Top 16 Python Dfir Projects
Loki - Simple IOC and Incident Response Scanner (by Neo23x0)Project mention: Rage about CVE dataset quality(?) | reddit.com/r/cybersecurity | 2022-04-17
Collaborative forensic timeline analysisProject mention: Any Timeline self hosted types of software? | reddit.com/r/selfhosted | 2021-10-26
Less time debugging, more time building. Scout APM allows you to find and fix performance issues with no hassle. Now with error monitoring and external services monitoring, Scout is a developer's best friend when it comes to application development.
Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs. (by yampelo)Project mention: yampelo/beagle - Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs. | reddit.com/r/GithubSecurityTools | 2021-06-30
A Splunk app mapped to MITRE ATT&CK to guide your threat huntsProject mention: Breaking down MITRE ATT&CK for ICS techniques into MON Requirements? | reddit.com/r/cybersecurity | 2022-05-14
Olaf has a Splunk module for 'threat hunting' that's mapped to the Enterprise Mitre framework, might be a good example for some components - https://github.com/olafhartong/ThreatHunting - Note: If you just blindly install it... It's pretty rough on the search head...
Web browser forensics for Google Chrome/ChromiumProject mention: Forensic script ideas? | reddit.com/r/computerforensics | 2022-01-21
A collection of resources for Threat Hunters - Sponsored by Falcon GuardProject mention: Any good threat hunting resources? Looking for query libraries. | reddit.com/r/computerforensics | 2022-04-08
macOS (& ios) Artifact Parsing Tool
Static code analysis for 29 languages.. Your projects are multi-language. So is SonarQube analysis. Find Bugs, Vulnerabilities, Security Hotspots, and Code Smells so you can release quality code every time. Get started analyzing your projects today for free.
Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other.
DFIRTrack - The Incident Response Tracking ApplicationProject mention: We are a security team with 20+ years of ethical hacking, and we've defended over 2 million attacks with Blumira. Ask Us Anything. | reddit.com/r/cybersecurity | 2021-10-18
A tool for forensic file system reconstruction.Project mention: Need help, with creating a symlink. | reddit.com/r/Ubuntu | 2022-04-05
$ sudo -s # cd /opt # git clone https://github.com/Lazza/RecuperaBit.git
Documentation of TheHive
Warning lists to inform users of MISP about potential false-positives or other information in indicatorsProject mention: Hashlookup-Forensic-Analyser | news.ycombinator.com | 2022-05-07
Indeed, specific files such as empty files but also many one or two bytes files are very recurring in many software sources. In the next version, we will include the MISP-warninglists such as the empty-hashes lists https://github.com/MISP/misp-warninglists/blob/main/lists/em... to warn about potential common files.
The tool can also work with the Bloom filter provided by hashlookup when the request to the API are not possible.
A little tool to play with Azure Identity - Azure Active Directory lab creation toolProject mention: Anyone have experience building a Windows AD lab environment in Docker? | reddit.com/r/docker | 2022-04-09
We looked into pre-configured, plug-and-play options. One project (leveraging Ansible) is called PurpleCloud. Probably because running even a handful of Windows VMs on a PC can get pretty slow, pretty fast, their project spins this network up on Azure. However, the estimated monthly cost of the cloud resources is not attractive; over $300 per month. While it's true that we would not need to run the lab every day resulting in lower cost, I think we would want to run new tests fairly often, especially if multiple analysts are using it (and I already know the burn of forgetting an EC2 instance on for a week or two).
Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service - https://circl.lu/services/hashlookup/Project mention: hashlookup-forensic-analyser: Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service - https://circl.lu/services/hashlookup/ | reddit.com/r/blueteamsec | 2022-05-07
Carve file metadata from NTFS index ($I30) attributesProject mention: INDXRipper: Carve index entries from NTFS index ($I30) attributes | reddit.com/r/blueteamsec | 2021-09-28
RELY (Name composed on project members Romy, Esther, Lucille and Yassir) is a python tool developed to help a Digital Forensics Triage procedure on some Microsoft Windows devices.
Python Dfir related posts
Breaking down MITRE ATT&CK for ICS techniques into MON Requirements?
2 projects | reddit.com/r/cybersecurity | 14 May 2022
hashlookup-forensic-analyser: Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service - https://circl.lu/services/hashlookup/
1 project | reddit.com/r/blueteamsec | 7 May 2022
1 project | reddit.com/r/CKsTechNews | 7 May 2022
2 projects | news.ycombinator.com | 7 May 2022
Need help, with creating a symlink.
1 project | reddit.com/r/Ubuntu | 5 Apr 2022
Volatility 3 commands and usage tips to get started with memory forensics. Volatility 3 + plugins make it easy to do advanced memory analysis.
3 projects | reddit.com/r/computerforensics | 22 Feb 2022
Forensic script ideas?
1 project | reddit.com/r/computerforensics | 21 Jan 2022
What are some of the best open-source Dfir projects in Python? This list will help you:
Are you hiring? Post a new remote job listing for free.