Open Cyber Threat Intelligence Platform

Web app that provides basic navigation and annotation of ATT&CK matrices

Grabs data from IVRE and brings it into Obsidian notes

Open-source collaborative note-taking platform for cybersecurity and CTI teams. IOC auto-extraction, STIX 2.1 export, real-time editing, RBAC, version history, and audit logging. Self-hosted with Docker.

Behavioral similarity engine for APT groups and TTP profiles. Powered by MITRE ATT&CK® and OpenCTI.

ThreatCaddy - Investigation Workspace. Notes, IOCs, Timelines & Graphs. All data stored locally in your browser using IndexedDB.

A realtime client for ClearVox Call Control

MCP server for authoring Maltego .mtgx graphs and running primitive OSINT lookups (whois/DNS/ASN/crt.sh). Composes with misp-mcp, thehive-mcp, and other security MCPs.

V3.04 Rinjani CTI dashboard — Next.js 16 + Tailwind 4 + shadcn/ui (base-ui flavour). Paired with v3-backend-api-rinjani: paginated entity views, /admin ops surface, Neo4j graph explorer, /admin/workbench BullMQ pipeline UI (same-origin proxied).

V3 Rinjani CTI backend — Hono · Drizzle · BullMQ monorepo with direct sync of CISA / NVD / CVE.org / MITRE / OTX / MISP / 5+ abuse.ch feeds. Postgres + OpenSearch + Neo4j + Redis. TAXII 2.1, GraphQL, embedded Workbench BullMQ dashboard for pipeline monitoring.

Custom n8n node for exploring the ransomware.live intelligence API. The node wraps the public PRO endpoints and exposes friendly parameters so you can query victims, negotiations, indicators of compromise, press coverage, and more without hand-crafting HTTP requests.

🎨 Interact with Weakpass.com's API through the terminal

Local-first IOC enrichment tooling for SOC, CTI, DFIR, and threat hunting workflows.

VANTAGE is a threat intelligence and SOC operations platform for analyst teams. It combines fast multi-source verdicts for IPs, domains, and file hashes with a full operational workspace — feed triage, recon, watchlists and shift handoff — in a single product

A modern, responsive dashboard and UI for MISP built with Next.js 15, TypeScript, and Shadcn UI. Features real-time threat visualization, event management, and advanced attribute exploration.

A Libre Cyber Threat Intelligence Platform to ensure that CTI knowledge management and sharing is always free as in freedom

APT threat actor profiler — MITRE STIX data, motivation inference, TTP mapping, and historical campaign analysis

MCP server for CTI and cyber jargon disambiguation — MITRE ATT&CK, OFAC SDN, and a hand-curated cross-vendor threat-actor alias map, with FTS5 full-text search across sources

Track competitor activity, releases, and team changes in GitHub repos with AI-driven insights delivered as actionable issues.