traceroute-circl by CIRCL

Traceroute improved wrapper for CSIRT and CERT operators

updated at Aug. 6, 2021, 6:54 p.m.

16 +0

36 +0

9 +0

Panorama by AlmCo

Fast incident overview

updated at Jan. 2, 2023, 1:12 a.m.

3 +0

38 +0

6 +0

pyarascanner by nogoodconfig

A simple many-rules to many-files YARA scanner for incident response or malware zoos.

updated at July 6, 2023, 2:10 a.m.

3 +0

25 +0

4 +0

PowerGRR by swisscom

PowerGRR is an API client library in PowerShell working on Windows, Linux and macOS for GRR automation and scripting.

updated at Aug. 26, 2023, 6:23 p.m.

20 +0

56 +0

7 +0

cuckoo-modified-api by keithjjones

A Python library to interface with a cuckoo-modified instance

updated at Dec. 4, 2023, 6:09 p.m.

6 +0

18 +0

7 +0

visualize_logs by keithjjones

A Python library and command line tools to provide interactive log visualization.

updated at Dec. 26, 2023, 12:22 p.m.

15 +0

134 +0

36 +0

sqhunter by 0x4D31

A simple threat hunting tool based on osquery, Salt Open and Cymon API

updated at Jan. 3, 2024, 2:14 p.m.

12 +0

65 +0

15 +0

domfind by diogo-fernan

A Python DNS crawler to find identical domain names under different TLDs.

updated at Jan. 4, 2024, 12:28 p.m.

4 +0

20 +0

3 +0

IRTriage by AJMartel

Incident Response Triage - Windows Evidence Collection for Forensic Analysis

updated at Jan. 21, 2024, 3:33 p.m.

17 +0

123 +0

26 +0

Fastir_Collector_Linux by SekoiaLab

None

updated at Jan. 25, 2024, 4:16 p.m.

23 +0

165 +0

42 +0

PowerSponse by swisscom

PowerSponse is a PowerShell module focused on targeted containment and remediation during incident response.

updated at Jan. 29, 2024, 5:35 p.m.

15 +0

36 +0

6 +0

CIRTKit by opensourcesec

Tools for the Computer Incident Response Team

updated at Jan. 31, 2024, 10:04 a.m.

19 +0

140 +0

25 +0

lorg by jensvoid

Apache Logfile Security Analyzer

updated at Jan. 31, 2024, 10:42 a.m.

42 +0

207 +0

50 +0

inVtero.net by ShaneK2

inVtero.net: A high speed (Gbps) Forensics, Memory integrity & assurance. Includes offensive & defensive memory capabilities. Find/Extract processes, hypervisors (including nested) in memory dumps using microarchitechture independent Virtual Machiene Introspection techniques

updated at Feb. 5, 2024, 5:10 p.m.

31 +0

276 +0

57 +0

hostintel by keithjjones

A modular Python application to collect intelligence for malicious hosts.

updated at Feb. 9, 2024, 5:33 p.m.

30 +0

258 +0

52 +0

falcon-orchestrator by CrowdStrike

CrowdStrike Falcon Orchestrator provides automated workflow and response capabilities

updated at Feb. 9, 2024, 8:47 p.m.

36 +0

183 +0

60 +0

imagemounter by ralphje

Command line utility and Python package to ease the (un)mounting of forensic disk images

updated at March 1, 2024, 8:14 a.m.

13 +0

111 +0

36 +0

morgue by etsy

post mortem tracker

updated at March 6, 2024, 10:03 p.m.

75 +0

1,011 +0

133 +0

AutoTTP by jymcheong

Automated Tactics Techniques & Procedures

updated at March 8, 2024, 11:16 a.m.

24 +0

244 +0

64 +0

doorman by mwielgoszewski

an osquery fleet manager

updated at March 8, 2024, 11:26 a.m.

33 +0

616 +0

95 +0