Python Dfir

Open-source Python projects categorized as Dfir | Edit details

Top 16 Python Dfir Projects

  • Loki

    Loki - Simple IOC and Incident Response Scanner (by Neo23x0)

    Project mention: Rage about CVE dataset quality(?) | | 2022-04-17
  • timesketch

    Collaborative forensic timeline analysis

    Project mention: Any Timeline self hosted types of software? | | 2021-10-26
  • Scout APM

    Less time debugging, more time building. Scout APM allows you to find and fix performance issues with no hassle. Now with error monitoring and external services monitoring, Scout is a developer's best friend when it comes to application development.

  • beagle

    Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs. (by yampelo)

    Project mention: yampelo/beagle - Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs. | | 2021-06-30
  • threathunting

    A Splunk app mapped to MITRE ATT&CK to guide your threat hunts

    Project mention: Breaking down MITRE ATT&CK for ICS techniques into MON Requirements? | | 2022-05-14

    Olaf has a Splunk module for 'threat hunting' that's mapped to the Enterprise Mitre framework, might be a good example for some components - - Note: If you just blindly install it... It's pretty rough on the search head...

  • hindsight

    Web browser forensics for Google Chrome/Chromium

    Project mention: Forensic script ideas? | | 2022-01-21
  • CyberThreatHunting

    A collection of resources for Threat Hunters - Sponsored by Falcon Guard

    Project mention: Any good threat hunting resources? Looking for query libraries. | | 2022-04-08
  • mac_apt

    macOS (& ios) Artifact Parsing Tool

  • SonarQube

    Static code analysis for 29 languages.. Your projects are multi-language. So is SonarQube analysis. Find Bugs, Vulnerabilities, Security Hotspots, and Code Smells so you can release quality code every time. Get started analyzing your projects today for free.

  • lookyloo

    Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other.

  • dfirtrack

    DFIRTrack - The Incident Response Tracking Application

    Project mention: We are a security team with 20+ years of ethical hacking, and we've defended over 2 million attacks with Blumira. Ask Us Anything. | | 2021-10-18
  • RecuperaBit

    A tool for forensic file system reconstruction.

    Project mention: Need help, with creating a symlink. | | 2022-04-05

    $ sudo -s # cd /opt # git clone

  • TheHiveDocs

    Documentation of TheHive

  • misp-warninglists

    Warning lists to inform users of MISP about potential false-positives or other information in indicators

    Project mention: Hashlookup-Forensic-Analyser | | 2022-05-07

    Indeed, specific files such as empty files but also many one or two bytes files are very recurring in many software sources. In the next version, we will include the MISP-warninglists such as the empty-hashes lists to warn about potential common files.

    The tool can also work with the Bloom filter provided by hashlookup when the request to the API are not possible.

  • PurpleCloud

    A little tool to play with Azure Identity - Azure Active Directory lab creation tool

    Project mention: Anyone have experience building a Windows AD lab environment in Docker? | | 2022-04-09

    We looked into pre-configured, plug-and-play options. One project (leveraging Ansible) is called PurpleCloud. Probably because running even a handful of Windows VMs on a PC can get pretty slow, pretty fast, their project spins this network up on Azure. However, the estimated monthly cost of the cloud resources is not attractive; over $300 per month. While it's true that we would not need to run the lab every day resulting in lower cost, I think we would want to run new tests fairly often, especially if multiple analysts are using it (and I already know the burn of forgetting an EC2 instance on for a week or two).

  • hashlookup-forensic-analyser

    Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service -

    Project mention: hashlookup-forensic-analyser: Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service - | | 2022-05-07
  • INDXRipper

    Carve file metadata from NTFS index ($I30) attributes

    Project mention: INDXRipper: Carve index entries from NTFS index ($I30) attributes | | 2021-09-28
  • RELY

    RELY (Name composed on project members Romy, Esther, Lucille and Yassir) is a python tool developed to help a Digital Forensics Triage procedure on some Microsoft Windows devices.

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2022-05-14.

Python Dfir related posts


What are some of the best open-source Dfir projects in Python? This list will help you:

Project Stars
1 Loki 2,425
2 timesketch 1,933
3 beagle 1,113
4 threathunting 926
5 hindsight 761
6 CyberThreatHunting 617
7 mac_apt 486
8 lookyloo 484
9 dfirtrack 392
10 RecuperaBit 381
11 TheHiveDocs 378
12 misp-warninglists 281
13 PurpleCloud 202
14 hashlookup-forensic-analyser 71
15 INDXRipper 26
16 RELY 2
Find remote jobs at our new job board There are 7 new remote jobs listed recently.
Are you hiring? Post a new remote job listing for free.
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives