Top 23 Python threat-intelligence Projects

• spiderfoot

  19 11,723 6.6 Python

  SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

• dnstwist

  23 4,535 7.8 Python

  Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation

Project mention: Have I Been Squatted? | news.ycombinator.com | 2023-11-27

• InfluxDB

  www.influxdata.com sponsored

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

• IntelOwl

  13 3,103 9.6 Python

  IntelOwl: manage your Threat Intelligence at scale

  

Project mention: Monthly Security Checklist | /r/msp | 2023-06-25

• Digital-Forensics-Guide

  6 1,335 6.4 Python

  Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.

Project mention: Most used DFIR tools | /r/cybersecurity | 2023-12-10

If you're looking to learn on your own, try mikeroyal's digital forensics guide on Github. There's a lot of recommended resources there that'll speed you up. https://github.com/mikeroyal/Digital-Forensics-Guide

• harpoon

  2 1,133 4.7 Python

  CLI tool for open source and threat intelligence (by Te-k)

• ThePhish

  17 1,005 0.0 Python

  ThePhish: an automated phishing email analysis tool

Project mention: How do you deal with phising emails at your company? | /r/cybersecurity | 2023-05-14

• Watcher

  3 795 3.4 Python

  Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS. (by Felix83000)

  

• WorkOS

  workos.com sponsored

  The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  

• CyberThreatHunting

  1 792 3.3 Python

  A collection of resources for Threat Hunters - Sponsored by Falcon Guard

• ThreatIngestor

  1 781 7.6 Python

  Extract and aggregate threat intelligence.

  

• opensquat

  5 648 6.1 Python

  The openSquat is an open-source tool for detecting domain look-alikes by searching for newly registered domains that might be impersonating legit domains.

Project mention: Have I Been Squatted? | news.ycombinator.com | 2023-11-27

A different solution that runs locally is opensquat.

https://github.com/atenreiro/opensquat

• Scrummage

  1 488 4.1 Python

  The Ultimate OSINT and Threat Hunting Framework

• iocextract

  1 485 5.4 Python

  Defanged Indicator of Compromise (IOC) Extractor.

  

• misp-galaxy

  3 480 9.8 Python

  Clusters and elements to attach to MISP events or attributes (like threat actors)

  

Project mention: Foreign Travel Risks | /r/cybersecurity | 2023-04-26

MISP Threat Actor Galaxy

• misp-warninglists

  3 475 8.3 Python

  Warning lists to inform users of MISP about potential false-positives or other information in indicators

  

Project mention: Lists | news.ycombinator.com | 2023-04-27

• misp-modules

  1 324 9.1 Python

  Modules for expansion services, enrichment, import and export in MISP and other tools. (by MISP)

  

• connectors

  2 324 9.9 Python

  OpenCTI Connectors (by OpenCTI-Platform)

  

Project mention: How to integrate openCTI with Splunk? | /r/threatintel | 2023-07-12

Connector on GitHub - https://github.com/OpenCTI-Platform/connectors/tree/master/stream/splunk

• kestrel-lang

  1 273 9.6 Python

  Kestrel threat hunting language: building reusable, composable, and shareable huntflows across different data sources and threat intel.

  

• threatbus

  4 254 0.0 Python

  🚌 Threat Bus – A threat intelligence dissemination layer for open-source security tools.

  

• malware-ioc

  8 196 6.7 Python

  This repository contains indicators of compromise (IOCs) of our various investigations. (by prodaft)

  

Project mention: PTI-257 Group Indicators of Compromise (IOCs) - PTI-257 consists of former Wizard Spider actors who are publicly known for the various malware variants they use (Ryuk, Trickbot, and Conti, among others) | /r/blueteamsec | 2023-09-14

• MISP-maltego

  3 165 0.0 Python

  Set of Maltego transforms to inferface with a MISP Threat Sharing instance, and also to explore the whole MITRE ATT&CK dataset.

  

• TwiTi

  1 163 3.4 Python

  This is a project of "#Twiti: Social Listening for Threat Intelligence" (TheWebConf 2021)

  

• kc7

  1 156 7.2 Python

  A cybersecurity game in Azure Data Explorer

  

• TypeDB CTI

  3 134 2.4 Python

  Open Source Threat Intelligence Platform

  

• SaaSHub

  www.saashub.com sponsored

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

Python threat-intelligence related posts

• Have I Been Squatted?
  3 projects | news.ycombinator.com | 27 Nov 2023
• OpenSquat
  1 project | news.ycombinator.com | 15 Jul 2023
• How to integrate openCTI with Splunk?
  1 project | /r/threatintel | 12 Jul 2023
• Lists
  1 project | news.ycombinator.com | 27 Apr 2023
• Does anyone know what cdn4image.com is? I’ve searched but can’t find anything relevant to why it’s always showing up in my logs.
  1 project | /r/nextdns | 9 Jan 2023
• How to find a similar looking domains
  2 projects | /r/OSINT | 8 Oct 2022
• Have I Been Sqautted – free DNS typosquatting platform
  4 projects | news.ycombinator.com | 26 Sep 2022
• A note from our sponsor - SaaSHub
  www.saashub.com | 25 Apr 2024

  SaaSHub helps you find the best software and product alternatives Learn more →

Index

Sponsored

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com

Do not miss the trending Python projects with our weekly report!