Top 23 Python Dfir Projects

• ThreatHunter-Playbook

  4 3,873 0.0 Python

  A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.

  

• Loki

  12 3,248 5.7 Python

  Loki - Simple IOC and YARA Scanner (by Neo23x0)

Project mention: My Boss Downloaded and Opened a .lnk File and Installed a Malware in His Device | /r/computerforensics | 2023-06-06

You should run a tool like loki for ioc scanning. This will identify persistence https://github.com/Neo23x0/Loki

• InfluxDB

  www.influxdata.com featured

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

• IntelOwl

  13 3,114 9.8 Python

  IntelOwl: manage your Threat Intelligence at scale

  

Project mention: Monthly Security Checklist | /r/msp | 2023-06-25

• timesketch

  2 2,492 9.0 Python

  Collaborative forensic timeline analysis

  

• yeti

  2 1,633 9.6 Python

  Your Everyday Threat Intelligence

  

• Digital-Forensics-Guide

  6 1,343 6.4 Python

  Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.

Project mention: Most used DFIR tools | /r/cybersecurity | 2023-12-10

If you're looking to learn on your own, try mikeroyal's digital forensics guide on Github. There's a lot of recommended resources there that'll speed you up. https://github.com/mikeroyal/Digital-Forensics-Guide

• beagle

  1 1,250 0.0 Python

  Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs. (by yampelo)

• SaaSHub

  www.saashub.com featured

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

• threathunting

  3 1,102 1.7 Python

  A Splunk app mapped to MITRE ATT&CK to guide your threat hunts

• hindsight

  8 1,020 6.1 Python

  Web browser forensics for Google Chrome/Chromium

• Hunting-Queries-Detection-Rules

  7 1,007 9.3 Python

  KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.

Project mention: Advanced Hunting queries every admin should use | /r/DefenderATP | 2023-05-29

• dissect

  4 856 6.5 Python

  Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats, developed by Fox-IT (part of NCC Group).

  

• CyberThreatHunting

  1 793 3.3 Python

  A collection of resources for Threat Hunters - Sponsored by Falcon Guard

• ThreatIngestor

  1 786 7.6 Python

  Extract and aggregate threat intelligence.

  

• mac_apt

  2 718 7.3 Python

  macOS (& ios) Artifact Parsing Tool

Project mention: My productivity app is a never-ending .txt file | news.ycombinator.com | 2024-02-19

• turbinia

  1 714 9.0 Python

  Automation and Scaling of Digital Forensics Tools

  

Project mention: Log2Timeline -> Timesketch | /r/computerforensics | 2023-05-16

You want Turbinia and DFTimewolf. Literally the tools built by the DF team at Google (the same team that makes L2T) purpose-built to do exactly what you're asking.

• lookyloo

  2 655 9.6 Python

  Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other.

  

• atc-react

  1 571 10.0 Python

  A knowledge base of actionable Incident Response techniques

  

• RecuperaBit

  5 504 5.0 Python

  A tool for forensic file system reconstruction.

Project mention: RecuperaBit: A tool for forensic file system reconstruction | news.ycombinator.com | 2024-02-07

• iocextract

  1 486 5.4 Python

  Defanged Indicator of Compromise (IOC) Extractor.

  

• misp-warninglists

  3 478 8.3 Python

  Warning lists to inform users of MISP about potential false-positives or other information in indicators

  

• PurpleCloud

  1 474 5.5 Python

  A little tool to play with Azure Identity - Azure Active Directory lab creation tool

• dfirtrack

  2 464 7.8 Python

  DFIRTrack - The Incident Response Tracking Application

  

• LOOBins

  2 387 8.3 Python

  Living Off the Orchard: macOS Binaries (LOOBins) is designed to provide detailed information on various built-in "living off the land" macOS binaries and how they can be used by threat actors for malicious purposes.

Project mention: LOOBins | news.ycombinator.com | 2023-05-25

I’m excited to announce the release of Living Off the Orchard: macOS Binaries (LOOBins)!

LOOBins is a resource designed to help cybersecurity professionals and researchers understand and defend against the potential risks associated with binaries built into macOS.

https://loobins.io

• SaaSHub

  www.saashub.com featured

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

Python Dfir related posts

• RecuperaBit: A tool for forensic file system reconstruction

  1 project | news.ycombinator.com | 7 Feb 2024

• Advanced Hunting queries every admin should use

  1 project | /r/DefenderATP | 29 May 2023

• LOOBins

  1 project | news.ycombinator.com | 25 May 2023

• Saving cached telegram messages from Edge

  1 project | /r/DataHoarder | 29 Apr 2023

• Lists

  1 project | news.ycombinator.com | 27 Apr 2023

• Report tips and note taking tips

  4 projects | /r/computerforensics | 21 Mar 2023

• please help, need disk recovery software free or cheap

  1 project | /r/homelab | 10 Mar 2023
• A note from our sponsor - SaaSHub
  www.saashub.com | 4 May 2024

  SaaSHub helps you find the best software and product alternatives Learn more →

Index

Sponsored

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com

Do not miss the trending Python projects with our weekly report!