SaaSHub helps you find the best software and product alternatives Learn more →
Top 21 Python threat-hunting Projects
-
dnstwist
Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation
-
ThreatHunter-Playbook
A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
malwoverview
Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, ThreatFox, Triage, InQuest and it is able to scan Android devices against VT.
-
beagle
Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs. (by yampelo)
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
APT-Hunter
APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity
-
Hunting-Queries-Detection-Rules
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
-
Watcher
Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS. (by Felix83000)
-
opensquat
The openSquat is an open-source tool for detecting domain look-alikes by searching for newly registered domains that might be impersonating legit domains.
-
kestrel-lang
Kestrel threat hunting language: building reusable, composable, and shareable huntflows across different data sources and threat intel.
-
threatbus
🚌 Threat Bus – A threat intelligence dissemination layer for open-source security tools.
-
malware-ioc
This repository contains indicators of compromise (IOCs) of our various investigations. (by prodaft)
-
evtx-hunter
evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Project mention: APT-Hunter: APT-Hunter is Threat Hunting tool for Windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity | /r/blueteamsec | 2023-05-07
A different solution that runs locally is opensquat.
https://github.com/atenreiro/opensquat
MISP Threat Actor Galaxy
Project mention: PTI-257 Group Indicators of Compromise (IOCs) - PTI-257 consists of former Wizard Spider actors who are publicly known for the various malware variants they use (Ryuk, Trickbot, and Conti, among others) | /r/blueteamsec | 2023-09-14
Python threat-hunting related posts
- APT-Hunter: APT-Hunter is Threat Hunting tool for Windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity
- Foreign Travel Risks
- ahmedkhlief/APT-Hunter: Threat Hunting tool for windows event logs
- SOC Analyst Training
- Yeti: Organize observables, indicators of compromise, TTPs, and threats
- How to find a similar looking domains
- Get CrowdSec IOCs feed into MISP
-
A note from our sponsor - SaaSHub
www.saashub.com | 25 Apr 2024
Index
What are some of the best open-source threat-hunting projects in Python? This list will help you:
Project | Stars | |
---|---|---|
1 | dnstwist | 4,535 |
2 | ThreatHunter-Playbook | 3,866 |
3 | IntelOwl | 3,103 |
4 | malwoverview | 2,700 |
5 | APT_REPORT | 2,175 |
6 | yeti | 1,626 |
7 | beagle | 1,250 |
8 | APT-Hunter | 1,144 |
9 | threathunting | 1,102 |
10 | Hunting-Queries-Detection-Rules | 993 |
11 | Watcher | 795 |
12 | CyberThreatHunting | 792 |
13 | ThreatIngestor | 781 |
14 | opensquat | 648 |
15 | Scrummage | 488 |
16 | misp-galaxy | 480 |
17 | kestrel-lang | 273 |
18 | threatbus | 254 |
19 | malware-ioc | 196 |
20 | evtx-hunter | 137 |
21 | MISP-tools | 31 |
Sponsored