cisagov / thoriumView external linksLinks
A scalable file analysis and data generation platform that allows users to easily orchestrate arbitrary docker/vm/shell tools at scale.
☆982Feb 4, 2026Updated last week
Alternatives and similar repositories for thorium
Users that are interested in thorium are comparing it to the libraries listed below
Sorting:
- Playbook-NG is a stateless web-based application used to match incident findings with countermeasures for adversary containment and evict…☆155Dec 5, 2025Updated 2 months ago
- Threat-hunting tool for Linux☆1,035Feb 3, 2026Updated last week
- Suzaku (朱雀) is a sigma-based threat hunting and fast forensics timeline generator for cloud logs.☆167Dec 7, 2025Updated 2 months ago
- Segugio allows the execution and tracking of critical steps in the malware detonation process, from clicking on the first stage to extrac…☆151Sep 21, 2024Updated last year
- Digging Deeper....☆3,747Feb 5, 2026Updated last week
- The Multiplatform Linux Sandbox☆16Dec 19, 2023Updated 2 years ago
- Digital forensic analysis tool that provides a user-friendly interface for investigating disk images.☆205Nov 12, 2025Updated 3 months ago
- Misconfiguration Manager is a central knowledge base for all known Microsoft Configuration Manager tradecraft and associated defensive an…☆1,086Feb 4, 2026Updated last week
- Minimalistic WebUI for passiveDNS tool☆18May 6, 2021Updated 4 years ago
- Rules shared by the community from 100 Days of YARA 2025☆38Jan 2, 2026Updated last month
- Main Sigma Rule Repository☆10,109Updated this week
- Rapidly Search and Hunt through Windows Forensic Artefacts☆3,440Oct 12, 2025Updated 4 months ago
- UAC is a powerful and extensible incident response tool designed for forensic investigators, security analysts, and IT professionals. It …☆1,238Feb 5, 2026Updated last week
- This project aims to compare and evaluate the telemetry of various EDR products.☆1,924Jan 20, 2026Updated 3 weeks ago
- A security analysis tool that identifies DNS queries made by browser extensions, empowering security teams to detect and investigate susp…☆185Feb 9, 2025Updated last year
- Scan files for potential threats while leveraging AMSI (Antimalware Scan Interface) and Windows Defender. By isolating malicious content.☆36Jan 2, 2025Updated last year
- Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.☆3,014Feb 4, 2026Updated last week
- A PowerShell module for acquisition of data from Microsoft 365 and Azure for Incident Response and Cyber Security purposes.☆765Jan 15, 2026Updated 3 weeks ago
- IntelOwl: manage your Threat Intelligence at scale☆4,451Updated this week
- A collection of PowerShell scripts for analyzing data from Microsoft 365 and Microsoft Entra ID☆573Dec 6, 2025Updated 2 months ago
- A deliberately vulnerable Microsoft Entra ID environment. Learn identity security through hands-on, realistic attack challenges.☆883Jan 15, 2026Updated 3 weeks ago
- Logging Made Easy (LME) is a no cost, open source platform that centralizes log collection, enhances threat detection, and enables real-t…☆1,371Updated this week
- BlueSky OSINT Tool☆14Dec 10, 2024Updated last year
- The Eventlog Compendium is the go-to resource for understanding Windows Event Logs.☆51Apr 22, 2025Updated 9 months ago
- ☆22Dec 22, 2020Updated 5 years ago
- Open Cyber Threat Intelligence Platform☆8,212Updated this week
- PurpleLab is an efficient and readily deployable lab solution, providing a swift setup for cybersecurity professionals to test detection…☆724Aug 9, 2025Updated 6 months ago
- CloudGrappler is a purpose-built tool designed for effortless querying of high-fidelity and single-event detections related to well-known…☆265Nov 21, 2025Updated 2 months ago
- Repository where I hold random detection and threat hunting queries that I come up with based on different sources of information (or eve…☆277Dec 20, 2025Updated last month
- Malware Configuration And Payload Extraction☆2,991Feb 6, 2026Updated last week
- rxtls is a hyper-optimized, per-core Certificate Transparency (CT) log processor built for one purpose: to extract and process 100,000+ X…☆55Jan 5, 2026Updated last month
- Automation to assess the state of your M365 tenant against CISA's baselines☆2,438Feb 6, 2026Updated last week
- Save toil in security operations with: Detection & Intelligence Analysis for New Alerts (D.I.A.N.A. )☆225Sep 4, 2024Updated last year
- A resource containing all the tools each ransomware gangs uses☆1,327Dec 24, 2025Updated last month
- A starter pack of resources to help you get started in Detection Engineering.☆183Jan 17, 2026Updated 3 weeks ago
- Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts…☆1,073Nov 25, 2025Updated 2 months ago
- A collection of Azure AD/Entra tools for offensive and defensive security purposes☆2,515Feb 5, 2026Updated last week
- Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs an…☆2,334Jan 30, 2026Updated 2 weeks ago
- Sploit -- All-in-one, AI-powered cybersecurity toolkit for web, network, and phishing tests. Modular, cross-platform, Docker-ready, wit…☆30Aug 29, 2025Updated 5 months ago