Python threat-hunting

Open-source Python projects categorized as threat-hunting | Edit details

Top 15 Python threat-hunting Projects

  • dnstwist

    Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation

    Project mention: Awesome Penetration Testing | dev.to | 2021-10-06

    dnstwist - Domain name permutation engine for detecting typo squatting, phishing and corporate espionage.

  • IntelOwl

    Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scale

    Project mention: Threat detection | reddit.com/r/selfhosted | 2022-03-01

    One thing I ran for a while was security onion and utilized port mirroring to mirror the uplink port from my primary switch to my LAN on my router, so I was catching anything coming into/out of my network destined for internet. I've also used ElastiFlow ( https://github.com/robcowart/elastiflow ) which is absolutely phenomenal and awesome, I did the same and it provides some great data. You could also leverage IntelOwl ( https://github.com/intelowlproject/IntelOwl ) , one thing I have added to all my VMs is a OSSEC agent, Wazuh to be specific which is free ( https://github.com/wazuh/wazuh ) and while I am not using it to its full potential such as monitoring file deletions/modifications etc it is a powerful tool.

  • SonarQube

    Static code analysis for 29 languages.. Your projects are multi-language. So is SonarQube analysis. Find Bugs, Vulnerabilities, Security Hotspots, and Code Smells so you can release quality code every time. Get started analyzing your projects today for free.

  • beagle

    Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs. (by yampelo)

    Project mention: yampelo/beagle - Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs. | reddit.com/r/GithubSecurityTools | 2021-06-30
  • threathunting

    A Splunk app mapped to MITRE ATT&CK to guide your threat hunts

    Project mention: Breaking down MITRE ATT&CK for ICS techniques into MON Requirements? | reddit.com/r/cybersecurity | 2022-05-14

    Olaf has a Splunk module for 'threat hunting' that's mapped to the Enterprise Mitre framework, might be a good example for some components - https://github.com/olafhartong/ThreatHunting - Note: If you just blindly install it... It's pretty rough on the search head...

  • APT-Hunter

    APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity

    Project mention: ahmedkhlief/APT-Hunter - APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity | reddit.com/r/GithubSecurityTools | 2021-09-28
  • CyberThreatHunting

    A collection of resources for Threat Hunters - Sponsored by Falcon Guard

    Project mention: Any good threat hunting resources? Looking for query libraries. | reddit.com/r/computerforensics | 2022-04-08
  • Watcher

    Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS. (by Felix83000)

  • Scout APM

    Less time debugging, more time building. Scout APM allows you to find and fix performance issues with no hassle. Now with error monitoring and external services monitoring, Scout is a developer's best friend when it comes to application development.

  • StalkPhish

    StalkPhish - The Phishing kits stalker, harvesting phishing kits for investigations.

    Project mention: How to Iidentify zero day phishing URLs | reddit.com/r/phishing | 2022-04-15

    Using Stalkphish.io, or the OSS version https://github.com/t4d/StalkPhish

  • misp-galaxy

    Clusters and elements to attach to MISP events or attributes (like threat actors)

    Project mention: Learning about apt groups | reddit.com/r/threatintel | 2022-01-14

    https://attack.mitre.org/groups/ this is a solid source. If you want to see the MISP list of threat actors from their service you can look here https://github.com/MISP/misp-galaxy/blob/main/clusters/threat-actor.json . The painful thing about this topic is every security vendor has a different naming convention for the threat actors in question.

  • Scrummage

    The Ultimate OSINT and Threat Hunting Framework

    Project mention: Scrummage: The Ultimate OSINT and Threat Hunting Framework | reddit.com/r/purpleteamsec | 2021-10-10
  • opensquat

    Detection of phishing domains and domain squatting. Supports permutations such as homograph attack, typosquatting and bitsquatting.

    Project mention: The openSquat is an opensource tool for detecting phishing domains and domain squatting. Supports multiple features such as permutations such as homograph attack, typosquatting and bit squatting. | reddit.com/r/u_atenreiro | 2021-09-29
  • threatbus

    🚌 Threat Bus – A threat intelligence dissemination layer for open-source security tools.

    Project mention: Ask HN: Who is hiring? (September 2021) | news.ycombinator.com | 2021-09-01

    Tenzir | C++, ReasonML, Rust, Python | Hamburg, Germany or Remote (EU timezones) | Open-source | Full-time | https://tenzir.com

    Tenzir is an early-stage startup that builds a next generation data-plane for modern Security Operations Centers. It is our mission to help defenders pull ahead by integrating widely used open source tools and building solutions that reduce the time to detect attacks and help with post-mortem investigations. To that end, we develop the high-performance C++ database [VAST](https://github.com/tenzir/vast) with a ReasonML-based frontend that is served by a Rust API. We also develop [Threat Bus](https://github.com/tenzir/threatbus), a dissemination layer for threat intelligence, which orchestrates detection and response products in a publish/subscribe architecture.

    We're currently hiring for

  • bearded-avenger

    CIF v3 -- the fastest way to consume threat intelligence

    Project mention: Looking for Free STIX/TAXII Threat Intelligence Feeds | reddit.com/r/cybersecurity | 2021-10-07

    Example rules inclusive of the above list for that tool available in https://github.com/csirtgadgets/bearded-avenger/tree/master/rules/default.

  • evtx-hunter

    evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.

    Project mention: GitHub - NVISOsecurity/evtx-hunter: evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files. | reddit.com/r/bag_o_news | 2021-07-29
  • csirtg-smrt-v1

    the fastest way to consume threat intelligence.

    Project mention: Looking for Free STIX/TAXII Threat Intelligence Feeds | reddit.com/r/cybersecurity | 2021-10-07

    If you're interested in a tool that can easily retrieve/parse/output these in various formats for feeding into something else, check out the python-based csirtg-smrt: https://github.com/csirtgadgets/csirtg-smrt-v1.

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2022-05-14.

Python threat-hunting related posts

Index

What are some of the best open-source threat-hunting projects in Python? This list will help you:

Project Stars
1 dnstwist 3,300
2 IntelOwl 2,294
3 beagle 1,113
4 threathunting 926
5 APT-Hunter 700
6 CyberThreatHunting 617
7 Watcher 585
8 StalkPhish 364
9 misp-galaxy 355
10 Scrummage 324
11 opensquat 309
12 threatbus 209
13 bearded-avenger 168
14 evtx-hunter 101
15 csirtg-smrt-v1 27
Find remote jobs at our new job board 99remotejobs.com. There are 7 new remote jobs listed recently.
Are you hiring? Post a new remote job listing for free.
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com