SaaSHub helps you find the best software and product alternatives Learn more →
Top 23 threat-hunting Open-Source Projects
-
MISP (Malware Information Sharing Platform) is an open-source threat information platform that facilitates the collection, storage and distribution of threat intelligence and Indicators of Compromise (IOCs) related to malware, cyber attacks, financial fraud or any intelligence within a community of trusted members.
-
InfluxDB
InfluxDB – Built for High-Performance Time Series Workloads. InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.
-
Suricata
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community.
Project mention: What is a Denial of Service (DoS) Attack? A Comprehensive Guide | dev.to | 2025-04-28Suricata - High-performance Network IDS, IPS, and Network Security Monitoring engine.
-
dnstwist
Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation
-
-
ThreatHunter-Playbook
A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.
-
-
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
-
-
-
securityonion
Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, detections, and case management. It also includes other tools such as osquery, CyberChef, Elasticsearch, Logstash, Kibana, Suricata, and Zeek.
-
malwoverview
Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, ThreatFox, Triage, InQuest, VxExchange and IPInfo, and it is also able to scan Android devices against VT.
-
-
-
-
hayabusa
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
-
-
-
Project mention: Initial details about why the CrowdStrike's CSAgent.sys crashed | news.ycombinator.com | 2024-07-20
[2] https://github.com/elastic/detection-rules
-
-
matano
Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS
Project mention: Matano: Open-source security data lake for cybersecurity analytics | news.ycombinator.com | 2025-04-03 -
-
Hunting-Queries-Detection-Rules
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
-
APT-Hunter
APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
threat-hunting discussion
threat-hunting related posts
-
TryHackMe: MISP
-
Cradle – Open-Source Collaborative Threat Intelligence Hub
-
Sublime Security
-
PRC Targeting of Commercial Telecommunications Infrastructure
-
MISP galaxy – cybersecurity and other related knowledge base
-
Software Hardening Tools for System Defense
-
Teler: Real-Time HTTP Intrusion Detection
-
A note from our sponsor - SaaSHub
www.saashub.com | 19 May 2025
Index
What are some of the best open-source threat-hunting projects? This list will help you:
# | Project | Stars |
---|---|---|
1 | MISP | 5,697 |
2 | Suricata | 5,241 |
3 | dnstwist | 5,148 |
4 | sysmon-config | 5,004 |
5 | ThreatHunter-Playbook | 4,207 |
6 | awesome-threat-detection | 4,159 |
7 | IntelOwl | 4,120 |
8 | HELK | 3,830 |
9 | awesome-yara | 3,807 |
10 | securityonion | 3,700 |
11 | malwoverview | 3,193 |
12 | chainsaw | 3,147 |
13 | sysmon-modular | 2,775 |
14 | signature-base | 2,621 |
15 | hayabusa | 2,607 |
16 | APT_REPORT | 2,555 |
17 | EVTX-ATTACK-SAMPLES | 2,340 |
18 | detection-rules | 2,288 |
19 | yeti | 1,849 |
20 | matano | 1,556 |
21 | SysmonTools | 1,520 |
22 | Hunting-Queries-Detection-Rules | 1,454 |
23 | APT-Hunter | 1,336 |