Top 23 threat-hunting Open-Source Projects

  • MISP

    MISP (core software) - Open Source Threat Intelligence and Sharing Platform

    Project mention: Top OpenSource/Free Cybersecurity Tools | | 2023-04-11


  • sysmon-config

    Sysmon configuration file template with default high-quality event tracing

    Project mention: Cheap, Fast, Good and Simple Remote Monitoring for Small Environments | | 2023-05-31

    There's all sorts of things you can do for various types of monitoring including Zabbix, Graylog, roll-your-own with Sysmon (see, etc. The question becomes one of time - don't get so focused on DIY or free that you spend hours (or pay someone to spend hours) a month babysitting.

  • InfluxDB

    Access the most powerful time series database as a service. Ingest, store, & analyze all types of time series data in a fully-managed, purpose-built database. Keep data forever with low-cost storage and superior data compression.

  • dnstwist

    Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation

    Project mention: Accounting got phished. Paid out big bucks | | 2023-05-31 - check your domain now

  • ThreatHunter-Playbook

    A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.

    Project mention: Threat hunting Playbooks | | 2023-01-23
  • HELK

    The Hunting ELK

    Project mention: Kali Linux 2023.1 introduces 'Purple' distro for defensive security | | 2023-03-14

    Utilizing that api and juniper notebooks is exactly why Hunting Elk is the way it from my understanding.

  • IntelOwl

    Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scale

    Project mention: To GSoC and beyond... | | 2022-09-26

    Allowed bulk analysis of files as well as observables, leading to a more efficient workflow for IntelOwl users. #1032

  • awesome-threat-detection

    ✨ A curated list of awesome threat detection and hunting resources 🕵️‍♂️

    Project mention: Career growth in cybersecurity | | 2023-04-04
  • Sonar

    Write Clean Python Code. Always.. Sonar helps you commit clean code every time. With over 225 unique rules to find Python bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work.

  • awesome-yara

    A curated list of awesome YARA rules, tools, and people.

    Project mention: XSOAR Yara Feeds | | 2022-07-22
  • teler

    Real-time HTTP Intrusion Detection

    Project mention: GitHub - kitabisa/teler-waf: teler-waf is a Go HTTP middleware that provide teler IDS functionality with teler IDS to protect against web-based attacks and improve the security of Go-based web applications. It is highly configurable and easy to integrate into existing Go applications. | | 2023-01-01

    You can try teler tho :) -

  • sysmon-modular

    A repository of sysmon configuration modules

    Project mention: Splunk & Sysmon as SIEM | | 2023-04-11

    I use this one:

  • malwoverview

    Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, ThreatFox, Triage, InQuest and it is able to scan Android devices against VT.

  • chainsaw

    Rapidly Search and Hunt through Windows Forensic Artefacts

    Project mention: What's your favorite cybersecurity tool? | | 2023-05-02
  • signature-base

    YARA signature and IOC database for my scanners and tools

    Project mention: Exploit Outlook CVE-2023-23397 Yara - to detect .msg files exploiting CVE-2023-23397 in Microsoft Outlook | | 2023-03-16

    Windows Events Attack Samples

    Project mention: Sample firewall/SIEM logs | | 2022-08-22

    Samir has great repo for logs with attacks occurred in it, for Windows, MacOS and Network -


    Interesting APT Report Collection And Some Special IOC

    Project mention: APT_REPORT/WithSecure-Lazarus-No-Pineapple-Threat-Intelligence-Report-2023.pdf at master · blackorbird/APT_REPORT | | 2023-02-06
  • yeti

    Your Everyday Threat Intelligence

    Project mention: Yeti: Organize observables, indicators of compromise, TTPs, and threats | | 2022-10-17
  • SysmonTools

    Utilities for Sysmon

  • beagle

    Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs. (by yampelo)


    An Active Defense and EDR software to empower Blue Teams

  • YaraHunter

    🔍🔍 Malware scanner for cloud-native, as part of CI/CD and at Runtime 🔍🔍

    Project mention: Scans container images, running Docker containers and filesystems to find indicators of malware | | 2022-07-11
  • threathunting

    A Splunk app mapped to MITRE ATT&CK to guide your threat hunts

  • matano

    Open source cloud-native security lake platform (SIEM alternative) for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS

    Project mention: Kali Linux 2023.1 introduces 'Purple' distro for defensive security | | 2023-03-14

    Matano is very promising, and it supports SQL for queries. I suspect they are going to eat Panther's lunch soon.

  • whids

    Open Source EDR for Windows

    Project mention: whids - Open Source EDR for Windows | | 2022-08-25

    ONLYOFFICE Docs — document collaboration in your environment. Powerful document editing and collaboration in your app or environment. Ultimate security, API and 30+ ready connectors, SaaS or on-premises

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2023-05-31.

threat-hunting related posts


What are some of the best open-source threat-hunting projects? This list will help you:

Project Stars
1 MISP 4,401
2 sysmon-config 4,121
3 dnstwist 3,962
4 ThreatHunter-Playbook 3,511
5 HELK 3,505
6 IntelOwl 2,773
7 awesome-threat-detection 2,758
8 awesome-yara 2,712
9 teler 2,441
10 sysmon-modular 2,192
11 malwoverview 2,189
12 chainsaw 2,068
13 signature-base 1,982
15 APT_REPORT 1,809
16 yeti 1,398
17 SysmonTools 1,375
18 beagle 1,212
19 BLUESPAWN 1,100
20 YaraHunter 1,076
21 threathunting 1,053
22 matano 1,022
23 whids 965
ONLYOFFICE Docs — document collaboration in your environment
Powerful document editing and collaboration in your app or environment. Ultimate security, API and 30+ ready connectors, SaaS or on-premises