Sooty
intelmq
Sooty | intelmq | |
---|---|---|
1 | 3 | |
1,284 | 937 | |
- | 2.0% | |
0.0 | 9.0 | |
7 months ago | 10 days ago | |
Python | Python | |
GNU General Public License v3.0 only | GNU Affero General Public License v3.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Sooty
-
A user has opened an attachment in a phishing email (MIME file, possibly .pdf). Our antivirus isn't finding anything, and there are no clear indications of compromise. We don't have a clear policy to respond to things like this. What would you do?
I haven't played with this yet, but it looks promising for trying to automate your OSINT when researching phishing emails: https://github.com/TheresAFewConors/Sooty
intelmq
-
What are your favorite open-sources tools?
IntelMQ
- certtools/intelmq - IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol
- IntelMQ is a solution for IT security teams (CERTs & CSIRTs, SOCs, abuse departments, etc.) for collecting and processing security feeds (such as log files) using a message queuing protocol. Its main goal is to give to incident responders an easy way to collect & process threat intelligence...
What are some alternatives?
MultiQC - Aggregate results from bioinformatics analyses across many samples into a single report.
MISP - MISP (core software) - Open Source Threat Intelligence and Sharing Platform
PhishingKitTracker - Let's track phishing kits to give to research community raw material to study !
IntelOwl - IntelOwl: manage your Threat Intelligence at scale
spate - Quickly create workflows, business and process automation pipelines. Supports API, UI and Cron based workflows.
ThePhish - ThePhish: an automated phishing email analysis tool
Spoofy - Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.
malware-ioc - Indicators of Compromises (IOC) of our various investigations
STARS - A multi-cloud DNS record scanner that aims to help cybersecurity/IT analysts identify dangling CNAME records in their cloud DNS services that could possibly lead to subdomain takeover scenarios.
elasticsearch-mapper-attachments - Mapper Attachments Type plugin for Elasticsearch
cytoflow - A Python toolbox for quantitative, reproducible flow cytometry analysis
wifiphisher - The Rogue Access Point Framework