Simple, effective, and modular package for parsing observables (indicators of compromise (IOCs), network data, and other, security related information) from text. It uses grammars rather than regexes which makes it more readable, maintainable, and hackable. Explore our interactive documentation here: https://hightower.space/ioc-finder/
☆179Mar 13, 2026Updated this week
Alternatives and similar repositories for ioc-finder
Users that are interested in ioc-finder are comparing it to the libraries listed below
Sorting:
- Fang and defang indicators of compromise. You can test this project in a GUI here: http://ioc-fanger.hightower.space .☆68Oct 2, 2023Updated 2 years ago
- Defanged Indicator of Compromise (IOC) Extractor.☆569Aug 28, 2024Updated last year
- Extract and aggregate threat intelligence.☆908Jan 31, 2024Updated 2 years ago
- A collection of YARA rules we wish to share with the world, most probably referenced from http://blog.inquest.net.☆388May 11, 2022Updated 3 years ago
- Threat Feed Aggregation, Made Easy☆169Jul 13, 2020Updated 5 years ago
- A FUSE module to mount captured network data☆41Jun 20, 2025Updated 8 months ago
- An open source framework for enterprise level automated analysis.☆394Jun 27, 2022Updated 3 years ago
- All-in-one bundle of MISP, TheHive and Cortex☆170Sep 27, 2022Updated 3 years ago
- Your Everyday Threat Intelligence☆1,958Feb 12, 2026Updated last month
- Parse YARA rules and operate over them more easily.☆195Feb 6, 2025Updated last year
- 🚌 Threat Bus – A threat intelligence dissemination layer for open-source security tools.☆270Mar 17, 2023Updated 3 years ago
- A mapping of used malware names to commonly known family names☆63Feb 21, 2023Updated 3 years ago
- CIF v3 -- the fastest way to consume threat intelligence☆183Apr 20, 2023Updated 2 years ago
- Graphics, icons, and diagrams to support STIX 2☆48Jun 2, 2021Updated 4 years ago
- Extract indicators of compromise from text, including "escaped" ones.☆163Apr 19, 2020Updated 5 years ago
- YARA, SIGMA, SNORT Rules based on Malware Analysis☆17Apr 23, 2025Updated 10 months ago
- Modular command-line threat hunting tool & framework.☆17Jul 20, 2020Updated 5 years ago
- ☆23Jul 7, 2023Updated 2 years ago
- Tool to extract indicators of compromise from security reports in PDF format☆439Feb 24, 2023Updated 3 years ago
- Django web interface for managing Yara rules☆196Jul 28, 2018Updated 7 years ago
- A tool to extract structured cyber information from incident reports.☆82Aug 30, 2018Updated 7 years ago
- ☆24Sep 28, 2022Updated 3 years ago
- OASIS Cyber Threat Intelligence (CTI) TC: A tool for generating STIX content for prototyping and testing. https://github.com/oasis-open/c…☆43Apr 15, 2024Updated last year
- Repository of YARA rules made by Trellix ATR Team☆626Mar 18, 2025Updated 11 months ago
- TTPDrill focuses on developing automated and context-aware analytics of cyber threat intelligence to accurately learn attack patterns (TT…☆28May 29, 2020Updated 5 years ago
- A Novel and Modular Solution for Extracting All STIX Objects in CTI Reports☆28Aug 21, 2023Updated 2 years ago
- APTnotes data☆1,774Dec 16, 2024Updated last year
- Automatic YARA rule generation for Malpedia☆168Sep 8, 2022Updated 3 years ago
- Malware/IOC ingestion and processing engine☆109Nov 20, 2018Updated 7 years ago
- Generic Signature Format for SIEM Systems☆14Oct 27, 2021Updated 4 years ago
- Elemental - An ATT&CK Threat Library☆318Dec 8, 2022Updated 3 years ago
- Indicators of Compromises (IOC) of our various investigations☆1,933Mar 10, 2026Updated last week
- A python app to predict Att&ck tactics and techniques from cyber threat reports☆128Nov 15, 2023Updated 2 years ago
- Apps to be used for Shuffle automation. Most of Shuffle's apps (2500+) are generated from APIs, and available in the search engine below:☆124Mar 2, 2026Updated 2 weeks ago
- DFIRTrack - The Incident Response Tracking Application☆533Jan 13, 2026Updated 2 months ago
- IoC's, PCRE's, YARA's etc☆23Mar 25, 2025Updated 11 months ago
- FAME Automates Malware Evaluation☆930Dec 16, 2025Updated 3 months ago
- Cyber Threat Intelligence Repository expressed in STIX 2.0☆2,038Dec 19, 2025Updated 2 months ago
- A query aggregator for OSINT based threat hunting☆933Mar 7, 2026Updated last week