Sonar helps you commit clean code every time. With over 225 unique rules to find Python bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work. Learn more →
Top 22 Python incident-response Projects
-
Allowed bulk analysis of files as well as observables, leading to a more efficient workflow for IntelOwl users. #1032
-
Project mention: Volatility 3 2.4.1 - New Linux and Windows plugins | reddit.com/r/blueteamsec | 2023-04-22
-
CodiumAI
TestGPT | Generating meaningful tests for busy devs. Get non-trivial tests (and trivial, too!) suggested right inside your IDE, so you can code smart, create more value, and stay confident when you push.
-
beagle
Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs. (by yampelo)
-
Bashfuscator
A fully configurable and extendable Bash obfuscation framework. This tool is intended to help both red team and blue team.
Try and figure out what this does... I used a tool I wrote years ago called Bashfuscator to create it: https://github.com/Bashfuscator/Bashfuscator
-
Incident-Playbook
GOAL: Incident Response Playbooks Mapped to MITRE Attack Tactics and Techniques. [Contributors Friendly]
-
APT-Hunter
APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity
Project mention: APT-Hunter: APT-Hunter is Threat Hunting tool for Windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity | reddit.com/r/blueteamsec | 2023-05-07 -
Project mention: How do you deal with phising emails at your company? | reddit.com/r/cybersecurity | 2023-05-14
-
InfluxDB
Access the most powerful time series database as a service. Ingest, store, & analyze all types of time series data in a fully-managed, purpose-built database. Keep data forever with low-cost storage and superior data compression.
-
intelmq
IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol.
-
-
Watcher
Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS. (by Felix83000)
-
Someone knows something similar to M.Att&ck for incident response? I found this: https://github.com/atc-project/atc-react looks good but seems pretty dead, :?
-
DFIRTrack - https://github.com/dfirtrack/dfirtrack IR tracking application
-
-
misp-taxonomies
Taxonomies used in MISP taxonomy system and can be used by other information sharing tool.
Some repositories are licensed without having any code: Example with datasets: https://github.com/MISP/misp-taxonomies Example with md documentation: https://github.com/tldr-pages/tldr/blob/main/LICENSE.md
-
Project mention: ThePhish: an automated phishing email analysis tool - A new version will come when the Python API for TheHive 5 becomes stable, so stay tuned! | reddit.com/r/netsec | 2023-04-22
Waiting for these guys to complete the API and related documentation: https://github.com/TheHive-Project/TheHive4py
-
assisted-log-enabler-for-aws
Assisted Log Enabler for AWS - Find AWS resources that are not logging, and turn them on.
-
Project mention: Kc7 – A cybersecurity game in Azure Data Explorer | news.ycombinator.com | 2022-09-26
-
evtx-hunter
evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.
-
mediator
An extensible, end-to-end encrypted reverse shell that works across networks without port forwarding. (by lawndoc)
-
Project mention: Playbook/Guide for responding to specific incident | reddit.com/r/cybersecurity | 2023-05-02
-
-
-
ONLYOFFICE
ONLYOFFICE Docs — document collaboration in your environment. Powerful document editing and collaboration in your app or environment. Ultimate security, API and 30+ ready connectors, SaaS or on-premises
NOTE:
The open source projects on this list are ordered by number of github stars.
The number of mentions indicates repo mentiontions in the last 12 Months or
since we started tracking (Dec 2020).
The latest post mention was on 2023-05-14.
Python incident-response related posts
- Volatility 3 2.4.1 - New Linux and Windows plugins
- Using volatility 3 to retrieve clipboard contents
- Report tips and note taking tips
- DataSurgeon: Quickly Extracts IP's, Email Addresses, Hashes, Files, URLs, Phone numbers and more from text
- Custom DFIR
- How to conduct security assesment of AWS?
- Cyber Playbooks
-
A note from our sponsor - Sonar
www.sonarsource.com | 30 May 2023
Index
What are some of the best open-source incident-response projects in Python? This list will help you:
| Project | Stars | |
|---|---|---|
| 1 | IntelOwl | 2,767 |
| 2 | volatility3 | 1,536 |
| 3 | beagle | 1,209 |
| 4 | Bashfuscator | 1,159 |
| 5 | Incident-Playbook | 1,060 |
| 6 | APT-Hunter | 948 |
| 7 | ThePhish | 885 |
| 8 | intelmq | 824 |
| 9 | CyberThreatHunting | 717 |
| 10 | Watcher | 714 |
| 11 | atc-react | 521 |
| 12 | dfirtrack | 424 |
| 13 | TheHiveDocs | 385 |
| 14 | misp-taxonomies | 229 |
| 15 | TheHive4py | 193 |
| 16 | assisted-log-enabler-for-aws | 171 |
| 17 | kc7 | 137 |
| 18 | evtx-hunter | 123 |
| 19 | mediator | 91 |
| 20 | aws-incident-response-playbooks-workshop | 39 |
| 21 | INDXRipper | 37 |
| 22 | Simple-Live-Data-Collection | 21 |
Write Clean Python Code. Always.
Sonar helps you commit clean code every time. With over 225 unique rules to find Python bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work.
www.sonarsource.com