Open Source

A declarative language for describing binary data structures that compiles into parsers for multiple programming languages.

A publicly available dataset of security incidents designed to support cybersecurity research and threat analysis.

Open-source observable analysis engine and companion tool for TheHive platform

A honeypot that simulates an exposed networked printer using PJL protocol to capture and log attacker interactions through a virtual filesystem.

Clair is an open source static analysis tool that scans application containers for known vulnerabilities through API-based image indexing and matching.

Komiser is an open-source cloud-agnostic resource manager that analyzes and manages cloud cost, usage, security, and governance across multiple cloud providers in a unified platform.

drozer is an open source Android security testing framework that identifies vulnerabilities in mobile apps and devices through Android Runtime and IPC endpoint interaction.

A plugin repository that extends the Honeycomb honeypot framework with additional features and capabilities for enhanced threat detection and analysis.

An open source packet capture and forwarding tool that captures network packets on one machine and sends them to another for remote monitoring and analysis.

Search engine for open-source Git repositories with advanced features like case sensitivity and regular expressions.

An open source tool that generates YARA rules from installed software on running operating systems for efficient software identification in digital forensic investigations.

An open-source security tool that simulates network breaches by self-propagating across data centers to test organizational resilience against lateral movement attacks.

COPS is a YAML-based schema standard for creating collaborative DFIR playbooks that provide structured guidance for incident response processes.

A comprehensive list of APT groups and operations for tracking and mapping different names and naming schemes used by cybersecurity companies and antivirus vendors.

A community-maintained glossary that defines and explains cybersecurity acronyms and terminology to help users understand security concepts beyond buzzwords.

Fleet is an open-source endpoint management platform that provides device management, vulnerability reporting, and security monitoring capabilities for IT and security teams managing large computer environments.

wxHexEditor is a free cross-platform hex editor and disk editor for editing binary files, disk devices, and logical drives with data manipulation and checksum calculation features.

An open source .NET deobfuscator and unpacker that restores packed and obfuscated assemblies by reversing various obfuscation techniques.

ActorTrackr is an open source web application for storing, searching, and linking threat actor intelligence data from public repositories and user contributions.

libevt is a library to access and parse Windows Event Log (EVT) files.

A Python script that detects and removes Thinkst Canary Tokens from files using signature-based detection methods.

Bearded Avenger is a cybersecurity tool with various integrations and deployment instructions available.

A community-maintained repository of YARA rules for detecting and classifying malware based on patterns and characteristics.

DMG2IMG converts Apple compressed DMG archives to standard HFS+ image files supporting zlib, bzip2, and LZFSE compression formats.