Top Alternatives to MISP Workbench Tools
Threat ManagementTools to export data from MISP MySQL database for post-incident analysis and correlation.
486 Alternatives to MISP Workbench Tools
Cybercrime intelligence tools for searching compromised credentials from infostealers
A threat intelligence aggregation service that consolidates and summarizes security updates from multiple sources to provide comprehensive cybersecurity situational awareness.
Real-time OSINT monitoring for leaked credentials, data, and infrastructure
A tiered cyber threat intelligence service providing detection rules from public repositories with varying levels of analysis, processing, and guidance for security teams.
Stixview is a JS library for embeddable interactive STIX2 graphs, aiming to bridge the gap between CTI stories and structured CTI snapshots.
A knowledge base of analytics developed by MITRE based on the MITRE ATT&CK adversary model.
A Python library for handling TAXII v1.x messages and services to enable automated threat intelligence sharing and indicator exchange.
A threat intelligence platform that monitors, analyzes, and provides detailed information about threat actors targeting non-human identities across various industries.
Next-gen cybersecurity platform for threat detection & digital risk mgmt.
Enterprise threat intelligence platform for identifying and prioritizing threats
Cyber threat intelligence platform for threat-led risk management
Global IP threat intelligence search engine with attack surface mgmt
Cyber threat intelligence platform providing actionable insights
Real-time threat intelligence platform for external cyber threat defense
AI-driven cyber threat intelligence platform for threat detection and analysis
Dark web monitoring platform for detecting data leaks and brand threats
Real-time threat intelligence platform for monitoring attacks and breaches
Enterprise cyber threat intelligence platform with remote network protection
AI-powered cybercrime intelligence platform monitoring dark web & covert channels
Cyber intelligence platform for threat detection and security posture mgmt
Cyber threat intelligence platform with adversary tracking capabilities
Threat intelligence platform combining Google, Mandiant, and VirusTotal data
Orchestrated threat intelligence platform for CTI and SOC teams
Threat intelligence platform for aggregating, analyzing, and sharing CTI data
AI-powered threat intelligence platform for real-time threat intel management
Threat intelligence platform for detection, investigation, and response
XTM portfolio for threat intel, attack surface visibility & adversary simulation
AI-powered platform for collecting and analyzing open source threat intelligence
Intelligence-driven threat detection & response platform with APAC focus
AI-powered threat intel platform for operationalizing CTI and cyber risk mgmt
European threat intelligence as-a-service provider with analyst support
CTI platform combining automated collection with cyber HUMINT for threat intel
Investigative analytics platform for threat intelligence and security ops
Real-time threat intel platform detecting malicious scanning & exploitation
Threat intelligence service providing alerts, analysis, and support
Dark web investigation platform with comprehensive database and analysis tools
Threat intelligence platform with deep/dark web monitoring and OSINT data
Cyber threat intelligence platform for monitoring threats, TTPs, and IOCs
AI-driven cyber intelligence orchestration platform for threat intel & OSINT
API providing access to compromised identity data and threat signals
Malware analysis platform using emulation-based sandbox technology
Managed cyber threat intelligence service with org/adversary profiling
DNS-layer threat blocking service with real-time threat intelligence feeds
Network threat detection platform using applied threat intelligence
Proactive C2 threat intelligence feed for detecting adversary infrastructure
Technical threat intel feed of compromised IPs/domains from cybercrime sources
DNS-based threat defense using predictive intelligence to block threats
CTI platform monitoring deep/dark web, forums & threat actors for intel
AI-powered threat intelligence platform for cyber, geopolitical & physical risks
Preemptive cyber defense platform using DNS, WHOIS, and web data for threat intel
Infrastructure intelligence platform for threat hunting and investigation
AI-powered threat intelligence platform scanning internet, dark web & social media
3D cyber threat visualization platform for external threat monitoring
SOCRadar Extended Threat Intelligence Platform is a SaaS-based solution that provides real-time threat detection, digital risk protection, and AI-powered threat intelligence services across multiple environments including dark web, social media, and cloud platforms.
SOC Radar Cyber Threat Intelligence is a comprehensive platform that provides dark web monitoring, vulnerability intelligence, and threat actor analysis to help organizations proactively defend against cyber threats.
SOCRadar Agentic Threat Intelligence is an AI-powered cybersecurity platform that deploys autonomous agents to automate threat intelligence operations, analysis, and response without human intervention.
Dark web monitoring platform for threat detection and fraud protection
Threat intelligence platform for detection, hunting, and remediation
Real-time C2 infrastructure detection and disruption threat intelligence feed
AI-powered malware detection service with web interface and API access
Threat intelligence database with 500M+ malicious IPs, domains, and IOCs via API
Malware intelligence marketplace aggregating multiple detection engines
File and URL scanning service for malware and threat detection
Free URL scanner that checks links for malware, phishing, and fraud threats
Threat intelligence platform providing global threat visibility and IoCs
Cyber threat intelligence feeds covering malware, phishing, C2s & more
DNS RPZ firewall blocking malicious domains at DNS layer using threat intel
Enterprise threat intelligence feeds covering malware, phishing, C2, and IPs
MCP server connecting LLMs to live threat intelligence via natural language
Threat intelligence feeds providing malware and threat data in multiple formats
Cloud-based protective DNS service blocking threats via threat intelligence
IP geolocation databases and APIs for location-based content and traffic analysis
API service providing IP geolocation data and intelligence for security use cases
IP intelligence platform for proxy/VPN detection and geolocation
Real-time threat intelligence platform for external threat visibility and IoC analysis
Threat intelligence platform aggregating global threat data for detection
Automates distribution of threat intel across security infrastructure
Automotive-specific threat intelligence platform for mobility ecosystem
Real-time threat intelligence platform with STIX/TAXII compliance
Threat intelligence platform for SOC/MSSP with AI/ML threat analysis
Cyber threat intelligence platform monitoring external threats & cybercrime
Real-time identity protection monitoring compromised credentials on dark web
Cyber threat intel platform monitoring dark web & cybercrime for org assets
Threat intel platform for investigating cybercrime underground sources
Threat intel platform combining CTI, DRPS, EASM & TPRM for exposure mgmt.
AI-powered investigation tool for analyzing identity exposures from darknet data
Managed threat intelligence service with dedicated analysts for orgs
Custom threat intel investigations by analysts for security assessments
Dark web intelligence service with human operatives for threat hunting
Threat intelligence feeds for SOC teams from social, dark web & botnet sources
Threat intelligence search platform with correlated data graph
Physical security intelligence platform monitoring digital threats to locations
DNS-based threat intelligence platform for early threat detection
Threat intelligence platform providing APT analysis and threat reports
AI-powered cyber threat intelligence platform with real-time monitoring
Monitors Deep & Dark Web for threats, credentials, and fraud schemes
Free threat intel platform for DNS data analysis and infrastructure mapping
AI-based threat intelligence platform for analyzing and distributing threat data
Platform for tracking adversary infrastructure and C2 communications
Threat intelligence platform combining network security and threat exposure mgmt
Visual interface for exploring threat intelligence data sources and datasets
Dark web monitoring platform with AI-based crawling and real-time alerts
External threat landscape mgmt platform with predictive intelligence
Dark web monitoring platform for detecting data breaches and leaked data
Swiss-made darknet monitoring platform providing real-time threat intel via API
Dark web monitoring platform for detecting exposed credentials and threats
Platform for collecting, analyzing, and managing cyber threat intelligence data
Mobile threat intelligence service providing threat data, research, and DFIR
Threat intelligence platform with 500M+ entries for real-time threat analysis
CTI platform for threat analysis, dark web monitoring, and data breach detection
AI-powered threat intelligence platform monitoring surface, deep, and dark web
Threat intelligence platform for managing security data and threat info
Real-time threat intelligence platform with analyst-enriched insights
Investigative intelligence service for law enforcement agencies
Intelligence platform for physical security threats to people, places, and assets
Threat intel platform for prioritizing vulnerabilities based on attacker TTPs
AI-driven threat intel platform monitoring clear, deep, and dark web sources
Threat intelligence platform monitoring dark web, breaches & attack surface
Dark web monitoring platform for detecting compromised credentials and threats
AI-powered threat intelligence platform with search, risk assessment & alerts
Real-time threat intel platform tracking malware, breaches, and threat actors
Monitors dark web, forums, and Telegram for compromised credentials and leaks
Platform for breach detection, dark web monitoring, and supply chain threat intel
Real-time threat intelligence platform monitoring dark web, breaches & supply chain
Corporate threat protection software with case mgmt and expert services
Managed service for POI investigations with expert threat assessment teams.
Threat intelligence platform providing actionable insights from global sources
OT/IoT threat intelligence feed for vulnerability and malware detection
Curated threat intelligence service using Anomali ThreatStream platform
Threat intelligence platform integrated into LMNTRIX XDR for threat detection
Threat intelligence platform with automated detection logic deployment
P2P threat intel sharing platform for collaborative defense communities
Monitors data breaches affecting company domains and employee credentials
Browser extension for automated threat intel collection from web content
Threat intelligence platform for collecting, analyzing, and sharing CTI data
Open-source threat intelligence platform for organizing and operationalizing CTI
AI-powered cyber threat intelligence platform for threat monitoring & analysis
Centralized threat intelligence platform for aggregating and operationalizing IOCs
AI-driven threat intelligence platform for threat detection and response
Dark web monitoring platform for detecting leaked credentials and threats
Enterprise threat intelligence platform with APAC focus and adversary tracking
Platform combining threat intel, risk quantification, and sec ops integration
Overlay tool providing real-time threat intel & context across security tools
Free contextual federated search tool for threat intelligence enrichment
Risk intelligence service for supply chain, geopolitical & compliance risks
AI-powered threat intelligence service with expert analysis and geopolitics
Detects compromised assets via outbound traffic to GreyNoise sensors & malicious IPs
Dark web monitoring platform for detecting threats and cybercriminal activity
Threat intelligence platform for cyber, physical, vulnerability & national sec
AI-powered file & software analysis platform for threat detection & risk assessment
Enterprise file analysis platform for high-volume malware detection
File and network threat intelligence repository with reputation lookups
Dark web and surface web crawler for content discovery and archiving
Leaked data intelligence platform with 40TB+ database for breach tracking
Cyber threat intelligence sharing platform with TAXII/STIX support
CTI platform providing structured threat intelligence and analysis
Vulnerability threat intelligence platform with risk-based scoring and CVE/CWE data
Suite of open source platforms for threat intel, adversary simulation & GRC
Central hub for accessing Filigran products, resources, and community content
AI-powered threat management platform for detection, analysis, and response
Modular CTI platform with DRP modules for external threat detection & intel
Dark web & deep web monitoring service for threat detection & response
Continuously updated threat indicator data streams via HTTPS protocol
Proactive threat intelligence platform providing early warning alerts
Inter-bank real-time financial crime intelligence network for fraud prevention
Real-time threat intelligence API for IP, domain, URL, and content analysis
Threat intelligence platform providing messaging threat data via API
Network threat intel platform combining CrowdStrike IOCs with NDR evidence
Network threat detection platform (product page unavailable)
Threat intelligence platform providing strategic & tactical threat analysis
Deep & dark web monitoring platform for threat intelligence collection
Australian cyber threat intelligence ecosystem for SMBs, enterprise & govt
Cyber threat intelligence sharing platform for Australian organizations
Global threat intelligence platform aggregating CTI sources with AI analysis
Threat intelligence gateway that blocks malicious traffic using global CTI
API for monitoring ransomware sites to detect org compromises & extortion
OSINT platform for monitoring surface web, dark web, and social media sources
Search engine for investigating exposed data across surface, deep, and dark web
DNS-based threat intelligence platform with predictive risk scoring
Domain intelligence platform for threat research and investigation
Anonymous ICS threat intel sharing platform for collective defense
RESTful API for file/URL malware analysis via FireEye virtual execution engine
Detects anonymous proxies, VPNs, TOR, and other proxy types from IP addresses
Cyber threat intel sharing platform for financial services sector members
Financial sector info sharing & analysis center for cyber threat intelligence
Threat intel sharing platform for financial services sector collaboration
Financial sector threat intelligence and information sharing platform
File threat intelligence integration combining hash lookups & malware detection
CTI services combining human expertise and AI for threat analysis
DNS-based threat intelligence platform for security monitoring and enforcement
AI-powered threat intelligence platform collecting data from web sources
Screens blockchain addresses for risk and provides allow/deny recommendations.
Database for detecting VPNs, proxies, Tor exits, and anonymization services
IP geolocation database identifying VPN, proxy, Tor, and datacenter IP addresses
IP geolocation database for detecting proxies, VPNs, and Tor exit nodes
IP geolocation database for detecting proxies, VPNs, Tor nodes & data centers
IP geolocation database for detecting proxies, VPNs, Tor nodes, and ISP info
IP geolocation database for detecting proxies, VPNs, Tor nodes & data centers
IP geolocation database for detecting proxies, VPNs, Tor nodes & data centers
IP geolocation database for detecting proxies, VPNs, Tor, and datacenter IPs
IP database for detecting proxies, VPNs, Tor nodes & data center ranges
IP geolocation database for proxy/VPN detection with threat intelligence
IP database for detecting proxies, VPNs, Tor, and residential proxies
IP geolocation database for detecting proxies, VPNs, Tor, and threat IPs
IP geolocation database for proxy/VPN detection with fraud scoring
Aviation security threat intelligence & risk mgmt platform for AVSEC pros
Platform for building CTI capabilities with centralized threat intelligence hub
Threat-informed detection rule platform for behavioral analytics
AI-powered threat intelligence feed for automated DDoS protection
Physical security threat intel platform combining OSINT, location data & analysis
Cyber threat intelligence platform with AI-driven analysis and threat hunting
Threat intelligence library with 30,000+ threats mapped to MITRE ATT&CK
Cloud-based DNS filtering solution for blocking malicious sites and content
Cyber threat intelligence feeds for SOC and threat intelligence teams
Cyber intelligence services for digital exposure monitoring and threat analysis
Threat intelligence service analyzing attack scenarios for organizations
Weekly threat intelligence briefings published by VerSprite
Behavior-based threat intel feed delivering malware IOCs with context
Curated malicious threat intelligence feed with IOC detection and metadata
Curated phishing threat intelligence feed with predictive detection
Enterprise threat intelligence platform for proactive threat detection
Real-time fraud intelligence sharing platform with GDPR-compliant tokenization
Cybersecurity platform providing threat intelligence and digital risk protection
Predictive cybersecurity platform providing threat intelligence services
Cyber threat intelligence platform for external threat monitoring
Threat intel enrichment platform that correlates events with IOCs and actors
AI-driven threat intel feeds for automated blocking on 20+ firewall vendors
AI-driven DNS security service blocking malicious domains and C2 servers
Cloud-native DNS filtering solution that blocks malicious domains and threats
AI-driven threat intel platform for preemptive security & attack prevention
Managed threat intelligence service with dark web monitoring and analysis
AI-driven platform that operationalizes threat intel into risk-prioritized actions
AI-driven threat intelligence platform with automated hunting and enrichment
Threat intel platform for discovering cybercrime on encrypted chat networks
Threat intel service focused on adversary attribution and monitoring
Automotive-focused threat intelligence platform with dark web monitoring
Threat intel platform providing daily defensive recommendations & coverage maps
SaaS platform for threat-informed defense using adversary tradecraft analysis
Threat intelligence service providing threat profiles and analytics for MDR
AI-powered reputation engine for blocking spam, bots, and malicious IPs via API.
Domain reputation threat intelligence feeds for malicious domain detection
Real-time cyber threat intelligence for email filtering and network security
AI-powered external threat intelligence platform for threat detection
CTI maturity assessment service evaluating threat intelligence capabilities
Collaborative threat intel portal with MITRE ATT&CK mapping & sharing
Cyber threat intelligence assessment service for attack landscape analysis
Real-time threat intel feed delivering IOCs with confidence scoring
Managed vulnerability intelligence service with real-time threat actor tracking
Managed CTI service providing threat monitoring, analysis, and reporting
AI-powered predictive threat intelligence feed identifying malicious infrastructure
Predictive threat intelligence platform for Microsoft Sentinel
AI-driven scam detection via victim emulation in peer-to-peer conversations
Threat intelligence feeds covering 100+ attack types with 5-min updates
Analyzes phishing kits to extract IOCs, attacker infrastructure & tactics
Threat intelligence platform detecting and blocking 100+ attack types globally
Visual link analysis platform for OSINT investigations and data correlation
AI-powered platform identifying C2 and attack infrastructure pre-weaponization
Preemptive threat intelligence platform for incident response and hunting
ML-based threat intel platform that identifies attacker infrastructure preemptively
Real-time crypto address scanning for malicious activity and sanctions checks
Detects and blocks malicious dApps through scanning and transaction validation
Daily threat intel feed identifying malicious IPs with abuse classifications
Database for detecting proxies, VPNs, Tor nodes, and high-risk IP addresses
API service for detecting proxies, VPNs, Tor nodes, and malicious IPs
Real-time IP fraud detection and risk scoring API for identifying malicious IPs
IP address blocklist service for identifying and blocking fraudulent IPs
Real-time threat intelligence service powered by Google's security ecosystem
Secure collaboration platform for detecting suspicious accounts via shared signals
Vuln & exploit intelligence platform for prioritizing vulnerability response
AI-powered cyber threat intelligence platform for IoC detection and analysis
Scans domains for infostealer infections and monitors criminal marketplaces.
Detects infostealer infections by monitoring criminal marketplaces
Pre-attack threat intel platform detecting attacker infrastructure before launch
Threat actor intelligence capability within NodeZero autonomous pentest platform
Zero-day threat intelligence platform with adversary monitoring & simulation
Real-time threat intel feeds sourced from honeypots & ISP abuse reports.
Real-time threat intel platform with IP/domain reputation scoring and low false positives.
Managed dark web monitoring with human-vetted intelligence and actionable alerts.
AI-powered URL classification & IP reputation feed/API for security vendors.
ML-based URL & domain classification API for threat and content scoring.
First-party URL/IP classification & threat scoring API for security vendors.
AI-based domain & IP threat scoring API for security product integration.
Free URL/domain/IP threat investigation tool with risk scoring & categorization.
First-party URL, domain & IP threat intelligence with real-time risk scoring.
Subscription threat intel service with reports, translations & security notifications.
AI-powered CTI platform converting unstructured threat data into role-based intelligence.
Threat intelligence plugin for MikroTik RouterOS with real-time feed updates.
Dark web credential leak monitoring with infostealer and combolist detection.
Managed CTI service with analyst-driven, on-demand investigations via a credit model.
CTI platform with 190+ global sensors providing real-time IoC feeds and enrichment.
Real-time network threat prevention platform enforcing 10B+ threat indicators.
IOC feeds, dark web monitoring & vuln alerts via Certego's intel platform.
Managed CTI service with IOC feeds, MDR enrichment, and Italian market focus.
Cyber threat exposure mgmt platform with CTI, TTP mapping & risk prioritization.
Threat intel service for financial institutions focused on fraud & banking malware.
Managed CTI service monitoring dark web & open sources for emerging threats.
Real-time CVE exploitation tracker with active IP feeds and IoC visibility.
Free mule account alert feed for banks to detect scam-linked accounts.
AI-powered maritime-specific cyber threat intelligence for shipping companies.
Managed CTI service covering threat actor tracking, dark web monitoring & TTP analysis.
Managed CTI service delivering curated threat intel, IoCs, TTPs via TIP and MISP.
Cloud-based platform that maps malware relationships for threat intelligence.
Digital threat intel platform with 300TB+ of malware data, AI analytics & forecasting.
Threat discovery platform using behavioral sequencing & geospatial analysis.
AI-powered DNS domain threat intelligence service for DDR 2.0 solutions.
Cloud-based DNS threat intelligence platform for SOC threat detection and investigation.
AI-powered DNS threat intelligence feed for malicious domain detection.
Enriched threat feed for identifying malicious IPs and actors in network traffic.
CTI analysis tool that filters threat data and reduces false positives.
AI-driven tool mapping threat intelligence to org-specific risk landscapes.
AI-powered CTI API for real-time URL classification and phishing detection.
Passive DNS intelligence platform for threat detection and investigation.
AI-driven threat intel & forensics module for Google Cloud SOC teams.
Scans email addresses against breach databases for personal data exposure.
AI-powered platform for breach monitoring & credential exposure detection.
Automated SaaS platform monitoring web sources for brand and domain threats.
Mobile-focused threat intelligence portal for detecting and analyzing mobile threats.
Managed threat intel service using feeds, OSINT & sandboxing via 24/7 SOC.
Dark web monitoring tool that tracks exposed company data and credentials.
Managed CTI service monitoring criminal communities for bot threat intelligence.
Managed dark/deep/surface web threat actor monitoring and intelligence service.
Managed CTI platform with sector-specific threat reports and exposure monitoring.
Threat intel firm identifying human actors behind cyber threats.
Managed dark/deep/clear web threat monitoring with expert analyst review.
Free threat intel feed blocking malicious IPs/domains via global sensors.
Data fusion platform supporting the full intelligence cycle for security agencies.
Curated attack use case platform that feeds threat scenarios into Jizô AI.
Continuous, private malware analysis and threat intel platform for enterprises.
Threat intel aggregation platform for file analysis, malware corpus & IOC hunting.
Real-time dark web monitoring for ransomware, data leaks, and govt threats.
Dark web threat intelligence platform for detecting & investigating cyber threats.
Deep & dark web intelligence platform for threat monitoring & investigation.
Blockchain threat intel & crypto forensics platform for AML and investigations.
A tracker that detects and logs SYN packets with a specific signature generated by the Mirai malware, providing real-time information on Mirai-based campaigns.
A comprehensive Threat Intelligence Program Management Solution for managing the entire CTI lifecycle.
CRITs is an open source malware and threat repository for collaborative threat defense and analysis.
A project that detects malicious SSL connections by identifying and blacklisting SSL certificates used by botnet C&C servers and identifying JA3 fingerprints to detect and block malware botnet C&C communication.
ThreatMiner is a threat intelligence portal that aggregates data from various sources and provides contextual information related to indicators of compromise (IOCs).
VirusTotal API v3 is a threat intelligence platform for scanning files, URLs, and IP addresses, and retrieving reports on threat reputation and context.
A free software that calculates the security ranking of Internet Service Providers to detect malicious activities.
FraudGuard is a service that provides real-time internet traffic analysis and IP tracking to help validate usage and prevent fraud.
The Trystero Project is a threat intelligence platform that measures email security efficacy and provides various tools and resources, while VMware Carbon Black offers endpoint protection and workload security solutions.
All-in-one vulnerability intelligence platform for prioritizing remediation efforts and driving security strategies.
A project sharing malicious URLs used for malware distribution to help protect networks.
A curated collection of companies that have publicly disclosed adversary tactics, techniques, and procedures following security breaches.
A nonprofit security organization that collects and shares threat data to make the Internet more secure.
Maldatabase is a threat intelligence platform providing malware datasets and threat intelligence feeds for malware data science and threat intelligence.
Maltiverse automates Threat Intelligence for small and medium-sized SecOps teams, providing an effective and affordable service.
A free threat intelligence feed and banlist feed of known malicious IP addresses for public use only.
Analyze suspicious files, domains, IPs, and URLs to detect malware and other breaches, and share results with the security community.
Dataplane.org is a nonprofit organization providing free data, tools, and analysis to increase awareness of Internet trends, anomalies, threats, and misconfigurations.
A comprehensive list of APT groups and operations for tracking and mapping different names and naming schemes used by cybersecurity companies and antivirus vendors.
Pulsedive is a threat intelligence platform that provides frictionless threat intelligence for growing teams, offering features such as indicator enrichment, threat research, and API integration.
The Cybersecurity and Infrastructure Security Agency (CISA) is a government agency that provides alerts, advisories, and resources to help protect the United States' critical infrastructure from cyber threats.
IP intelligence, geolocation, proxy detection, and fraud prevention service
A comprehensive list of IP addresses for cybersecurity purposes, including threat intelligence, incident response, and security research.
A database of Tor exit nodes with their corresponding IP addresses and timestamps.
Free cyber threat intelligence feeds for proactive threat detection
Daily feed of bad IPs with blacklist hit scores for cybersecurity professionals to stay informed about malicious IP addresses.
AbuseIPDB offers tools and APIs to report and check abusive IPs, enhancing network security.
MISP is an open source threat intelligence platform that enhances threat information sharing and analysis.
n6 is a network security incident exchange system that collects, manages, and distributes threat and incident data through REST API and web interfaces for authorized users.
A PowerShell script to interact with the MITRE ATT&CK Framework via its own API using the deprecated MediaWiki API.
A collection of APT and cybercriminals campaigns with various resources and references.
CyBot is a free and open source threat intelligence chat bot with a community-driven plugin framework.
A robust Python implementation of TAXII Services with a friendly pythonic API.
Bindings for the Yara library from VirusTotal with support for Yara v4.2 and various features like rule compilation and scanning.
Machinae is a tool for collecting intelligence from public sites/feeds about various security-related pieces of data.
An extendable tool to extract and aggregate IOCs from threat feeds, integrates with ThreatKB and MISP.
Knowledge base workflow management dashboard for YARA rules and C2 artifacts.
A library and command line interface for extracting URLs, IP addresses, MD5/SHA hashes, email addresses, and YARA rules from text corpora.
A set of configuration files to use with EclecticIQ's OpenTAXII implementation for MISP integration.
LOKI is a simple IOC and YARA Scanner for Indicators of Compromise Detection.
An online hash checker utility that retrieves information from various online sources, including Virustotal, HybridAnalysis, and more.
YARA signature and IOC database for LOKI and THOR Lite scanners with high quality rules and IOCs.
A Django web interface for managing Yara rules with features like search, categorization, and bulk edits.
OSTrICa is an open source plugin-based framework that collects and visualizes threat intelligence data from various sources to help cybersecurity professionals correlate IoCs and enhance their defensive capabilities.
QRadio is a tool/framework designed to consolidate cyber threats intelligence sources.
A visualization tool for threat analysis that organizes APT campaign information and visualizes relations of IOC.
Converts OpenIOC v1.0 XML files into STIX Indicators, generating STIX v1.2 and CybOX v2.1 content.
A daily collection of IOCs from various sources, including articles and tweets.
YETI is a proof-of-concept TAXII implementation that supports Inbox, Poll, and Discovery services for automated cyber threat intelligence indicator exchange.
Hippocampe is a threat feed aggregator with configurable confidence levels and a Hipposcore for determining maliciousness.
Developer documentation providing REST API and SDK resources for ThreatConnect platform integration across Python, Java, and JavaScript environments.
API for querying domain security information, categorization, and related data.
TIH is an intelligence tool that helps you search for IOCs across multiple security feeds and APIs.
AbuseHelper is an open-source framework for receiving and redistributing abuse feeds and threat intel.
Yara rule generator using VirusTotal code similarity feature code-similar-to.
A tool to extract indicators of compromise from security reports in PDF format.
Cyber Intelligence Management Platform with threat tracking, forensic artifacts, and YARA rule storage.
IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol, with a focus on incident handling automation and threat intelligence processing.
GCTI's open-source detection signatures for malware and threat detection
A collection of Yara signatures developed by Citizen Lab to detect malware used in targeted attacks against civil society organizations.
Bearded Avenger is a cybersecurity tool with various integrations and deployment instructions available.
CIFv3 is the next version of the Cyber Intelligence Framework, developed against Ubuntu16, encouraging users to transition from CIFv2.
A PowerShell module for interacting with VirusTotal to analyze suspicious files and URLs.
ThreatNote is a threat intelligence platform that provides real-time updates on emerging cybersecurity threats, vulnerabilities, and attack vectors to help organizations enhance their security posture.
Provides indicators of compromise (IOCs) to combat malware with Yara and Snort rules.
A threat intelligence domain/IP/hash threat feeds checker that checks IPVoid, URLVoid, Virustotal, and Cymon.
Repository with projects for photo and video hashing, content moderation, and signal exchange.
A tool that checks if domains are present in Alexa or Cisco top one million domain lists for reputation assessment and threat analysis.
FireEye Mandiant SunBurst Countermeasures: freely available rules for detecting malicious files and activity
An Open Source solution for management of Threat Intelligence at scale, integrating multiple analyzers and malware analysis tools.
PyIntelOwl is a Python SDK and CLI client for interacting with IntelOwl's threat intelligence API to submit files and observables for automated security analysis.
Python package for fanging and defanging indicators of compromise in text.
ActorTrackr is an open source web application for storing, searching, and linking threat actor intelligence data from public repositories and user contributions.
A Python library that provides an interface to query ThreatCrowd's API for threat intelligence data including email, IP, domain, and antivirus reports with built-in caching capabilities.
Python-based client for IBM XForce Exchange with an improved version available.
Aggregates security threats from online sources and outputs to various formats.
CyberOwl aggregates and summarizes daily security advisories from multiple CERT organizations and threat intelligence sources into consolidated reports.
A modular tool for collecting intelligence sources for files and outputting in CSV format.
A python3 application for querying sites hosting publicly pasted data and scanning for sensitive information.
A neo4j-based data management platform with command-line interface for analyzing cyber threat indicators and other data points through graph database traversal.
An IOC tracker written in Python that queries Google Custom Search Engines for various cybersecurity indicators and monitors domain status using Google Safe Browsing APIs.
A web-based visualization tool for navigating and annotating MITRE ATT&CK matrices to support threat analysis, defensive planning, and security coverage assessment.
Repository containing MITRE ATT&CK and CAPEC threat intelligence datasets formatted in STIX 2.0 standard for cybersecurity analysis and threat intelligence sharing.
Gathers Threat Intelligence Feeds from publicly available sources and provides detailed output in CSV format.
A data visualization and statistical analysis tool for measuring the quality and effectiveness of threat intelligence indicator feeds through various analytical tests.
Python APIs for serializing and de-serializing STIX2 JSON content with higher-level APIs for common tasks.
Forager is a threat intelligence tool that simplifies the retrieval, storage, and maintenance of threat data with a user-friendly interface and support for various data sources.
nyx is a threat intelligence artifact distribution system that facilitates the sharing of threat intelligence indicators from various sources to defensive security systems with configurable criticality levels.
Hale is a modular botnet command and control monitoring tool that tracks C&C server communications across multiple protocols with web-based analysis interface and collaborative research capabilities.
A curated collection of Sigma & Yara rules and Indicators of Compromise (IOCs) for threat detection and malware identification.
A method for profiling SSL/TLS Clients with easy-to-produce client fingerprints.
Public access to Indicators of Compromise (IoCs) and other data for readers of Security Scorecard's technical blog posts and reports.
A modular malware collection and processing framework with support for various threat intelligence feeds.
Aggregator of FireHOL IP lists with HTTP-based API service and Python client package.
A tool for extracting common indicators of compromise from a block of text.
A tool for extracting IOCs from various input sources and converting them into JSON format.
A program to extract IOCs from text files using regular expressions
Open Source Intelligence solution for threat intelligence data enrichment and quick analysis of suspicious files or malware.
A tool for fetching and visualizing cyber threat intelligence data with Elasticsearch and Kibana integration.
Repository of scripts, signatures, and IOCs related to various malware analysis topics.
A threat intelligence dissemination layer for open-source security tools with STIX-2 support and plugin-based architecture.
An open source threat intelligence platform for storing and managing cyber threat intelligence knowledge.
Repository containing IoCs related to Volexity's threat intelligence blog posts and tools.
A publicly available dataset of security incidents designed to support cybersecurity research and threat analysis.
PyIOCe is a Python-based OpenIOC editor that enables security professionals to create, edit, and manage Indicators of Compromise for threat intelligence and incident response operations.
CINSscore.com provides Threat Intelligence database with accurate IP scores and collective defense through community and Sentinel IPS unit sourced data.
The FASTEST Way to Consume Threat Intelligence and make it actionable.
Check the reputation of an IP address to identify potential threats.
A cybersecurity concept categorizing indicators of compromise based on their level of difficulty for threat actors to change.
A framework for managing cyber threat intelligence in structured formats.
A Microsoft framework for secure and efficient sharing of cybersecurity information between trusted parties to reduce cybersecurity risks.
A list of most queried domains based on passive DNS usage across the Umbrella global network.
A platform for accessing threat intelligence and collaborating on cyber threats.
RiskAnalytics Solutions offers community projects for cyber threat intelligence sharing and collaboration.
NECOMA focuses on data collection, threat analysis, and developing new cyberdefense mechanisms to protect infrastructure and endpoints.
A project focusing on understanding and combating threats to the Internet economy and net citizens.
List of publicly disclosed vulnerabilities with security filters and detailed advisories.
Platform providing community-driven threat intelligence on cyber threats with a focus on malware and botnets.
Facilitating exchange of information and knowledge to collectively protect against cyberattacks.
TeamTNT is modifying its malicious shell scripts after they were made public by security researchers.
A collaborative platform that gathers and analyzes security data to help professionals identify and mitigate cyber threats.
Threat intelligence platform providing real-time data from 300bn+ daily IPs
AI-powered threat intelligence platform with generative AI capabilities
A collaborative repository documenting TTPs and attack patterns associated with malicious OIDC/OAuth 2.0 applications.
The Ransomware Tool Matrix is a repository that lists and categorizes tools used by ransomware gangs, aiding in threat hunting, incident response, and adversary emulation.
AIL Framework is a modular system for analyzing and detecting information leaks from unstructured data sources, with capabilities for data extraction, correlation, and integration with threat intelligence platforms.
Stay Updated with Mandos Brief
Get strategic cybersecurity insights in your inbox
