InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now. Learn more →
Top 23 Python incident-response Projects
-
-
InfluxDB
InfluxDB – Built for High-Performance Time Series Workloads. InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.
-
Clone the Volatility 3 repository: > git clone https://github.com/volatilityfoundation/volatility3.git
-
tracecat
Open source Tines / Splunk SOAR alternative. All-in-one automation platform (workflows, tables, cases) for security and IT teams.
-
Bashfuscator
A fully configurable and extendable Bash obfuscation framework. This tool is intended to help both red team and blue team.
-
Incident-Playbook
GOAL: Incident Response Playbooks Mapped to MITRE Attack Tactics and Techniques. [Contributors Friendly]
-
APT-Hunter
APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity
-
beagle
Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs. (by yampelo)
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
-
-
-
intelmq
IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol.
-
holmesgpt
Your 24/7 On-Call AI Agent - Solve Alerts Faster with Automatic Correlations, Investigations, and More
HolmesGPT, from Robusta, is a tool that simplifies Kubernetes troubleshooting. It investigates issues automatically, requiring no prior expertise. Use it via the Robusta SaaS platform or CLI with queries like holmes ask "what pods are unhealthy and why?".
-
Watcher
Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS. (by Felix83000)
-
-
-
I'm working on https://github.com/incidentalhq/incidental
It's an incident management platform, similar to Pagerduty, Rootly or FireHydrant.
It's the first side project I've open sourced, and I've been hacking on it weekends and nights. Hoping to get a few companies to start using it to get some early feedback.
-
-
misp-taxonomies
Taxonomies used in MISP taxonomy system and can be used by other information sharing tool.
-
assisted-log-enabler-for-aws
Assisted Log Enabler for AWS - Find AWS resources that are not logging, and turn them on.
-
-
cradle
CRADLE is a collaborative platform for Cyber Threat Intelligence analysts. It streamlines threat investigations with integrated note-taking, automated data linking, interactive visualizations, and robust access control. Enhance your CTI workflow from analysis to reporting—all in one secure space. (by prodaft)
-
-
mediator
An extensible, end-to-end encrypted reverse shell that works across networks without port forwarding. (by lawndoc)
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Python incident-response discussion
Python incident-response related posts
-
Show HN: I am building an open-source incident management platform
-
Volatility 3 2.4.1 - New Linux and Windows plugins
-
Using volatility 3 to retrieve clipboard contents
-
Report tips and note taking tips
-
DataSurgeon: Quickly Extracts IP's, Email Addresses, Hashes, Files, URLs, Phone numbers and more from text
-
Custom DFIR
-
How to conduct security assesment of AWS?
-
A note from our sponsor - InfluxDB
www.influxdata.com | 21 Jun 2025
Index
What are some of the best open-source incident-response projects in Python? This list will help you:
# | Project | Stars |
---|---|---|
1 | IntelOwl | 4,158 |
2 | volatility3 | 3,208 |
3 | tracecat | 2,820 |
4 | Bashfuscator | 1,766 |
5 | Incident-Playbook | 1,466 |
6 | APT-Hunter | 1,340 |
7 | beagle | 1,314 |
8 | ThePhish | 1,239 |
9 | iris-web | 1,209 |
10 | intelmq | 1,049 |
11 | holmesgpt | 1,038 |
12 | Watcher | 930 |
13 | CyberThreatHunting | 890 |
14 | atc-react | 637 |
15 | incidental | 547 |
16 | dfirtrack | 519 |
17 | misp-taxonomies | 278 |
18 | assisted-log-enabler-for-aws | 256 |
19 | TheHive4py | 228 |
20 | cradle | 238 |
21 | kc7 | 172 |
22 | mediator | 99 |
23 | aws-incident-response-playbooks-workshop | 91 |