30 open-source projects similar to inquest/python-iocextract, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Python Iocextract alternative.
MISP is an open-source threat intelligence sharing platform designed for collecting, storing, and distributing structured threat indicators and intelligence. At its core, it provides a distributed synchronization protocol for transferring events between instances, an attribute-based correlation engine that links matching indicators across events, and a REST API with an OpenAPI specification for programmatic access to threat data. The platform uses formal data formats for JSON, taxonomy, galaxy, and object templates to enable compatibility across tools and communities. The platform distinguish
A Yara rule generator for finding related samples and hunting
AI-assisted malware reverse-engineering debugger with ATT&CK, YARA, IOC, JSON, and analyst report output
A framework for receiving and redistributing abuse feeds
Yara rule generator using VirusTotal code similarity feature code-similar-to:
A multi-platform .Net wrapper library for the native Yara library.
Clojure YARA-style pattern matching - malware signatures, hex/ascii/regex patterns
Performs OCR on image files and scans them for matches to YARA rules
Python 3 tool to parse Yara rules (extension of yarabuilder)
Yara integrated software to handle archive file data.
IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol.
Cyber Threat Intelligence Feeds
Factual-rules-generator is an open source project which aims to generate YARA rules about installed software from a machine.
Validates yara rules and tries to repair the broken ones.
Arya is a unique tool that produces pseudo-malicious files meant to trigger YARA rules. You can think of it like a reverse YARA.
CrowdStrike Feed Management System. CrowdFMS is a framework for automating collection and processing of samples from VirusTotal, by leveraging the Private API system. This framework automatically downloads recent samples, which triggered an alert on the users YARA notification feed.
DEPRECATED - USE v3 (bearded-avenger)
Repository that contains a set of purposefully erroneous Yara rules.