Top 23 Python incident-response Projects

incident-response

• Add a project

1. IntelOwl

   1 13 4,158 9.6 Python

   IntelOwl: manage your Threat Intelligence at scale

   

2. InfluxDB

   www.influxdata.com featured

   InfluxDB – Built for High-Performance Time Series Workloads. InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.

   

3. volatility3

   2 8 3,208 9.9 Python

   Volatility 3.0 development

   

   Project mention: Memory Dump Analysis | Kali Linux | dev.to | 2024-09-17

   Clone the Volatility 3 repository: > git clone https://github.com/volatilityfoundation/volatility3.git

4. tracecat

   3 3 2,820 9.9 Python

   Open source Tines / Splunk SOAR alternative. All-in-one automation platform (workflows, tables, cases) for security and IT teams.

   

   Project mention: N8n – Open-source Zapier alternative | news.ycombinator.com | 2025-05-03

5. Bashfuscator

   4 1 1,766 0.0 Python

   A fully configurable and extendable Bash obfuscation framework. This tool is intended to help both red team and blue team.

   

6. Incident-Playbook

   5 10 1,466 5.6 Python

   GOAL: Incident Response Playbooks Mapped to MITRE Attack Tactics and Techniques. [Contributors Friendly]

   

7. APT-Hunter

   6 4 1,340 5.0 Python

   APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity

   

8. beagle

   7 1 1,314 0.0 Python

   Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs. (by yampelo)

   

9. SaaSHub

   www.saashub.com featured

   SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

   

10. ThePhish

    8 17 1,239 4.6 Python

    ThePhish: an automated phishing email analysis tool

    

11. iris-web

    9 9 1,209 9.9 Python

    Collaborative Incident Response platform

    

12. intelmq

    10 3 1,049 8.6 Python

    IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol.

    

13. holmesgpt

    11 6 1,038 9.6 Python

    Your 24/7 On-Call AI Agent - Solve Alerts Faster with Automatic Correlations, Investigations, and More

    

    Project mention: AI with Kubernetes: Operations for Developers 🤖 | dev.to | 2025-03-30

    HolmesGPT, from Robusta, is a tool that simplifies Kubernetes troubleshooting. It investigates issues automatically, requiring no prior expertise. Use it via the Robusta SaaS platform or CLI with queries like holmes ask "what pods are unhealthy and why?".

14. Watcher

    12 3 930 8.4 Python

    Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS. (by Felix83000)

    

15. CyberThreatHunting

    13 1 890 3.8 Python

    A collection of resources for Threat Hunters

    

16. atc-react

    14 1 637 10.0 Python

    A knowledge base of actionable Incident Response techniques

    

17. incidental

    15 3 547 8.3 Python

    An opensource incident management platform integrating with Slack.

    

    Project mention: Ask HN: What are you working on (August 2024)? | news.ycombinator.com | 2024-08-24

    I'm working on https://github.com/incidentalhq/incidental

    It's an incident management platform, similar to Pagerduty, Rootly or FireHydrant.

    It's the first side project I've open sourced, and I've been hacking on it weekends and nights. Hoping to get a few companies to start using it to get some early feedback.

18. dfirtrack

    16 2 519 5.0 Python

    DFIRTrack - The Incident Response Tracking Application

    

19. misp-taxonomies

    17 1 278 8.2 Python

    Taxonomies used in MISP taxonomy system and can be used by other information sharing tool.

    

20. assisted-log-enabler-for-aws

    18 1 256 0.9 Python

    Assisted Log Enabler for AWS - Find AWS resources that are not logging, and turn them on.

    

21. TheHive4py

    19 1 228 8.5 Python

    Python API Client for TheHive

    

22. cradle

    20 2 238 9.8 Python

    CRADLE is a collaborative platform for Cyber Threat Intelligence analysts. It streamlines threat investigations with integrated note-taking, automated data linking, interactive visualizations, and robust access control. Enhance your CTI workflow from analysis to reporting—all in one secure space. (by prodaft)

    

    Project mention: Cradle – Collaborative Threat Intelligence Hub | news.ycombinator.com | 2025-03-18

23. kc7

    21 1 172 3.1 Python

    A cybersecurity game in Azure Data Explorer

    

24. mediator

    22 5 99 7.3 Python

    An extensible, end-to-end encrypted reverse shell that works across networks without port forwarding. (by lawndoc)

    

25. aws-incident-response-playbooks-workshop

    23 1 91 4.7 Python

    

26. SaaSHub

    www.saashub.com featured

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    

Python incident-response related posts

• Show HN: I am building an open-source incident management platform

  3 projects | news.ycombinator.com | 8 Jul 2024

• Volatility 3 2.4.1 - New Linux and Windows plugins

  1 project | /r/blueteamsec | 22 Apr 2023

• Using volatility 3 to retrieve clipboard contents

  1 project | /r/computerforensics | 27 Mar 2023

• Report tips and note taking tips

  4 projects | /r/computerforensics | 21 Mar 2023

• DataSurgeon: Quickly Extracts IP's, Email Addresses, Hashes, Files, URLs, Phone numbers and more from text

  4 projects | /r/programming | 3 Mar 2023

• Custom DFIR

  5 projects | /r/computerforensics | 9 Feb 2023

• How to conduct security assesment of AWS?

  3 projects | /r/AskNetsec | 8 Dec 2022
• A note from our sponsor - InfluxDB
  www.influxdata.com | 21 Jun 2025

  InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now. Learn more →

Index

Sponsored

InfluxDB – Built for High-Performance Time Series Workloads

InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.

www.influxdata.com

Do not miss the trending Python projects with our weekly report!