Alternatives and similar repositories for Maco

Users that are interested in Maco are comparing it to the libraries listed below

• CAPESandbox / community

  View on GitHub
  Community modules for CAPE Sandbox
  ☆110Updated this week
• turbot / steampipe-plugin-virustotal

  View on GitHub
  Use SQL to instantly query file, domain, URL and IP scanning results from VirusTotal.
  ☆23Oct 13, 2025Updated 4 months ago
• sandialabs / mac-sandbox

  View on GitHub
  This is a malware analyzer for Mac OS X that extends the Cuckoo Sandbox project (https://cuckoosandbox.org/)
  ☆23Jul 8, 2016Updated 9 years ago
• shellcromancer / DaysOfYARA-2023

  View on GitHub
  Rules Shared by the Community from 100 Days of YARA 2023 -
  ☆18Apr 10, 2023Updated 2 years ago
• mitre / yararules-python

  View on GitHub
  Easily scan with multiple yara rules from different sources.
  ☆14Mar 9, 2024Updated last year
• m-chrome / py-suricataparser

  View on GitHub
  Pure python parser for Snort/Suricata rules.
  ☆33Mar 13, 2024Updated last year
• dod-cyber-crime-center / DC3-MWCP

  View on GitHub
  DC3 Malware Configuration Parser (DC3-MWCP) is a framework for parsing configuration information from malware. The information extracted …
  ☆339Feb 7, 2025Updated last year
• MSAdministrator / msi-utils

  View on GitHub
  A python package that helps with analysis of MSI files
  ☆14Mar 28, 2021Updated 4 years ago
• davidljohnson / SigGen

  View on GitHub
  ☆18May 5, 2024Updated last year
• CybercentreCanada / assemblyline-base

  View on GitHub
  Base components for Assemblyline 4 (Datastore, ODM, Filestore, Remote Datatypes, utils function, etc...)
  ☆71Updated this week
• williballenthin / viv-utils

  View on GitHub
  Utilities for working with vivisect
  ☆26Oct 1, 2025Updated 4 months ago
• MythicMeta / MythicContainer

  View on GitHub
  GoLang package for creating Mythic Payload Types, C2 Profiles, Translation Services, WebHook listeners, and Loggers
  ☆23Dec 15, 2025Updated last month
• CERT-Polska / mwdb-core

  View on GitHub
  Malware repository component for samples & static configuration with REST API interface.
  ☆373Feb 6, 2026Updated last week
• stairwell-inc / threat-research

  View on GitHub
  Repository of tools, YARA rules, and code-snippets from Stairwell's research team.
  ☆23Jan 31, 2024Updated 2 years ago
• knightsc / EndpointSecurity

  View on GitHub
  A module to expose the Endpoint Security library to Swift
  ☆20Jul 10, 2019Updated 6 years ago
• jeFF0Falltrades / rat_king_parser

  View on GitHub
  A robust, multiprocessing-capable, multi-family RAT config parser/config extractor for AsyncRAT, DcRAT, VenomRAT, QuasarRAT, XWorm, Xeno …
  ☆66Jan 12, 2026Updated last month
• AhmetPayaslioglu / YaraRules

  View on GitHub
  ☆22Jun 2, 2023Updated 2 years ago
• optiv / CVE-2020-15931

  View on GitHub
  Netwrix Account Lockout Examiner 4.1 Domain Admin Account Credential Disclosure Vulnerability
  ☆27Nov 11, 2020Updated 5 years ago
• ruppde / yara_rules

  View on GitHub
  Yara rules
  ☆22Mar 27, 2023Updated 2 years ago
• CERT-Bund / IRNetTools

  View on GitHub
  Incident Response Network Tools
  ☆24Jul 23, 2021Updated 4 years ago
• sisoma2 / malware_analysis

  View on GitHub
  Scripts, Yara rules and other files developed during malware investigations
  ☆27Aug 19, 2022Updated 3 years ago
• CybercentreCanada / CCCS-Yara

  View on GitHub
  YARA rule metadata specification and validation utility / Spécification et validation pour les règles YARA
  ☆114Updated this week
• binalyze / tigma

  View on GitHub
  Sigma Engine implementation in TypeScript
  ☆28Mar 5, 2023Updated 2 years ago
• plyara / plyara

  View on GitHub
  Parse YARA rules and operate over them more easily.
  ☆195Feb 6, 2025Updated last year
• anyrun / blog-scripts

  View on GitHub
  ☆35Jan 13, 2026Updated last month
• Immersive-Labs-Sec / SliverC2-Forensics

  View on GitHub
  A collection of tools and detections for the Sliver C2 Frameworj
  ☆133Apr 24, 2023Updated 2 years ago
• michelcrypt4d4mus / yaralyzer

  View on GitHub
  Visually inspect and force decode YARA and regex matches found in both binary and text data with colors. Lots of colors.
  ☆147Feb 1, 2026Updated last week
• Coalfire-CF / Coalfire-GCP-RAMPpak

  View on GitHub
  Coalfire GCP RAMP/pak Reference Architecture
  ☆13Feb 5, 2026Updated last week
• QinetiQ-Cyber-Intelligence / OpenCTI-Terraform

  View on GitHub
  A highly available AWS deployment of the Threat Intelligence platform, OpenCTI using Terraform. Native AWS resources are used where feasi…
  ☆38Apr 23, 2023Updated 2 years ago
• DanusMinimus / MalwareLake

  View on GitHub
  A python script that allows a researcher to merge databases from Malshare and Malware Bazaar to created enrriched datasets from SIEM tool…
  ☆28Apr 6, 2020Updated 5 years ago
• ail-project / ail-training

  View on GitHub
  AIL project training materials
  ☆39Jul 17, 2025Updated 6 months ago
• mitre-attack / attack-workbench-taxii-server

  View on GitHub
  An application allowing users to explore, create, annotate, and share extensions of the MITRE ATT&CK® knowledge base. This repository con…
  ☆42Jan 20, 2026Updated 3 weeks ago
• asrofiw / express-backend

  View on GitHub
  Build a project with Express.js
  ☆11Jan 31, 2021Updated 5 years ago
• hellocosmos / mitre-attck-suricata-automation

  View on GitHub
  Mitre ATT&CK and Suricata Rules Automation with AI & LLM
  ☆14Sep 28, 2024Updated last year
• german-zarate / ecommerce-store

  View on GitHub
  An full-stack eCommerce store web application in nodejs
  ☆11Jun 6, 2024Updated last year
• AkiRaID / akirabotv1

  View on GitHub
  Akira Bot adalah Bot Whatsapp yg Memiliki 500+ Fitur, dan Menggunakan Bermacam² Rest Api
  ☆10Apr 6, 2021Updated 4 years ago
• EDRCoin / EDRcoin-src

  View on GitHub
  EDRcoin source
  ☆10Mar 23, 2016Updated 9 years ago
• OpenCTI-Platform / splunk-add-on

  View on GitHub
  OpenCTI Add-On for Splunk
  ☆13Jan 13, 2026Updated last month
• mandiant / mandiant_managed_hunting

  View on GitHub
  Azure Deployment Templates for Mandiant Managed Huning
  ☆12Jun 1, 2023Updated 2 years ago