Skip to content

Latest commit

 

History

History
82 lines (80 loc) · 8.13 KB

tools.md

File metadata and controls

82 lines (80 loc) · 8.13 KB
Raw

Not The Hidden Wiki

Learn Threat Hunting

  1. Sigma rule converter - link
  2. YARA/Sigma rules - link
  3. Sigma SIEM rules - link
  4. Search for an extension or submit an extension ID to scan - link
  5. Free Malware samples - link
  6. AD Advanced threat huntung - link
  7. URLhaus is a project from abuse.ch with the goal of sharing malicious URLs that are being used for malware distribution. - link
  8. Reputation lookup - link
  9. MX Toolbox - link
  10. MurMurHash: This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform. - link
  11. Phishcheck - link
  12. AIL Framework - link
  13. Docintel - link
  14. Yara Toolkit - link
  15. YarGen - link
  16. yaraQA - link
  17. YaraDbg - link
  18. YARA-L - link
  19. A curated list of awesome YARA rules, tools, and people. - link
  20. Extract and Visualize Data from URLs using Unfurl - link
  21. Yara-Rules: Repository of yara rules - link
  22. Repository containing Indicators of Compromise and Yara rules - link
  23. ThreatHunting - link
  24. YARA Rules for ProcFilter - link
  25. YaraHunts: Random hunting ordiented yara rules - link
  26. Yara-Rules: Repository of YARA rules made by McAfee ATR Team. - link
  27. mkYARA: Writing YARA rules for the lazy analyst link
  28. yara-validator: Validates yara rules and tries to repair the broken ones. - link
  29. Open Source Threat Intelligence Platform - link
  30. exonerator: Analyzes Tor network IP addresses, emphasizing exit nodes and assignment reasons - link
  31. iplist-firehol: Provides IP lists for enhanced network filtering and cybersecurity defense - link
  32. feodotracker: Monitors Feodo (Emotet) botnet activity for threat intelligence purposes - link
  33. fraudguard: A platform dedicated to fraud prevention and intelligence gathering - link
  34. honeydb: Collective repository for honeypot data, aiding in threat intelligence and cybersecurity research - link
  35. labs-inquest: Research platform providing cybersecurity insights and threat intelligence - link
  36. TI-Indicator-Search: provides daily threat intelligence feeds for malicious IP -link
  37. maldatabase: Platform for accessing a database of malware samples and associated information - link
  38. maltiverse: Threat intelligence platform facilitating the collection and sharing of cybersecurity indicators - link
  39. openphish: A database and repository for phishing URLs to enhance phishing threat intelligence - link
  40. signature-base: collection of signature based detection rules - link
  41. spamhaus: An organization providing real-time threat intelligence on spam and malware - link
  42. sslbl-abuse: Maintains a list of SSL certificates associated with malicious activities - link
  43. CTI-FAVICON - link
  44. IOC-MAKER - link
  45. manatin: Plugins oriented framework for cyber threat intelligence management - link
  46. typedb-cti: threat intelligence platform for organizing and managing CTI data - link
  47. malstrom: A tool for tracking threats, storing YARA rules, and aiding in incident response - link
  48. IntelOwl: An OSINT solution for retrieving threat intelligence data - link
  49. cortex: platform for analyzing and responding to cyber threats - link
  50. cuckoo: An automated dynamic malware analysis system used by researchers and security teams - link
  51. FireHOL-IP-Aggregator: An script for managing IP address feeds and appearance history - link
  52. forager: Script for hunting and gathering threat intelligence - link
  53. fenrir: A simple IOC scanner for detecting indicators of compromise - link
  54. goatrider: A tool for dynamically pulling threat intelligence feeds and comparing them - link
  55. GOOGLE-APT-Search-Engine: A Google Custom Search Engine focused on threat intelligence - link
  56. TI-GOSINT: A framework for collecting, processing, and exporting public indicators of compromise - link
  57. harbinger: A script to query multiple online threat aggregators from a single interface - link
  58. hiryu: A tool for organizing and visualizing APT campaign information and IOCs - link
  59. ioc-finder: A library for finding indicators of compromise in text using grammars - link
  60. ioc-parser: A tool to extract indicators of compromise from security reports in PDF - link
  61. iocextract: A tool for extracting IOCs from text files and enriching them with threat intelligence - link
  62. klara: A distributed system for scanning samples with Yara rules and generating scan results - link
  63. machiane: A tool for collecting intelligence from public sites and feeds about threath intelligence related data - link
  64. omnibus: An interactive command-line application for collecting and managing IOCs and artifacts - link
  65. ThreathTracer: A script for monitoring and generating alerts based on given sets of IOCs - link
  66. Suricata rules for network anomaly detection - link
  67. Awesome Threat Intelligence - link
  68. The Community Driven Cyber Threat Intelligence Library - link
  69. Tracking Ransomwares - link
  70. Daily feed of bad IPs (with blacklist hit scores) - link
  71. Ransomlook - link
  72. Telegram bot to get all messages real-time - link
  73. All-in-one vulnerability intelligence - link
  74. Onyphe: Cyber Defense Search Engine - link
  75. CTI-FAVICON - link
  76. IOC-MAKER - link
  77. UrlDna - link