Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more →
Top 23 Dfir Open-Source Projects
-
my-arsenal-of-aws-security-tools
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
-
zeek
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.
-
DetectionLab
Automate the creation of a lab environment complete with security tooling and logging best practices
-
ThreatHunter-Playbook
A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
-
-
-
-
-
hayabusa
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
-
-
Digital-Forensics-Guide
Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.
-
matano
Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS
-
-
beagle
Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs. (by yampelo)
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
I have an idea for a simar style website that i would like to create, and i was going to use GTFOBins as a template and ammend to fit my data, much like LOLBAS has.
Project mention: Suricata VS zeek - a user suggested alternative | libhunt.com/r/suricata | 2024-01-02
Project mention: A fun new feature we are working on in systemd: userspace-only reboot | news.ycombinator.com | 2023-07-06https://github.com/cugu/awesome-forensics#acquisition : Memory forensics acquisition tools: POFR: PenguinOS Flight Recorder, LIME
Project mention: My Boss Downloaded and Opened a .lnk File and Installed a Malware in His Device | /r/computerforensics | 2023-06-06You should run a tool like loki for ioc scanning. This will identify persistence https://github.com/Neo23x0/Loki
Project mention: What are your go-to tools for task management and/or case work? | /r/cybersecurity | 2023-12-09I had a quick test with the hive looks pretty nice. https://thehive-project.org/
Project mention: Angle-grinder: Slice and dice logs on the command line | news.ycombinator.com | 2024-04-29There’s already a DFIR log tool named chainsaw: https://github.com/WithSecureLabs/chainsaw
I was specifically using the https://github.com/olafhartong/sysmon-modular config, but once we started seeing systems crash I tried building extremely minimal configs and still found them causing hangs.
Project mention: Xzbot: Notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094) | news.ycombinator.com | 2024-04-01> It doesn't matter.
To understand the exact behavior and extend of the backdoor, this does matter. An end to end proof of how it works is exactly what was needed.
> A way to check if servers are vulnerable is probably by querying the package manager
Yes, this has been know since the initial report + later discovering what exact strings are present for the payload.
https://github.com/Neo23x0/signature-base/blob/master/yara/b...
> Not very sophisticated, but it'll work.
Unfortunately, we live in a world with closed-servers and appliances - being able as a customer or pen tester rule out certain class of security issues without having the source/insights available is usually desirable.
Project mention: Hayabusa: Sigma-based forensics timeline generator for Windows event logs | news.ycombinator.com | 2024-04-24
If you're looking to learn on your own, try mikeroyal's digital forensics guide on Github. There's a lot of recommended resources there that'll speed you up. https://github.com/mikeroyal/Digital-Forensics-Guide
sorry thats https://matano.dev
NOTE:
The open source projects on this list are ordered by number of github stars.
The number of mentions indicates repo mentiontions in the last 12 Months or
since we started tracking (Dec 2020).
Dfir related posts
-
Hayabusa: Sigma-based forensics timeline generator for Windows event logs
-
RecuperaBit: A tool for forensic file system reconstruction
-
A fun new feature we are working on in systemd: userspace-only reboot
-
Sysmon 15.0 is out now with advanced features
-
Advanced Hunting queries every admin should use
-
LOOBins
-
Release v2.5.0 🦅 of Hayabusa - Hayabusa is a Windows event log fast forensics timeline generator and threat hunting tool
-
A note from our sponsor - InfluxDB
www.influxdata.com | 31 May 2024
Index
What are some of the best open-source Dfir projects? This list will help you:
| Project | Stars | |
|---|---|---|
| 1 | my-arsenal-of-aws-security-tools | 8,757 |
| 2 | awesome-incident-response | 7,184 |
| 3 | LOLBAS | 6,654 |
| 4 | zeek | 5,998 |
| 5 | DetectionLab | 4,476 |
| 6 | ThreatHunter-Playbook | 3,889 |
| 7 | awesome-forensics | 3,642 |
| 8 | Loki | 3,254 |
| 9 | TheHive | 3,166 |
| 10 | IntelOwl | 3,158 |
| 11 | chainsaw | 2,581 |
| 12 | timesketch | 2,511 |
| 13 | sysmon-modular | 2,515 |
| 14 | signature-base | 2,357 |
| 15 | EVTX-ATTACK-SAMPLES | 2,126 |
| 16 | hayabusa | 1,993 |
| 17 | cyberchef-recipes | 1,930 |
| 18 | yeti | 1,644 |
| 19 | MemLabs | 1,520 |
| 20 | Digital-Forensics-Guide | 1,379 |
| 21 | matano | 1,367 |
| 22 | Cortex | 1,258 |
| 23 | beagle | 1,250 |
Sponsored
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com