Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

D2 is a modern diagram scripting language that turns text to diagrams.

Open Source Platform for storing, organizing, and searching documents related to cyber threats

NO LONGER MAINTAINED - Android security & privacy analysis for the masses. 2026 Update incoming WIP

Transform Linux Audit logs for SIEM usage

ssldump - (de-facto repository gathering patches around the cyberspace)

Cerebrate is an open-source platform meant to act as a trusted contact information provider and interconnection orchestrator for other security tools.

The aim of this repository is to provide a list of examples of tools, sources and measures available to incident response teams

Python libzfs bindings

A Maltego transform for VirusTotal vHash

snake - a malware storage zoo

List of "only yours" cloud services for everyday needs 🏴

A query aggregator for OSINT based threat hunting

Jupyter Notebooks as Markdown Documents, Julia, Python or R scripts

Re-play Security Events

A package for capturing and analyzing network flow data and intraflow data, for network research, forensics, and security monitoring.

A lightweight opinionated ETL framework, halfway between plain scripts and Apache Airflow

Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.

FATT /fingerprintAllTheThings - a pyshark based script for extracting network metadata and fingerprints from pcap files and live network traffic

HASSH is a network fingerprinting standard which can be used to identify specific Client and Server SSH implementations. The fingerprints can be easily stored, searched and shared in the form of a …

Lightweight, scriptable browser as a service with an HTTP API

Open Source testing framework for image correlation, distance and analysis

This project contains code for comparing or ranking APT capabilities and operational capacity. The metrics are meant to quantify, rank, order, compare, or visualise quickly threat actors demonstrat…

A curated list of awesome YARA rules, tools, and people.

Enterprise Onion Toolkit

Compare cost, durability, and region support of public cloud object stores, e.g., Amazon S3

Platform for emulation and dynamic analysis of Linux-based firmware

BASS - BASS Automated Signature Synthesizer

An open source real-time network topology and protocols analyzer

Distributed & real time digital forensics at the speed of the cloud