ghidra by NationalSecurityAgency

Ghidra is a software reverse engineering (SRE) framework

created at March 1, 2019, 3:27 a.m.

1,018 +1

47,712 +175

5,539 +6

radare2 by radareorg

UNIX-like reverse engineering framework and command-line toolset

created at July 3, 2012, 7:42 a.m.

486 +0

19,633 +33

2,938 +3

cutter by rizinorg

Free and Open Source Reverse Engineering Platform powered by rizin

created at Sept. 25, 2017, 9:50 a.m.

300 +1

15,022 +101

1,126 +5

atomic-red-team by redcanaryco

Small and highly portable detection tests based on MITRE's ATT&CK.

created at Oct. 11, 2017, 5:23 p.m.

343 +0

9,063 +29

2,664 +7

sigma by SigmaHQ

Main Sigma Rule Repository

created at Dec. 24, 2016, 9:48 a.m.

325 +1

7,623 +19

2,093 +6

volatility by volatilityfoundation

An advanced memory forensics framework

created at April 24, 2014, 3:45 p.m.

308 -1

6,931 +14

1,249 +2

flare-vm by mandiant

A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.

created at July 5, 2017, 9:17 p.m.

198 +0

5,861 +17

863 +4

cuckoo by cuckoosandbox

Cuckoo Sandbox is an automated dynamic malware analysis system

created at Sept. 7, 2011, 12:12 p.m.

435 +0

5,416 +9

1,688 +3

caldera by mitre

Automated Adversary Emulation Platform

created at Nov. 29, 2017, 1:25 a.m.

167 +0

5,180 +7

1,011 +4

grr by google

GRR Rapid Response: remote live forensics for incident response

created at Dec. 4, 2013, 12:17 a.m.

316 +0

4,650 +3

759 +0

sysmon-config by SwiftOnSecurity

Sysmon configuration file template with default high-quality event tracing

created at Feb. 1, 2017, 6:49 p.m.

356 +0

4,572 +6

1,670 +2

ThreatHunter-Playbook by OTRF

A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.

created at March 28, 2017, 3:07 a.m.

370 +0

3,870 +7

795 +3

capa by mandiant

The FLARE team's open-source tool to identify capabilities in executable files.

created at June 16, 2020, 9:24 p.m.

78 +0

3,855 +13

491 -1

HELK by Cyb3rWard0g

The Hunting ELK

created at March 14, 2017, 7:14 p.m.

216 +0

3,694 +1

672 +0

awesome-forensics by cugu

A curated list of awesome forensic analysis tools and resources

created at March 29, 2016, 8:54 p.m.

167 +0

3,580 +9

593 +1

Loki by Neo23x0

Loki - Simple IOC and YARA Scanner

created at Jan. 18, 2015, 8:39 a.m.

187 +0

3,226 +7

572 +0

OSXAuditor by jipegit

OS X Auditor is a free Mac OS X computer forensics tool

created at June 19, 2013, 5:26 p.m.

183 -1

3,130 -1

282 +0

security-onion by Security-Onion-Solutions

Security Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management

created at March 24, 2015, 8:15 p.m.

302 +0

3,056 -1

518 +0

streamalert by airbnb

StreamAlert is a serverless, realtime data analysis framework which empowers you to ingest, analyze, and alert on data from any environment, using datasources and alerting logic you define.

created at Jan. 22, 2017, 1:10 a.m.

101 +0

2,827 -1

334 +1

velociraptor by Velocidex

Digging Deeper....

created at March 24, 2018, 7:39 a.m.

70 +0

2,660 +12

447 +1