caldera by mitre

Automated Adversary Emulation Platform

updated at May 19, 2024, 9:32 p.m.

Python

166 -2

5,224 +18

1,015 +1

GitHub
CAPEv2 by kevoreilly

Malware Configuration And Payload Extraction

updated at May 19, 2024, 6:41 p.m.

Python

64 -1

1,702 +11

381 +1

GitHub
acquire by fox-it

acquire is a tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container.

updated at May 19, 2024, 2:46 p.m.

Python

12 +0

77 +2

18 +1

GitHub
Zircolite by wagga40

A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs

updated at May 19, 2024, 2:13 p.m.

Python

24 +0

604 +3

84 +0

GitHub
APT-Hunter by ahmedkhlief

APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity

updated at May 19, 2024, 12:38 p.m.

Python

47 +0

1,157 +4

229 +0

GitHub
osxcollector by Yelp

A forensic evidence collection & analysis toolkit for OS X

updated at May 19, 2024, 6:22 a.m.

Python

125 +0

1,860 -1

240 +0

GitHub
sigma by SigmaHQ

Main Sigma Rule Repository

updated at May 19, 2024, 5:46 a.m.

Python

327 +0

7,700 +30

2,103 +1

GitHub
timesketch by google

Collaborative forensic timeline analysis

updated at May 19, 2024, 5:15 a.m.

Python

138 +0

2,502 +5

570 +1

GitHub
volatility3 by volatilityfoundation

Volatility 3.0 development

updated at May 19, 2024, 5:02 a.m.

Python

55 +0

2,252 +16

371 +0

GitHub
MalConfScan by JPCERTCC

Volatility plugin for extracts configuration data of known malware

updated at May 19, 2024, 2:36 a.m.

Python

36 +0

471 +2

68 +0

GitHub
MozDef by mozilla

DEPRECATED - MozDef: Mozilla Enterprise Defense Platform

updated at May 18, 2024, 9:36 p.m.

Python

149 +0

2,174 +1

329 +1

GitHub
volatility by volatilityfoundation

An advanced memory forensics framework

updated at May 18, 2024, 9:19 p.m.

Python

308 +0

6,956 +8

1,249 -3

GitHub
Loki by Neo23x0

Loki - Simple IOC and YARA Scanner

updated at May 18, 2024, 2:55 p.m.

Python

187 +0

3,254 +3

575 +0

GitHub
DidierStevensSuite by DidierStevens

Please no pull requests for this repository. Thanks!

updated at May 18, 2024, 1:41 p.m.

Python

122 +0

1,847 +4

502 -1

GitHub
capa by mandiant

The FLARE team's open-source tool to identify capabilities in executable files.

updated at May 18, 2024, 10:39 a.m.

Python

79 +1

3,897 +16

494 +3

GitHub
plaso by log2timeline

Super timeline all the things

updated at May 18, 2024, 10:09 a.m.

Python

92 +0

1,629 +1

323 -1

GitHub
cuckoo-modified by spender-sandbox

Modified edition of cuckoo

updated at May 18, 2024, 9:51 a.m.

Python

72 +0

389 +1

178 +0

GitHub
artifacts-kb by ForensicArtifacts

Digital Forensics Artifacts Knowledge Base

updated at May 18, 2024, 5:38 a.m.

Python

8 +0

68 -1

15 +0

GitHub
artifacts by ForensicArtifacts

Digital Forensics artifact repository

updated at May 18, 2024, 5:37 a.m.

Python

73 +0

991 +6

204 +2

GitHub
hindsight by obsidianforensics

Web browser forensics for Google Chrome/Chromium

updated at May 17, 2024, 10:51 p.m.

Python

67 +0

1,026 +5

134 +0

GitHub
Most stars Fewest stars Most forks Fewest forks Most watchers Fewest watchers Recently created Least recently created Recently updated Least recently updated Most repositories Fewest repositories
All languages 135 Python 60 JavaScript 11 Unknown languages 10 Go 9 PowerShell 9 C 5 C++ 5 Rust 5 Shell 5 C# 4 HTML 4 Batchfile 2 AutoIt 1 Dockerfile 1 Java 1 Jupyter Notebook 1 PHP 1 Perl 1