kraven-security/python-threat-hunting-tools external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

kraven-security/python-threat-hunting-tools

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/kraven-security/python-threat-hunting-tools)

Close

kraven-security / python-threat-hunting-toolsView on GitHubMore

• External links
• Readme badge

This repository contains various threat hunting tools written in Python and is documented in the series Python Threat Hunting Tools which can be found at Kraven Security - Python Threat Hunting Tools. Feel free to use, expand, and adapt these tools as you learn how to create your own tools to hunt for threats!

☆19Nov 16, 2023Updated 2 years ago

Alternatives and similar repositories for python-threat-hunting-tools

Users that are interested in python-threat-hunting-tools are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• kraven-security / hunting-packages

  View on GitHub
  A project designed to make the operationalization of open-source cyber threat intelligence more efficient.
  ☆18May 13, 2026Updated last week
• Velocidex / velociraptor-sigma-rules

  View on GitHub
  A Compiler from Sigma rules to VQL
  ☆19May 18, 2026Updated last week
• joeavanzato / ThreatSim

  View on GitHub
  Threat Simulator for Enterprise Networks
  ☆14May 14, 2022Updated 4 years ago
• wahlflo / fakedns

  View on GitHub
  A fake DNS server for malware analysis written in Python3
  ☆10Aug 14, 2022Updated 3 years ago
• Bugs-B0unt3r / google-sheets-hunting-bad-domains

  View on GitHub
  This project provides a set of Google Apps Scripts designed to help you identify and analyze potentially malicious domains directly from …
  ☆14Sep 4, 2024Updated last year
• Serverless GPU API endpoints on Runpod - Get Bonus Credits • Ad
  Skip the infrastructure headaches. Auto-scaling, pay-as-you-go, no-ops approach lets you focus on innovating your application.
• ail-project / ail-training

  View on GitHub
  AIL project training materials
  ☆39Apr 21, 2026Updated last month
• bluecapesecurity / drivefs_forensic_extractor

  View on GitHub
  Forensic tool for extracting and analyzing Google DriveFS cached files and metadata.
  ☆20May 9, 2025Updated last year
• fishermavis / BSOD_bitlocker_recover

  View on GitHub
  Python script for carving Bitlocker VMK keys
  ☆26Feb 4, 2026Updated 3 months ago
• theleetsec / LeetSec-Tools

  View on GitHub
  Automated, aggressive reconnaissance engine for Bug Bounty Hunting and Red Teaming. Features hardware auto-scaling, smart recursion, and …
  ☆20Dec 18, 2025Updated 5 months ago
• Permiso-io-tools / DetentionDodger

  View on GitHub
  ☆19Jan 31, 2025Updated last year
• timip / splunk

  View on GitHub
  Splunk Stuffs!
  ☆14Oct 14, 2023Updated 2 years ago
• filescanio / fsCommunity

  View on GitHub
  Collection of scripts / samples / snippits around the community service at www.filescan.io
  ☆19Nov 6, 2025Updated 6 months ago
• MISP / PyMISPWarningLists

  View on GitHub
  Pythonic way to work with the warning lists defined there: https://github.com/MISP/misp-warninglists
  ☆36May 11, 2026Updated 2 weeks ago
• Ls4ss / ThreatTrack

  View on GitHub
  ThreatTrack | Shodan + ExploitDB + GitHub + NVD
  ☆17Jul 16, 2024Updated last year
• AI Agents on DigitalOcean Gradient AI Platform • Ad
  Build production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
• tsale / Threat-Intelligence-Playbooks

  View on GitHub
  High-level Threat Intelligence playbooks
  ☆21Mar 6, 2021Updated 5 years ago
• intelligentcyber / DarkWeb

  View on GitHub
  Dark web related material
  ☆28May 19, 2025Updated last year
• poorting / nfdump2clickhouse

  View on GitHub
  service to convert nfcapd files clickhouse as they are created
  ☆10Mar 22, 2025Updated last year
• dfirvault / Thor-scanner-menu

  View on GitHub
  Menu for Thor scanner lite
  ☆20Oct 24, 2025Updated 7 months ago
• Cluster25 / detection

  View on GitHub
  Threat Detection Rules (Snort/Sigma/Yara)
  ☆14Jan 23, 2024Updated 2 years ago
• mwiens91 / twitch-game-notify

  View on GitHub
  Get notified when your favourite Twitch streamers stream your favourite categories
  ☆15Jan 24, 2022Updated 4 years ago
• center-for-threat-informed-defense / summiting-the-pyramid

  View on GitHub
  Summiting the Pyramid is a research project focused on engineering cyber analytics to make adversary evasion more difficult. The research…
  ☆61Mar 2, 2026Updated 2 months ago
• m3047 / shodohflo

  View on GitHub
  Pure Python netflow and DNS correlation, with reusable Frame Streams, DnsTap and Protobuf implementations
  ☆17Aug 30, 2025Updated 8 months ago
• pbscybsec / Threat-Intelligence

  View on GitHub
  ☆14Sep 28, 2023Updated 2 years ago
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
• openrelik / openrelik-deploy

  View on GitHub
  Tools and scripts to deploy and manage OpenRelik instances
  ☆16Mar 23, 2026Updated 2 months ago
• cudeso / misp2defender

  View on GitHub
  MISP to Microsoft Defender integration
  ☆17Feb 24, 2026Updated 3 months ago
• ImpostorKeanu / eavesarp-ng

  View on GitHub
  ☆47Jun 1, 2025Updated 11 months ago
• SkillAegis / SkillAegis

  View on GitHub
  SkillAegis is a platform to design, run, and monitor exercise scenarios, enhancing skills in applications like MISP and training users in…
  ☆37Oct 21, 2025Updated 7 months ago
• davidalonsod / Dalonso-Security-Repo

  View on GitHub
  Share Information about Microsoft Security Products
  ☆91Updated this week
• farsightsec / dnsdbflex

  View on GitHub
  command line tool to use the DNSDB Flexible Search API extensions.
  ☆16Aug 5, 2024Updated last year
• gertjanbruggink / presentations

  View on GitHub
  This directory contains presentations and related materials of my speaking engagements. I also use this to record historical presentation…
  ☆17Feb 13, 2025Updated last year
• ditekshen / is-wos

  View on GitHub
  Information Stealers Wall of Sheep (IS-WOS)
  ☆11Nov 13, 2020Updated 5 years ago
• aruba / pyedgeconnect

  View on GitHub
  Python wrapper for Aruba Orchestrator and Edge Connect API
  ☆18Dec 17, 2025Updated 5 months ago
• Managed Kubernetes at scale on DigitalOcean • Ad
  DigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
• MHaggis / ClickGrab

  View on GitHub
  Finding ClickFix and FakeCAPTCHA like it's 1999
  ☆136May 19, 2026Updated last week
• pwnfuzz / byovd-watchdog

  View on GitHub
  Identifies LOLDrivers that are not blocked by the active HVCI policy — ideal for BYOVD scenarios.
  ☆36Updated this week
• tsale / EDR-Telemetry-Website

  View on GitHub
  ☆74May 15, 2026Updated last week
• CyberMonitor / Invoke-Adversary

  View on GitHub
  Simulating Adversary Operations
  ☆98Apr 13, 2018Updated 8 years ago
• miguelmota / wos

  View on GitHub
  Monitor traffic for unencrypted data and display a dashboard.
  ☆15Aug 31, 2017Updated 8 years ago
• james-fray / download-virus-check

  View on GitHub
  automatically check all downloads against 68 anti-virus solutions (through VirusTotal API)
  ☆20Jul 19, 2021Updated 4 years ago
• infobloxopen / threat-intelligence

  View on GitHub
  ☆122May 14, 2026Updated last week