threat

Threat Pursuit Virtual Machine (VM): A fully customizable, open-sourced Windows-based distribution focused on threat intelligence analysis and hunting designed for intel and malware analysts as well as threat hunters to get up and running quickly.

data-science intelligence analytics virtual-machine malware threat cyber fireeye intelligence-analysis mandiant threatintelligence threathunting

UpdatedJun 1, 2023
PowerShell

certtools /intelmq

Star1.1k

IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol.

python ioc intelligence alerts automation incident-response malware phishing threat cybersecurity cert csirt feeds handling incident ihap

UpdatedFeb 14, 2026
Python

toolswatch /vFeed

Star946

The Correlated CVE Vulnerability And Threat Intelligence Database API

python threat exploits vulnerability scap vulnerability-databases threatintel cve oval vulnerability-detection vulnerability-identification vulnerability-scanners cwe capec intelligence-gathering threat-intelligence vulnerability-database-entry threat-intelligence-database vfeed common-vulnerability-exposure

UpdatedMay 28, 2021
Python

cyberark /SkyArk

Star905

SkyArk helps to discover, assess and secure the most privileged entities in Azure and AWS

aws cloud powershell azure privileges threat attacker security-tools cloud-security admins

UpdatedDec 17, 2024
PowerShell

Yamato-Security /WELA-deprecated

Star779

WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅（ウェラ）

windows log analysis timeline logs event threat forensics dfir response hunting sigma incident

UpdatedFeb 3, 2023
PowerShell

TonyPhipps /SIEM

Star696

SIEM Tactics, Techiques, and Procedures

security monitor log analysis red blue scan threat forensics response purple baseline threat-hunting hunt recon team siem soc incident triage

UpdatedFeb 3, 2026

stanfrbd /cyberbro

Star602

A simple application that extracts your IoCs from garbage input and checks their reputation using multiple CTI services.

python docker security ioc ipinfo osint incident-response hash threat dfir cybersecurity infosec threat-hunting cti virustotal blueteam security-tools threat-intelligence cyber-threat-intelligence osint-python

UpdatedFeb 7, 2026
Python

manifoldfinance /defi-threat

Star498

a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations on decentralized finance

ethereum smart-contracts blockchain threat solidity infosec cve evm erc20 advisories erc721 defi smart-contracts-audit nfts defi-threat threat-matrix kill-chain

UpdatedJun 22, 2024
JavaScript

TalEliyahu /Threat_Model_Examples

Star487

A collection of real-world threat model examples across various technologies, providing practical insights into identifying and mitigating security risks.

threat cybersecurity threat-modeling risk-assessment threat-analysis

UpdatedJun 12, 2025

TonyPhipps /Meerkat

Star481

A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.

security monitor log analysis red blue scan threat forensics response purple baseline threat-hunting hunt recon team siem soc incident triage

UpdatedNov 15, 2024
PowerShell

EXP-Tools /threat-broadcast

Star408

威胁情报播报

programming threat broadcast safe cve

UpdatedFeb 20, 2026
Python

SupportIntelligence /Icewater

Star390

16,432 Free Yara rules created by

cluster threat dna malware-analysis yara

UpdatedJun 1, 2019
YARA

opencybersecurityalliance /kestrel-lang

Star324

Kestrel threat hunting language: building reusable, composable, and shareable huntflows across different data sources and threat intel.

language security threat cybersecurity threat-hunting threatintel hacktoberfest security-automation security-tools threat-intelligence

UpdatedSep 27, 2024
Python

Aabyss-Team /Ban-Hacker-IP-Plan

Star273

国内恶意IP封禁计划，还赛博空间一片朗朗乾坤

ioc intelligence threat ban-hosts hacker malice threat-intelligence ban-ip ban-bot

UpdatedMay 29, 2025

opencybersecurityalliance /stix-shifter

Star261

This project consists of an open source library allowing software to connect to data repositories using STIX Patterning, and return results as STIX Observations.

python security threat cybersecurity threat-hunting threatintel stix hacktoberfest security-automation security-tools threat-intelligence ocsf stix2