8,813 tools
Machine learning project for intuitive threat analysis with a web interface.
Machine learning project for intuitive threat analysis with a web interface.
A yara module for searching strings inside zip files
A yara module for searching strings inside zip files
A minimalistic Java library for representing threat model data in a normalized way and automating threat intelligence extraction.
A minimalistic Java library for representing threat model data in a normalized way and automating threat intelligence extraction.
A program to extract IOCs from text files using regular expressions
A program to extract IOCs from text files using regular expressions
C# wrapper around Yara pattern matching library with Loki and Yara signature support.
C# wrapper around Yara pattern matching library with Loki and Yara signature support.
A CLI tool for securely generating keys, passwords, and providing credentials without files, primarily for building secure BOSH deployments using Vault and Spruce.
A CLI tool for securely generating keys, passwords, and providing credentials without files, primarily for building secure BOSH deployments using Vault and Spruce.
Maltrail is a malicious traffic detection system utilizing blacklists and heuristic mechanisms.
Maltrail is a malicious traffic detection system utilizing blacklists and heuristic mechanisms.
A deliberately vulnerable web application written in under 100 lines of Python code for educational purposes and web security testing.
A deliberately vulnerable web application written in under 100 lines of Python code for educational purposes and web security testing.
Passive SSL client fingerprinting tool using handshake analysis.
Passive SSL client fingerprinting tool using handshake analysis.
A tool for extracting IOCs from various input sources and converting them into JSON format.
A tool for extracting IOCs from various input sources and converting them into JSON format.
A tool for extracting common indicators of compromise from a block of text.
A tool for extracting common indicators of compromise from a block of text.
Container image definitions that create standardized testing environments for software applications with consistent dependencies and configurations.
Container image definitions that create standardized testing environments for software applications with consistent dependencies and configurations.
A framework for creating XNU based rootkits for OS X and iOS security research
A framework for creating XNU based rootkits for OS X and iOS security research
A simple, self-contained modular host-based IOC scanner for incident responders.
A simple, self-contained modular host-based IOC scanner for incident responders.
Access a repository of Analytic Stories and security guides mapped to industry frameworks, with Splunk searches, machine learning algorithms, and playbooks for threat detection and response.
Access a repository of Analytic Stories and security guides mapped to industry frameworks, with Splunk searches, machine learning algorithms, and playbooks for threat detection and response.
SALO is a framework that generates synthetic log events for security testing and research without requiring actual infrastructure or triggering real events.
SALO is a framework that generates synthetic log events for security testing and research without requiring actual infrastructure or triggering real events.
A pre-indexed Splunk security dataset and CTF platform that provides realistic security data for training, research, and educational purposes for cybersecurity professionals and students.
A pre-indexed Splunk security dataset and CTF platform that provides realistic security data for training, research, and educational purposes for cybersecurity professionals and students.
A security dataset and CTF platform available in full (16.4GB) and attack-only (3.2GB) versions, pre-indexed for Splunk to help security professionals practice analysis skills.
A security dataset and CTF platform available in full (16.4GB) and attack-only (3.2GB) versions, pre-indexed for Splunk to help security professionals practice analysis skills.
An open-source platform that builds instrumented environments, simulates attacks, and integrates with Splunk for detection rule development and testing.
An open-source platform that builds instrumented environments, simulates attacks, and integrates with Splunk for detection rule development and testing.
Curated datasets for developing and testing detections in SIEM installations.
Curated datasets for developing and testing detections in SIEM installations.
A modified version of Cuckoo Sandbox with enhanced features and capabilities.
A modified version of Cuckoo Sandbox with enhanced features and capabilities.
Teller is a command-line secret management tool that integrates with various cloud providers and vaults to securely populate environment variables during development workflows.
Teller is a command-line secret management tool that integrates with various cloud providers and vaults to securely populate environment variables during development workflows.
Preflight is a Go-based verification tool that helps organizations validate scripts and executables to prevent supply chain attacks by enabling secure self-compilation and trusted distribution methods.
Preflight is a Go-based verification tool that helps organizations validate scripts and executables to prevent supply chain attacks by enabling secure self-compilation and trusted distribution methods.