129 Open Source Dfir Software Projects
Free and open source dfir code projects including engines, APIs, generators, and tools.
My Arsenal Of Aws Security Tools 5111 ⭐
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
Zeek 3464 ⭐
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.
Security Onion 2761 ⭐
Security Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management
Threathunter Playbook 2320 ⭐
A Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.
Detectionlab 2388 ⭐
Automate the creation of a lab environment complete with security tooling and logging best practices
Logontracer 1522 ⭐
Investigate malicious Windows logon by visualizing and analyzing Windows event log
Beagle 931 ⭐
Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
Netflix Skunkworks Diffy 531 ⭐
Diffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.
Lookyloo 359 ⭐
Lookyloo is a web interface allowing to scrape a website and then displays a tree of domains calling each other.
Swap_digger 320 ⭐
swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics. It automates swap extraction and searches for Linux user credentials, web forms credentials, web forms emails, http basic authentication, Wifi SSID and keys, etc.
Ir Rescue 291 ⭐
A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.
Threatpinchlookup 245 ⭐
Documentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension
Attackdatamap 236 ⭐
A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework
Oriana 147 ⭐
Oriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments.
Misp Warninglists 144 ⭐
Warning lists to inform users of MISP about potential false-positives or other information in indicators
Cdir 96 ⭐
CDIR (Cyber Defense Institute Incident Response) Collector - live collection tool based on oss tool/library
Threathunt 85 ⭐
ThreatHunt is a PowerShell repository that allows you to train your threat hunting skills.
Lw Yara 69 ⭐
Yara Ruleset for scanning Linux servers for shells, spamming, phishing and other webserver baddies
Historicprocesstree 46 ⭐
An Incident Response tool that visualizes historic process execution evidence (based on Event ID 4688 - Process Creation Event) in a tree view.
Blazescan 42 ⭐
Blazescan is a linux webserver malware scanning and incident response tool, with built in support for cPanel servers, but will run on any linux based server.
Neolea Training Materials 40 ⭐
Open source training materials for law-enforcement and organisations interested in DFIR.
Getconsolehistoryandoutput 37 ⭐
An Incident Response tool to extract console command history and screen output buffer
Meat 47 ⭐
This toolkit aims to help forensicators perform different kinds of acquisitions on iOS devices
Artifactcollector 42 ⭐
🚨 The artifactcollector is a customizable agent to collect forensic artifacts on any Windows, macOS or Linux system
Get Networkconnection 29 ⭐
Edited version of Lee Christensen's Get-NetworkConnection which includes timestamp for each network connection
Uac 31 ⭐
UAC (Unix-like Artifacts Collector) is a command line shell script that makes use of built-in tools to automate the collection of Unix-like systems artifacts. It was created to facilitate and speed up data collection, and depend less on remote support during incident response engagements. Supported systems: AIX, BSD, Linux, macOS and Solaris.
Opensource Endpoint Monitoring 25 ⭐
This repository contains all the config files and scripts used for our Open Source Endpoint monitoring project.