Open-source projects categorized as threat-intelligence

Top 23 threat-intelligence Open-Source Projects

  • spiderfoot

    SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

  • awesome-malware-analysis

    Defund the Police.

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo
  • MISP

    MISP (core software) - Open Source Threat Intelligence and Sharing Platform

  • Project mention: A recent abrupt change in Internet SSH brute force attacks against us | | 2024-02-24
  • opencti

    Open Cyber Threat Intelligence Platform

  • dnstwist

    Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation

  • Project mention: Have I Been Squatted? | | 2023-11-27
  • awesome-devsecops

    An authoritative list of awesome devsecops tools with the help from community experiments and contributions.

  • deepdarkCTI

    Collection of Cyber Threat Intelligence sources from the deep and dark web

  • Project mention: How do you stay on top of new vulnerabilities or CVEs? | /r/cybersecurity | 2023-12-07

    How did you find which channels and groups to join? From sources like ?

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
  • IntelOwl

    IntelOwl: manage your Threat Intelligence at scale

  • Project mention: Monthly Security Checklist | /r/msp | 2023-06-25
  • signature-base

    YARA signature and IOC database for my scanners and tools

  • Project mention: Xzbot: Notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094) | | 2024-04-01

    > It doesn't matter.

    To understand the exact behavior and extend of the backdoor, this does matter. An end to end proof of how it works is exactly what was needed.

    > A way to check if servers are vulnerable is probably by querying the package manager

    Yes, this has been know since the initial report + later discovering what exact strings are present for the payload.

    > Not very sophisticated, but it'll work.

    Unfortunately, we live in a world with closed-servers and appliances - being able as a customer or pen tester rule out certain class of security issues without having the source/insights available is usually desirable.

  • SysmonTools

    Utilities for Sysmon

  • Digital-Forensics-Guide

    Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.

  • Project mention: Most used DFIR tools | /r/cybersecurity | 2023-12-10

    If you're looking to learn on your own, try mikeroyal's digital forensics guide on Github. There's a lot of recommended resources there that'll speed you up.

  • mitaka

    A browser extension for OSINT search

  • harpoon

    CLI tool for open source and threat intelligence (by Te-k)

  • ThePhish

    ThePhish: an automated phishing email analysis tool

  • Malware-Exhibit

    🚀🚀 This is a 🎇🔥 REAL WORLD🔥 🎇 Malware Collection I have Compiled & analysed by researchers🔥 to understand more about Malware threats😈, analysis and mitigation🧐.

  • Project mention: Easy malware samples | /r/Malware | 2023-05-26
  • Ukraine-Cyber-Operations

    Curated Intelligence is working with analysts from around the world to provide useful information to organisations in Ukraine looking for additional free threat intelligence. Slava Ukraini. Glory to Ukraine.

  • mihari

    A query aggregator for OSINT based threat hunting

  • Watcher

    Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS. (by Felix83000)

  • CyberThreatHunting

    A collection of resources for Threat Hunters - Sponsored by Falcon Guard

  • ThreatIngestor

    Extract and aggregate threat intelligence.

  • sysmon-config

    Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into Forensic Artifact Events for UEBA, Detect Exploitation events with wide CVE Coverage, and Risk Scoring of CVE, UEBA, Forensic, and MITRE ATT&CK Events. (by ion-storm)

  • opensquat

    The openSquat is an open-source tool for detecting domain look-alikes by searching for newly registered domains that might be impersonating legit domains.

  • Project mention: Have I Been Squatted? | | 2023-11-27

    A different solution that runs locally is opensquat.

  • PatrowlManager

    PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020).

threat-intelligence related posts


What are some of the best open-source threat-intelligence projects? This list will help you:

Project Stars
1 spiderfoot 11,842
2 awesome-malware-analysis 11,104
3 MISP 5,022
4 opencti 4,787
5 dnstwist 4,584
6 awesome-devsecops 4,414
7 deepdarkCTI 3,858
8 IntelOwl 3,138
9 signature-base 2,341
10 SysmonTools 1,449
11 Digital-Forensics-Guide 1,363
12 mitaka 1,327
13 harpoon 1,134
14 ThePhish 1,046
15 Malware-Exhibit 912
16 Ukraine-Cyber-Operations 907
17 mihari 828
18 Watcher 801
19 CyberThreatHunting 795
20 ThreatIngestor 790
21 sysmon-config 752
22 opensquat 652
23 PatrowlManager 610

SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives