191 Open Source Dfir Software Projects
Free and open source dfir code projects including engines, APIs, generators, and tools.
My Arsenal Of Aws Security Tools 6624 ⭐
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
Zeek 4235 ⭐
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.
Security Onion 2965 ⭐
Security Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management
Threathunter Playbook 2927 ⭐
A Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.
Detectionlab 3325 ⭐
Automate the creation of a lab environment complete with security tooling and logging best practices
Logontracer 1937 ⭐
Investigate malicious Windows logon by visualizing and analyzing Windows event log
Beagle 1073 ⭐
Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
Netflix Skunkworks Diffy 587 ⭐
Diffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.
Lookyloo 477 ⭐
Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other.
Swap_digger 413 ⭐
swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics. It automates swap extraction and searches for Linux user credentials, web forms credentials, web forms emails, http basic authentication, Wifi SSID and keys, etc.
Ir Rescue 362 ⭐
A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.
Threatpinchlookup 282 ⭐
Documentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension
Attackdatamap 300 ⭐
A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework
Tenzir Vast 342 ⭐
:crystal_ball: Visibility Across Space and Time – The network telemetry engine for data-driven security investigations.
Oriana 167 ⭐
Oriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The results are presented in a Web layer to help defenders identify outliers and suspicious behavior on corporate environments.
Misp Warninglists 263 ⭐
Warning lists to inform users of MISP about potential false-positives or other information in indicators
Cdir 113 ⭐
CDIR (Cyber Defense Institute Incident Response) Collector - live collection tool based on oss tool/library
Threathunt 107 ⭐
ThreatHunt is a PowerShell repository that allows you to train your threat hunting skills.
Lw Yara 88 ⭐
Yara Ruleset for scanning Linux servers for shells, spamming, phishing and other webserver baddies
Historicprocesstree 52 ⭐
An Incident Response tool that visualizes historic process execution evidence (based on Event ID 4688 - Process Creation Event) in a tree view.
Blazescan 54 ⭐
Blazescan is a linux webserver malware scanning and incident response tool, with built in support for cPanel servers, but will run on any linux based server.
Neolea Training Materials 45 ⭐
Open source training materials for law-enforcement and organisations interested in DFIR.
Getconsolehistoryandoutput 41 ⭐
An Incident Response tool to extract console command history and screen output buffer
Meat 92 ⭐
This toolkit aims to help forensicators perform different kinds of acquisitions on iOS devices
Artifactcollector 96 ⭐
🚨 The artifactcollector is a customizable agent to collect forensic artifacts on any Windows, macOS or Linux system
Get Networkconnection 33 ⭐
Edited version of Lee Christensen's Get-NetworkConnection which includes timestamp for each network connection
Uac 146 ⭐
UAC is a Live Response collection tool for Incident Response that makes use of built-in tools to automate the collection of Unix-like systems artifacts.
Opensource Endpoint Monitoring 25 ⭐
This repository contains all the config files and scripts used for our Open Source Endpoint monitoring project.