A simple-to-use IR (incident response) case management tool for tracking and documenting investigations.
☆440Feb 13, 2026Updated 3 weeks ago
Alternatives and similar repositories for Kanvas
Users that are interested in Kanvas are comparing it to the libraries listed below
Sorting:
- A tool for fetching DFIR and other GitHub tools.☆25Aug 2, 2025Updated 7 months ago
- Modern honeypot supporting multiple services, realistic website cloning, and AI-powered features☆157Dec 2, 2025Updated 3 months ago
- A preconfigured Velociraptor triage collector☆76Updated this week
- VelociraptorMCP is a Model Context Protocol bridge for exposing LLMs to MCP clients.☆70Aug 20, 2025Updated 6 months ago
- ☆22Nov 22, 2025Updated 3 months ago
- Segugio allows the execution and tracking of critical steps in the malware detonation process, from clicking on the first stage to extrac…☆151Sep 21, 2024Updated last year
- A Model Context Protocol (MCP) server that integrates Volatility 3 memory forensics framework with Claude☆31Jul 7, 2025Updated 8 months ago
- Tools for Incident Response and Malware Analysis☆11Feb 9, 2025Updated last year
- CLI tools for forensic investigation of Windows artifacts☆349Jul 21, 2025Updated 7 months ago
- Menu for Thor scanner lite☆20Oct 24, 2025Updated 4 months ago
- This tool parses Windows EVTX logs to extract login and logout sessions from a security.evtx file. It uses a Tkinter GUI to let you selec…☆31Feb 22, 2025Updated last year
- A collection of PowerShell scripts for analyzing data from Microsoft 365 and Microsoft Entra ID☆577Dec 6, 2025Updated 3 months ago
- UAC is a powerful and extensible incident response tool designed for forensic investigators, security analysts, and IT professionals. It …☆1,249Feb 25, 2026Updated last week
- Fork this repo! Do a Pull Request! As many times as you want! Learn the ins and outs of how to contribute to GitHub! Make your mistakes h…☆14Jun 21, 2024Updated last year
- This tool was created to address a common blind spot in corporate security: chat platforms. During penetration tests and red team engage…☆50Dec 21, 2025Updated 2 months ago
- Parses USB connection artifacts from offline Registry hives☆107Feb 8, 2026Updated 3 weeks ago
- Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders☆1,061Oct 5, 2023Updated 2 years ago
- Linux Baseline and Forensic Triage Tool - BETA☆57Sep 8, 2022Updated 3 years ago
- An open source platform to support analysts to organise their case and tasks☆126Updated this week
- PowerShell tools to help defenders hunt smarter, hunt harder.☆473Oct 29, 2025Updated 4 months ago
- Capture. Detonate. Collect☆14Sep 20, 2024Updated last year
- LotL RMM☆313Updated this week
- PowerShell-based Automation of Defender for Endpoint☆187Jul 3, 2025Updated 8 months ago
- A series of python scripts to extract information from Dark Web Applications☆14Mar 26, 2025Updated 11 months ago
- This project aims to compare and evaluate the telemetry of various EDR products.☆1,930Jan 20, 2026Updated last month
- Collaborative Incident Response platform☆1,429Feb 16, 2026Updated 2 weeks ago
- Repository where I hold random detection and threat hunting queries that I come up with based on different sources of information (or eve…☆277Dec 20, 2025Updated 2 months ago
- MasterParser is a powerful DFIR tool designed for analyzing and parsing Linux logs☆757Feb 1, 2026Updated last month
- My external brain for cyber defense (WIP). A practical collection of field notes on hunting strategies and system principles. Documentin…☆60Feb 27, 2026Updated last week
- This is a simple Python script that connects to a MISP instance and retrieves attributes of specific types (such as IP addresses, URLs, a…☆16Feb 6, 2023Updated 3 years ago
- Takajō (鷹匠) is a Hayabusa results analyzer.☆151Feb 23, 2026Updated last week
- A PowerShell module for acquisition of data from Microsoft 365 and Azure for Incident Response and Cyber Security purposes.☆771Updated this week
- A high-speed forensic timeline engine for Windows forensic artifact CSV output built for DFIR investigators. Quickly consolidate CSV outp…☆309Feb 26, 2026Updated last week
- Check subdomains for subdomain takeovers and other DNS tomfoolery☆435Updated this week
- Repository for sharing examples of our artifacts data and for use in new analyst recruitment.☆109Apr 22, 2025Updated 10 months ago
- Automating the baseline logging settings found here: https://nullsec.us/windows-baseline-logging/☆20Jan 28, 2025Updated last year
- KQLIntel is a browser-based tool that uses LLMs to convert threat intelligence reports into actionable Kusto Query Language (KQL) queries…☆29Aug 4, 2025Updated 7 months ago
- Captures network traffic app made in Rust.☆76Feb 4, 2026Updated last month
- Harness the power of Splunk for your investigations☆157Oct 11, 2025Updated 4 months ago