An index of publicly available and open-source threat detection rulesets.
☆130Apr 17, 2025Updated 10 months ago
Alternatives and similar repositories for Rulehound
Users that are interested in Rulehound are comparing it to the libraries listed below
Sorting:
- An OpenAI API Compatible Honeypot Gateway☆17Mar 17, 2025Updated 11 months ago
- A public collection of detections designed to detect threats associated with the Okta WIC Platform.☆14Jan 5, 2026Updated last month
- Convert Sigma rules to SIEM queries, directly in your browser.☆111Jan 24, 2026Updated last month
- Web Server Vulnerability Scanning Tool☆36Mar 11, 2025Updated 11 months ago
- PoC shadow SaaS and insecure credential detection system using a browser extension.☆42Feb 8, 2026Updated 3 weeks ago
- 🖥️ Windows 🚀 A Windows tool for emergency privacy: instantly deletes sensitive data and active logins to protect my information during …☆54Jan 26, 2026Updated last month
- AutoPwnKey is a red teaming framework and testing tool using AutoHotKey (AHK), which at the time of creation proves to be quite evasive. …☆111Jul 21, 2025Updated 7 months ago
- The Eventlog Compendium is the go-to resource for understanding Windows Event Logs.☆52Apr 22, 2025Updated 10 months ago
- A preconfigured Velociraptor triage collector☆76Feb 16, 2026Updated 2 weeks ago
- 🛡️Proactive ransomware defense for Windows, providing secure file hiding through camouflage, encrypted mappings, smart shortcuts and sea…☆16Oct 14, 2025Updated 4 months ago
- ☆11Dec 9, 2025Updated 2 months ago
- NOVA: The Prompt Pattern Matching☆98Jan 27, 2026Updated last month
- pocket guide for core detection engineering concepts☆31May 8, 2023Updated 2 years ago
- ☆50Dec 20, 2025Updated 2 months ago
- Fast and easy to use CLI-based file encryption program 📦☆13Oct 12, 2025Updated 4 months ago
- Mapping of open-source detection rules and atomic tests.☆201Feb 16, 2026Updated 2 weeks ago
- CRADLE is a collaborative platform for Cyber Threat Intelligence analysts. It streamlines threat investigations with integrated note-taki…☆339Updated this week
- Suzaku (朱雀) is a sigma-based threat hunting and fast forensics timeline generator for cloud logs.☆168Dec 7, 2025Updated 2 months ago
- Quick ESXi Log Parser☆29Oct 20, 2025Updated 4 months ago
- Feed it a number. Your cloned voice does the social engineering, while you sip your coffee. A ghost that talks on the phone for you.☆111May 30, 2025Updated 9 months ago
- WPAUDIT: Advanced WordPress security auditing suite & vulnerability scanner. Automates pentesting with Nmap, WPScan, Nuclei, SQLMap. Comp…☆34May 27, 2025Updated 9 months ago
- 🐻❄️ 🏹 Threat hunting with Polars and flaws.cloud AWS CloudTrail datasets.☆14May 22, 2024Updated last year
- BlueSky OSINT Tool☆14Dec 10, 2024Updated last year
- Terms of Use Conditional Access M365 Evilginx Phishlet☆44Jun 23, 2025Updated 8 months ago
- Hunt for SQLite files used by various applications☆30Jan 31, 2026Updated last month
- A lightweight PowerShell tool for assessing the security posture of Microsoft Entra ID environments. It helps identify privileged object…☆317Feb 8, 2026Updated 3 weeks ago
- A catalog of services that can be publicly exposed within different cloud providers.☆14Aug 30, 2024Updated last year
- Save toil in security operations with: Detection & Intelligence Analysis for New Alerts (D.I.A.N.A. )☆225Sep 4, 2024Updated last year
- 🌑 EclipseRecon is a personal project developed during my cybersecurity learning journey 🛡️. It helps practice web reconnaissance 🌐 by …☆28Nov 26, 2025Updated 3 months ago
- SharpEye: Advanced Linux Intrusion Detection and Threat Hunting System☆176Feb 20, 2026Updated last week
- Ludus range for the Constructing Defense Lab☆102Feb 23, 2026Updated last week
- SimpleCrypt is a powerful command-line tool designed for securely encrypting and decrypting files and directories using AES-256 encryptio…☆20Nov 10, 2025Updated 3 months ago
- A framework and taxonomy for identifying, classifying, and reasoning about detection logic bugs in SIEM, EDR, and XDR rules, with concret…☆42Feb 22, 2026Updated last week
- Nakamoto is a 2 layer encryption tool to protect your data and your cyptocurrency☆15Nov 13, 2025Updated 3 months ago
- M365/Azure adversary simulation tool that generates realistic attack telemetry to help blue teams improve their detection and response ca…☆323Oct 12, 2025Updated 4 months ago
- PowerShell tools to help defenders hunt smarter, hunt harder.☆473Oct 29, 2025Updated 4 months ago
- Logging tool intended for red team usage☆35Dec 5, 2025Updated 2 months ago
- ☆163Nov 19, 2025Updated 3 months ago
- IR drill plateform☆23Jul 29, 2025Updated 7 months ago