dfir

Star

Here are 767 public repositories matching this topic...

Language:All

Filter by language

All767 Python286 PowerShell81 Shell47 Go40 C#26 HTML24 Rust22 C17 Batchfile12 C++10

Sort:Most stars

Sort options

Most stars Fewest stars Most forks Fewest forks Recently updated Least recently updated

toniblyx /my-arsenal-of-aws-security-tools

Star9.3k

List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

security auditing cloud aws-lambda incident-response iam dfir cloudtrail aws-infrastructure security-tools aws-inventory

UpdatedOct 16, 2025
Shell

meirwah /awesome-incident-response

Star8.6k

A curated list of tools for incident response

security list awesome incident-response dfir cybersecurity awesome-list incident-response-tooling

UpdatedJul 18, 2024

LOLBAS-Project /LOLBAS

Star8.1k

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

dfir blueteam redteam purpleteam lolbins lolscripts living-off-the-land

UpdatedOct 2, 2025
XSLT

zeek /zeek

Star7.2k

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.

security pcap dfir bro network-monitoring nsm ndr zeek

UpdatedNov 5, 2025
C++

clong /DetectionLab

Sponsor

Star4.9k

Automate the creation of a lab environment complete with security tooling and logging best practices

ansible vagrant packer powershell terraform detection dfir vagrantfile sysmon osquery information-security lab-environment detectionlab dfir-automation

UpdatedJul 6, 2024
HTML

cugu /awesome-forensics

Star4.7k

⭐️ A curated list of awesome forensic analysis tools and resources

open-source dfir free digital-forensics computer-forensics forensic-analysis

UpdatedOct 2, 2025

OTRF /ThreatHunter-Playbook

Star4.4k

A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.

dfir sysmon threat-hunting hunting hunter mitre hypothesis hunting-campaigns mitre-attack-db

UpdatedFeb 15, 2024
Python

intelowlproject /IntelOwl

Sponsor

Star4.3k

IntelOwl: manage your Threat Intelligence at scale

python ioc enrichment osint incident-response dfir cybersecurity threat-hunting malware-analyzer malware-analysis threatintel cyber-security hacktoberfest security-tools threat-intelligence honeynet cyber-threat-intelligence osint-python threathunting intel-owl

UpdatedNov 6, 2025
Python

TheHive-Project /TheHive

Star3.8k

TheHive: a Scalable, Open Source and Free Security Incident Response Platform

api open-source platform scala rest incident-response orchestration dfir analyzer free misp thehive security-incidents iocs digital-forensics investigations cortex agplv3 incident-management incident-response-tooling

UpdatedJul 25, 2025
Scala

Neo23x0 /Loki

Star3.7k

Loki - Simple IOC and YARA Scanner

python ioc scanner signature hash dfir antivirus yara yara-rules otx

UpdatedOct 27, 2025
Python

WithSecureLabs /chainsaw

Star3.4k

Rapidly Search and Hunt through Windows Forensic Artefacts

windows rust security attack detection logs forensics dfir threat-hunting sigma blueteam chainsaw countercept

UpdatedOct 12, 2025
Rust

google /timesketch

Star3.2k

Collaborative forensic timeline analysis

security analysis timeline forensics dfir

UpdatedNov 5, 2025
Python

Security-Onion-Solutions /security-onion

Star3.1k

Security Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management

dfir ids intrusion-detection network-security-monitoring log-management nsm hunting

UpdatedApr 16, 2021

JPCERTCC /LogonTracer

Star3k

Investigate malicious Windows logon by visualizing and analyzing Windows event log

visualization javascript security active-directory dfir event-log python-3 blueteam

UpdatedOct 19, 2025
Python

Yamato-Security /hayabusa

Star2.9k

Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

windows rust security attack detection incident-response logs event threat forensics dfir cybersecurity response threat-hunting hunting sigma incident security-automation yamato hayabusa

UpdatedNov 5, 2025
Rust

olafhartong /sysmon-modular

Sponsor

Star2.9k

A repository of sysmon configuration modules

modular dfir sysmon threat-hunting security-tools mitre-attack

UpdatedAug 21, 2024
PowerShell

Neo23x0 /signature-base

Star2.8k

YARA signature and IOC database for my scanners and tools

ioc scanner anti-virus signature hash dfir threat-hunting yara yara-rules threat-intelligence

UpdatedNov 3, 2025
YARA

sbousseaden /EVTX-ATTACK-SAMPLES

Star2.4k

Windows Events Attack Samples

dfir dataset threat-hunting winlogbeat mitre-attack evtx windows-security detection-engineering

UpdatedJan 24, 2023
HTML

mikeroyal /Digital-Forensics-Guide

Star2.3k

Digital Forensics Guide. Learn all about Digital Forensics, Computer Forensics, Mobile device Forensics, Network Forensics, and Database Forensics.

security osint alerting forensics dfir intrusion-detection siem digital-forensics offensive-security cyber-security network-security port-scanning forensic-analysis threat-intelligence mitre-attack forensics-investigations detection-engineering digitalforensics forensics-tools digitalforensicreadiness

UpdatedJan 4, 2024
Python

mattnotmax /cyberchef-recipes

Star2.1k

A list of cyber-chef recipes and curated links

incident-response malware regular-expression dfir data-manipulation cyberchef cyberchef-recipes

UpdatedJun 14, 2024

Improve this page

Add a description, image, and links to thedfir topic page so that developers can more easily learn about it.

Curate this topic

Add this topic to your repo

To associate your repository with thedfir topic, visit your repo's landing page and select "manage topics."

Learn more

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

dfir

Here are 767 public repositories matching this topic...

toniblyx /my-arsenal-of-aws-security-tools

meirwah /awesome-incident-response

LOLBAS-Project /LOLBAS

zeek /zeek

clong /DetectionLab

cugu /awesome-forensics

OTRF /ThreatHunter-Playbook

intelowlproject /IntelOwl

TheHive-Project /TheHive

Neo23x0 /Loki

WithSecureLabs /chainsaw

google /timesketch

Security-Onion-Solutions /security-onion

JPCERTCC /LogonTracer

Yamato-Security /hayabusa

olafhartong /sysmon-modular

Neo23x0 /signature-base

sbousseaden /EVTX-ATTACK-SAMPLES

mikeroyal /Digital-Forensics-Guide

mattnotmax /cyberchef-recipes

Improve this page

Add this topic to your repo