30 open-source projects similar to certtools/intelmq, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Intelmq alternative.
PowerForensics provides an all in one platform for live disk forensic analysis
Forensics acquisition framework designed to be extensible and secure
IPED Digital Forensic Tool. It is an open source software that can be used to process and analyze digital evidence, often seized at crime scenes by law enforcement or in a corporate investigation by private examiners.
DFF (Digital Forensics Framework) is a Forensics Framework coming with command line and graphical interfaces. DFF can be used to investigate hard drives and volatile memory and create reports about user and system activities.
The Sleuth Kit® (TSK) is a library and collection of command line digital forensics tools that allow you to investigate volume and file system data. The library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence.
AIFT is a GUI, CLI, REST API, and MCP tool that helps DFIR analysts get oriented quickly. Point it at disk images, VM images, forensic archives, or triage packages; AIFT discovers what can be opened, parses artifacts with Dissect, and uses AI to turn parsed data into concrete leads and gaps for the investigator to verify.
Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats, developed by Fox-IT (part of NCC Group).
Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service - https://circl.lu/services/hashlookup/
Defanged Indicator of Compromise (IOC) Extractor.
IntelOwl is a threat intelligence platform and security orchestration engine designed to aggregate, analyze, and enrich security observables. It functions as a security incident investigation tool and a threat intelligence aggregator, collecting data on files, domains, and IP addresses from diverse internal and external sources. The system differentiates itself through playbook-based workflow automation, allowing users to define reusable sequences of analysis tasks that trigger subsequent jobs based on prior outputs. It unifies disparate security data into a common schema and utilizes protoco
Aggregates security advisories from 10 international CERTs daily and provides an AI skill that cross-references alerts against your project's tech stack.
A modular Python application to pull intelligence about malicious files
A modular Python application to collect intelligence for malicious hosts.
ThreatTracker is a Python script designed to monitor and generate alerts on given sets of indicators of compromise (IOCs) indexed by a set of Google Custom Search Engines.
MISP is an open-source threat intelligence sharing platform designed for collecting, storing, and distributing structured threat indicators and intelligence. At its core, it provides a distributed synchronization protocol for transferring events between instances, an attribute-based correlation engine that links matching indicators across events, and a REST API with an OpenAPI specification for programmatic access to threat data. The platform uses formal data formats for JSON, taxonomy, galaxy, and object templates to enable compatibility across tools and communities. The platform distinguish
Tool to gather Threat Intelligence indicators from publicly available sources
Threat Intelligence Quotient Test - Dataviz and Statistical Analysis of TI feeds
OpenCTI is a cyber threat intelligence platform and knowledge base used to store, manage, and analyze technical security data. It functions as a threat intelligence visualization tool and an enterprise security data orchestrator that maps relationships between threat actors, malware, and vulnerabilities. The platform utilizes the STIX and TAXII standards for data representation and exchange, allowing for the sharing and receiving of standardized intelligence bundles. It distinguishes itself by converting complex security information into visual relationship diagrams and geographic maps to ide
linux c++, fox-toolkit, multi-threaded forensic gui tool
Sigma is a suite of tools for defining generic log signatures and translating them for multiple backends. It provides a structured way to define malicious behavior and detection logic independently of any specific backend technology, acting as a translation engine that maps generic event fields and correlation logic to the proprietary query languages of security data lakes and SIEM platforms. The project features a plugin-based multi-backend query generator that exports security detections into various database and log management formats. It also includes a threat framework mapping tool that
This project is a community-curated repository of YARA rules used to detect malware, webshells, and other malicious patterns in files. It serves as a dataset of signatures for identifying known malware families, software packers, and threat intelligence indicators. The collection provides specialized detection capabilities for identifying exploit kits and anti-analysis evasion techniques, such as anti-debugging and anti-virtualization methods. It also includes signatures for cryptographic algorithm detection and the identification of unauthorized remote administration tools on servers. The r