elastic/SWAT external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

elastic/SWAT

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/elastic/SWAT)

Close

elastic / SWATView on GitHubMore

• External links
• Readme badge

☆169Sep 30, 2025Updated 5 months ago

Alternatives and similar repositories for SWAT

Users that are interested in SWAT are comparing it to the libraries listed below

• vectra-ai-research / derf

  View on GitHub
  DeRF (Detection Replay Framework) is an "Attacks As A Service" framework, allowing the emulation of offensive techniques and generation o…
  ☆101Jan 12, 2024Updated 2 years ago
• Sam0x90 / CTI

  View on GitHub
  Repo containing various intel-based resources such as threat research, adversary emulation/simulation plan and so on
  ☆83Apr 27, 2024Updated last year
• DataDog / stratus-red-team

  View on GitHub
  Granular, Actionable Adversary Emulation for the Cloud
  ☆2,277Mar 12, 2026Updated last week
• DataDog / threatest

  View on GitHub
  Threatest is a CLI and Go framework for end-to-end testing threat detection rules.
  ☆339Mar 11, 2026Updated last week
• xforcered / ADOKit

  View on GitHub
  Azure DevOps Services Attack Toolkit
  ☆313Mar 15, 2025Updated last year
• jdyke / gcp-iam-analyzer

  View on GitHub
  Compares and analyzes GCP IAM roles.
  ☆78Mar 9, 2025Updated last year
• MHaggis / SequelEyes

  View on GitHub
  SQL, IIS, Oh My...
  ☆22Feb 24, 2025Updated last year
• Permiso-io-tools / LogLicker

  View on GitHub
  Tool for obfuscating and deobfuscating data.
  ☆77Mar 20, 2024Updated last year
• pushsecurity / saas-attacks

  View on GitHub
  Offensive security drives defensive security. We're sharing a collection of SaaS attack techniques to help defenders understand the threa…
  ☆1,406Jun 24, 2025Updated 8 months ago
• mrwadams / attackgen

  View on GitHub
  AttackGen is a cybersecurity incident response testing tool that leverages the power of large language models and the comprehensive MITRE…
  ☆1,207Dec 29, 2025Updated 2 months ago
• GoogleCloudPlatform / active-assist

  View on GitHub
  ☆25Jun 27, 2024Updated last year
• FlyingPhish / ROADTools-Analyser

  View on GitHub
  This python script performs a number of sqlite queries (mainly password metadata) against sqlite databases (Created by ROADtools) to prov…
  ☆22Jul 3, 2024Updated last year
• jatrost / awesome-kubernetes-threat-detection

  View on GitHub
  A curated list of resources about detecting threats and defending Kubernetes systems.
  ☆405Sep 2, 2023Updated 2 years ago
• facebookincubator / TTPForge

  View on GitHub
  The TTPForge is a Cybersecurity Framework for developing, automating, and executing attacker Tactics, Techniques, and Procedures (TTPs).
  ☆414Updated this week
• Algbra-Labs-OSS / Chronicle

  View on GitHub
  ☆65May 21, 2024Updated last year
• jamf / aftermath

  View on GitHub
  Aftermath is a free macOS IR framework
  ☆570Sep 25, 2025Updated 5 months ago
• techspence / BadShares

  View on GitHub
  A tool to create randomly insecure file shares that also contain unsecured credential files
  ☆49Feb 16, 2026Updated last month
• elastic / dorothy

  View on GitHub
  ☆191Mar 9, 2026Updated last week
• FalconForceTeam / FalconHound

  View on GitHub
  FalconHound is a blue team multi-tool. It allows you to utilize and enhance the power of BloodHound in a more automated fashion. It is de…
  ☆818Mar 6, 2026Updated 2 weeks ago
• dazzyddos / HSC24RedTeamInfra

  View on GitHub
  Slides and Codes used for the workshop Red Team Infrastructure Automation
  ☆193Apr 14, 2024Updated last year
• TupleType / awesome-cicd-attacks

  View on GitHub
  Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.
  ☆578Feb 12, 2026Updated last month
• OWNsecurity / GWForensic

  View on GitHub
  DFIR project to collect and analyze events in Google Workspace
  ☆13Apr 12, 2024Updated last year
• aquia-inc / aws-guardduty-runbook-generator

  View on GitHub
  Generates runbooks for GuardDuty findings
  ☆38Jun 24, 2024Updated last year
• ReversecLabs / leonidas

  View on GitHub
  Automated Attack Simulation in the Cloud, complete with detection use cases.
  ☆608Nov 28, 2024Updated last year
• Cyb3r-Monk / ACCD

  View on GitHub
  Active C&C Detector
  ☆156Oct 5, 2023Updated 2 years ago
• domain-protect / domain-protect

  View on GitHub
  OWASP Domain Protect - prevent subdomain takeover
  ☆397Dec 23, 2024Updated last year
• HackingLZ / IndicatorOfCanary

  View on GitHub
  Canary Detection
  ☆192Oct 20, 2025Updated 5 months ago
• 0x4143 / adversaryemulation-gems

  View on GitHub
  A not so awesome list of adversary emulation gems for aspiring red/blue/purple teamers
  ☆16Jul 19, 2022Updated 3 years ago
• BushidoUK / Breach-Report-Collection

  View on GitHub
  A collection of companies that disclose adversary TTPs after they have been breached
  ☆289Updated this week
• silascutler / dockerhoneypot-logs

  View on GitHub
  Collection of Docker honeypot logs from 2021 - 2024
  ☆36Sep 30, 2024Updated last year
• zenzora / awesome-gcpsec

  View on GitHub
  ☆14Jun 20, 2022Updated 3 years ago
• elastic / protections-artifacts

  View on GitHub
  Elastic Security detection content for Endpoint
  ☆1,384Mar 13, 2026Updated last week
• unknownhad / CloudIntel

  View on GitHub
  This repo contains IOC, malware and malware analysis associated with Public cloud
  ☆249Nov 11, 2024Updated last year
• amjcyber / pwnlook

  View on GitHub
  An offensive postexploitation tool that will give you complete control over the Outlook desktop application and therefore to the emails c…
  ☆166Oct 9, 2024Updated last year
• ReversecLabs / cloud-security-vm

  View on GitHub
  Ansible/Vagrant/Packer files to create a virtual machine with the tooling needed to perform cloud security assessments
  ☆142Jan 2, 2025Updated last year
• Group-IB / pythf

  View on GitHub
  Malware detonation platform Polygon integration
  ☆10Aug 1, 2023Updated 2 years ago
• invictus-ir / ALFA

  View on GitHub
  ALFA stands for Automated Audit Log Forensic Analysis for Google Workspace. You can use this tool to acquire all Google Workspace audit l…
  ☆173Mar 2, 2026Updated 2 weeks ago
• saw-your-packet / CloudShovel

  View on GitHub
  A tool for scanning public or private AMIs for sensitive files and secrets. The tool follows the research made on AWS CloudQuarry where w…
  ☆113Nov 13, 2024Updated last year
• zeronetworks / BlueHound

  View on GitHub
  BlueHound - pinpoint the security issues that actually matter
  ☆761Jul 12, 2023Updated 2 years ago