Top 21 Python threat-hunting Projects

• dnstwist

  23 4,535 7.8 Python

  Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation

Project mention: Have I Been Squatted? | news.ycombinator.com | 2023-11-27

• ThreatHunter-Playbook

  4 3,866 0.0 Python

  A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.

  

• WorkOS

  workos.com sponsored

  The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  

• IntelOwl

  13 3,103 9.6 Python

  IntelOwl: manage your Threat Intelligence at scale

  

Project mention: Monthly Security Checklist | /r/msp | 2023-06-25

• malwoverview

  3 2,700 6.7 Python

  Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, ThreatFox, Triage, InQuest and it is able to scan Android devices against VT.

• APT_REPORT

  4 2,175 9.0 Python

  Interesting APT Report Collection And Some Special IOC

• yeti

  2 1,626 9.7 Python

  Your Everyday Threat Intelligence

  

• beagle

  1 1,250 0.0 Python

  Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs. (by yampelo)

• InfluxDB

  www.influxdata.com sponsored

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

• APT-Hunter

  4 1,144 4.7 Python

  APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity

Project mention: APT-Hunter: APT-Hunter is Threat Hunting tool for Windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity | /r/blueteamsec | 2023-05-07

• threathunting

  3 1,102 1.7 Python

  A Splunk app mapped to MITRE ATT&CK to guide your threat hunts

• Hunting-Queries-Detection-Rules

  7 993 9.3 Python

  KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.

Project mention: Advanced Hunting queries every admin should use | /r/DefenderATP | 2023-05-29

• Watcher

  3 795 3.4 Python

  Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS. (by Felix83000)

  

• CyberThreatHunting

  1 792 3.3 Python

  A collection of resources for Threat Hunters - Sponsored by Falcon Guard

• ThreatIngestor

  1 781 7.6 Python

  Extract and aggregate threat intelligence.

  

• opensquat

  5 648 6.1 Python

  The openSquat is an open-source tool for detecting domain look-alikes by searching for newly registered domains that might be impersonating legit domains.

Project mention: Have I Been Squatted? | news.ycombinator.com | 2023-11-27

A different solution that runs locally is opensquat.

https://github.com/atenreiro/opensquat

• Scrummage

  1 488 4.1 Python

  The Ultimate OSINT and Threat Hunting Framework

• misp-galaxy

  3 480 9.8 Python

  Clusters and elements to attach to MISP events or attributes (like threat actors)

  

Project mention: Foreign Travel Risks | /r/cybersecurity | 2023-04-26

MISP Threat Actor Galaxy

• kestrel-lang

  1 273 9.6 Python

  Kestrel threat hunting language: building reusable, composable, and shareable huntflows across different data sources and threat intel.

  

• threatbus

  4 254 0.0 Python

  🚌 Threat Bus – A threat intelligence dissemination layer for open-source security tools.

  

• malware-ioc

  8 196 6.7 Python

  This repository contains indicators of compromise (IOCs) of our various investigations. (by prodaft)

  

Project mention: PTI-257 Group Indicators of Compromise (IOCs) - PTI-257 consists of former Wizard Spider actors who are publicly known for the various malware variants they use (Ryuk, Trickbot, and Conti, among others) | /r/blueteamsec | 2023-09-14

• evtx-hunter

  2 137 0.0 Python

  evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.

  

• MISP-tools

  2 31 6.4 Python

  Import CrowdStrike Threat Intelligence into your instance of MISP

  

• SaaSHub

  www.saashub.com sponsored

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

Python threat-hunting related posts

• APT-Hunter: APT-Hunter is Threat Hunting tool for Windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity
  1 project | /r/blueteamsec | 7 May 2023
• Foreign Travel Risks
  2 projects | /r/cybersecurity | 26 Apr 2023
• ahmedkhlief/APT-Hunter: Threat Hunting tool for windows event logs
  1 project | /r/blueteamsec | 12 Feb 2023
• SOC Analyst Training
  1 project | /r/cybersecurity | 23 Jan 2023
• Yeti: Organize observables, indicators of compromise, TTPs, and threats
  1 project | news.ycombinator.com | 17 Oct 2022
• How to find a similar looking domains
  2 projects | /r/OSINT | 8 Oct 2022
• Get CrowdSec IOCs feed into MISP
  3 projects | /r/CrowdSec | 24 Sep 2022
• A note from our sponsor - SaaSHub
  www.saashub.com | 25 Apr 2024

  SaaSHub helps you find the best software and product alternatives Learn more →

Index

Sponsored

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com

Do not miss the trending Python projects with our weekly report!