 12:53 p.m.

6 +0

19 +0

7 +0

logdissect by dogoncouch

CLI utility and Python module for analyzing log files and other data.

updated at May 7, 2024, 8:16 p.m.

11 +0

138 +0

22 +0

CDQR by orlikoski

The Cold Disk Quick Response (CDQR) tool is a fast and easy to use forensic artifact parsing tool that works on disk images, mounted drives and extracted artifacts from Windows, Linux, MacOS, and Android devices

updated at May 10, 2024, 7:34 a.m.

30 +0

328 +0

51 +0