Tools for identifying, assessing, and mitigating cyber threats across organizations.Explore 240 curated tools and resources
Want your tool featured here?
Get maximum visibility with pinned placement
A web-based visualization tool for navigating and annotating MITRE ATT&CK matrices to support threat analysis, defensive planning, and security coverage assessment.
A web-based visualization tool for navigating and annotating MITRE ATT&CK matrices to support threat analysis, defensive planning, and security coverage assessment.
A collection of YARA rules for research and hunting purposes.
A collection of YARA rules for research and hunting purposes.
A neo4j-based data management platform with command-line interface for analyzing cyber threat indicators and other data points through graph database traversal.
A neo4j-based data management platform with command-line interface for analyzing cyber threat indicators and other data points through graph database traversal.
Scan files or process memory for Cobalt Strike beacons and parse their configuration.
Scan files or process memory for Cobalt Strike beacons and parse their configuration.
A free threat intelligence feed and banlist feed of known malicious IP addresses for public use only.
A free threat intelligence feed and banlist feed of known malicious IP addresses for public use only.
Tool for visualizing correspondences between YARA ruleset and samples
Tool for visualizing correspondences between YARA ruleset and samples
A library of adversary emulation plans to evaluate defensive capabilities against real-world threats.
A library of adversary emulation plans to evaluate defensive capabilities against real-world threats.
Search engine for Windows executable files and hashes, providing insights into file prevalence, behavior, and security information.
Search engine for Windows executable files and hashes, providing insights into file prevalence, behavior, and security information.
A framework for managing cyber threat intelligence in structured formats.
A framework for managing cyber threat intelligence in structured formats.
Hippocampe is a threat feed aggregator with configurable confidence levels and a Hipposcore for determining maliciousness.
Hippocampe is a threat feed aggregator with configurable confidence levels and a Hipposcore for determining maliciousness.
yarAnalyzer creates statistics on a yara rule set and files in a sample directory, generating tables and CSV files, including an inventory feature.
yarAnalyzer creates statistics on a yara rule set and files in a sample directory, generating tables and CSV files, including an inventory feature.
A Linux distribution designed for threat emulation and threat hunting, integrating attacker and defender tools for identifying threats in your environment.
A Linux distribution designed for threat emulation and threat hunting, integrating attacker and defender tools for identifying threats in your environment.
A data visualization and statistical analysis tool for measuring the quality and effectiveness of threat intelligence indicator feeds through various analytical tests.
A data visualization and statistical analysis tool for measuring the quality and effectiveness of threat intelligence indicator feeds through various analytical tests.
Generate Bro intel files from pdf or html reports.
PyIntelOwl is a Python SDK and CLI client for interacting with IntelOwl's threat intelligence API to submit files and observables for automated security analysis.
PyIntelOwl is a Python SDK and CLI client for interacting with IntelOwl's threat intelligence API to submit files and observables for automated security analysis.
MISP is an open source threat intelligence platform that enhances threat information sharing and analysis.
MISP is an open source threat intelligence platform that enhances threat information sharing and analysis.
A community-driven informational repository providing resources and guidance for hunting adversaries in IT environments.
A community-driven informational repository providing resources and guidance for hunting adversaries in IT environments.
FireEye Mandiant SunBurst Countermeasures: freely available rules for detecting malicious files and activity
FireEye Mandiant SunBurst Countermeasures: freely available rules for detecting malicious files and activity
Platform providing community-driven threat intelligence on cyber threats with a focus on malware and botnets.
Platform providing community-driven threat intelligence on cyber threats with a focus on malware and botnets.
A tracker that detects and logs SYN packets with a specific signature generated by the Mirai malware, providing real-time information on Mirai-based campaigns.
A tracker that detects and logs SYN packets with a specific signature generated by the Mirai malware, providing real-time information on Mirai-based campaigns.
Sample detection rules and dashboards for Google Security Operations
Sample detection rules and dashboards for Google Security Operations
Threat hunting tool leveraging Windows events for identifying outliers and suspicious behavior.
Threat hunting tool leveraging Windows events for identifying outliers and suspicious behavior.
Curated datasets for developing and testing detections in SIEM installations.
Curated datasets for developing and testing detections in SIEM installations.
A python3 application for querying sites hosting publicly pasted data and scanning for sensitive information.
A python3 application for querying sites hosting publicly pasted data and scanning for sensitive information.