CAPEv2 by kevoreilly

Malware Configuration And Payload Extraction

updated at May 12, 2024, 9:27 p.m.

Python

65 +0

1,691 +15

380 +2

GitHub
caldera by mitre

Automated Adversary Emulation Platform

updated at May 12, 2024, 5:38 p.m.

Python

168 +2

5,206 +19

1,014 +2

GitHub
capa by mandiant

The FLARE team's open-source tool to identify capabilities in executable files.

updated at May 12, 2024, 4:59 p.m.

Python

78 +0

3,881 +14

491 +0

GitHub
dftimewolf by log2timeline

A framework for orchestrating forensic collection, processing and data export

updated at May 12, 2024, 4 p.m.

Python

25 +0

276 +3

67 +0

GitHub
plaso by log2timeline

Super timeline all the things

updated at May 12, 2024, 4 p.m.

Python

92 +0

1,628 +4

324 +0

GitHub
volatility3 by volatilityfoundation

Volatility 3.0 development

updated at May 12, 2024, 1:17 p.m.

Python

55 +0

2,236 +15

371 +2

GitHub
Zircolite by wagga40

A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs

updated at May 12, 2024, 12:13 p.m.

Python

24 +0

601 +3

84 +0

GitHub
DidierStevensSuite by DidierStevens

Please no pull requests for this repository. Thanks!

updated at May 12, 2024, 11:19 a.m.

Python

122 +0

1,843 +3

503 +2

GitHub
ThreatHunter-Playbook by OTRF

A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.

updated at May 12, 2024, 10:41 a.m.

Python

370 +0

3,877 +3

796 +1

GitHub
sigma by SigmaHQ

Main Sigma Rule Repository

updated at May 12, 2024, 6:07 a.m.

Python

327 +0

7,670 +16

2,102 +9

GitHub
MalConfScan by JPCERTCC

Volatility plugin for extracts configuration data of known malware

updated at May 12, 2024, 3:33 a.m.

Python

36 +0

469 +1

68 +0

GitHub
artifacts by ForensicArtifacts

Digital Forensics artifact repository

updated at May 12, 2024, 1:53 a.m.

Python

73 -1

985 +1

202 +0

GitHub
volatility by volatilityfoundation

An advanced memory forensics framework

updated at May 11, 2024, 9:42 p.m.

Python

308 +0

6,948 +9

1,252 +2

GitHub
Loki by Neo23x0

Loki - Simple IOC and YARA Scanner

updated at May 11, 2024, 3:58 p.m.

Python

187 +0

3,251 +3

575 +1

GitHub
mac_apt by ydkhatri

macOS (& ios) Artifact Parsing Tool

updated at May 11, 2024, 9:42 a.m.

Python

44 +0

719 +1

99 +0

GitHub
LogonTracer by JPCERTCC

Investigate malicious Windows logon by visualizing and analyzing Windows event log

updated at May 11, 2024, 5:23 a.m.

Python

136 +0

2,633 +3

441 +1

GitHub
grr by google

GRR Rapid Response: remote live forensics for incident response

updated at May 11, 2024, 3:25 a.m.

Python

316 +0

4,656 +2

760 +1

GitHub
RTA by endgameinc

None

updated at May 11, 2024, 1:09 a.m.

Python

98 +0

1,035 +1

213 +0

GitHub
stringsifter by mandiant

A machine learning tool that ranks strings based on their relevance for malware analysis.

updated at May 10, 2024, 1:23 p.m.

Python

30 +0

648 +2

123 +0

GitHub
timesketch by google

Collaborative forensic timeline analysis

updated at May 10, 2024, 8:32 a.m.

Python

138 +1

2,497 +4

569 +1

GitHub
Most stars Fewest stars Most forks Fewest forks Most watchers Fewest watchers Recently created Least recently created Recently updated Least recently updated Most repositories Fewest repositories
All languages 135 Python 60 JavaScript 11 Unknown languages 10 Go 9 PowerShell 9 C 5 C++ 5 Rust 5 Shell 5 C# 4 HTML 4 Batchfile 2 AutoIt 1 Dockerfile 1 Java 1 Jupyter Notebook 1 PHP 1 Perl 1