This repository contains various threat hunting tools written in Python and is documented in the series Python Threat Hunting Tools which can be found at Kraven Security - Python Threat Hunting Tools. Feel free to use, expand, and adapt these tools as you learn how to create your own tools to hunt for threats!
☆18Nov 16, 2023Updated 2 years ago
Alternatives and similar repositories for python-threat-hunting-tools
Users that are interested in python-threat-hunting-tools are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- A project designed to make the operationalization of open-source cyber threat intelligence more efficient.☆17Updated this week
- Threat Simulator for Enterprise Networks☆14May 14, 2022Updated 3 years ago
- AIL project training materials☆39Feb 24, 2026Updated last month
- Pythonic way to work with the warning lists defined there: https://github.com/MISP/misp-warninglists☆35Jan 8, 2026Updated 2 months ago
- Forensic tool for extracting and analyzing Google DriveFS cached files and metadata.☆20May 9, 2025Updated 10 months ago
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click and start building anything your business needs.
- Python script for carving Bitlocker VMK keys☆26Feb 4, 2026Updated last month
- ☆19Jan 31, 2025Updated last year
- Collection of scripts / samples / snippits around the community service at www.filescan.io☆17Nov 6, 2025Updated 4 months ago
- High-level Threat Intelligence playbooks☆20Mar 6, 2021Updated 5 years ago
- ThreatTrack | Shodan + ExploitDB + GitHub + NVD☆17Jul 16, 2024Updated last year
- service to convert nfcapd files clickhouse as they are created☆10Mar 22, 2025Updated last year
- Share Information about Microsoft Security Products☆47Mar 18, 2026Updated last week
- Menu for Thor scanner lite☆20Oct 24, 2025Updated 5 months ago
- Block ads and malicious domains with response policy zones☆12Jun 10, 2020Updated 5 years ago
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- Threat Detection Rules (Snort/Sigma/Yara)☆14Jan 23, 2024Updated 2 years ago
- Summiting the Pyramid is a research project focused on engineering cyber analytics to make adversary evasion more difficult. The research…☆57Mar 2, 2026Updated 3 weeks ago
- Pure Python netflow and DNS correlation, with reusable Frame Streams, DnsTap and Protobuf implementations☆17Aug 30, 2025Updated 6 months ago
- ☆14Sep 28, 2023Updated 2 years ago
- ☆44Jun 1, 2025Updated 9 months ago
- An ultra lightweight web screenshot tool with advanced DOM analysis features.☆41Dec 2, 2025Updated 3 months ago
- MISP to Microsoft Defender integration☆17Feb 24, 2026Updated last month
- Tools and scripts to deploy and manage OpenRelik instances☆16Mar 3, 2026Updated 3 weeks ago
- SkillAegis is a platform to design, run, and monitor exercise scenarios, enhancing skills in applications like MISP and training users in…☆35Oct 21, 2025Updated 5 months ago
- DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- Finding ClickFix and FakeCAPTCHA like it's 1999☆129Mar 14, 2026Updated last week
- This directory contains presentations and related materials of my speaking engagements. I also use this to record historical presentation…☆17Feb 13, 2025Updated last year
- A javascript library to convert Outlook *.msg files to *.eml☆11Jun 27, 2024Updated last year
- Identifies LOLDrivers that are not blocked by the active HVCI policy — ideal for BYOVD scenarios.☆34Feb 1, 2026Updated last month
- ☆74Feb 16, 2026Updated last month
- Random Powershell scripts☆13Feb 13, 2024Updated 2 years ago
- Simulating Adversary Operations☆98Apr 13, 2018Updated 7 years ago
- ☆21Jan 20, 2026Updated 2 months ago
- ☆114Updated this week
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- Interface LLMs from within MISP to extract TTPs and threat intel from CTI reports☆18Nov 13, 2023Updated 2 years ago
- Retrieves stats from the Comcast XB8 and Arris S33/SB8200 cable modem and sends to InfluxDB☆15Apr 20, 2025Updated 11 months ago
- A curated list of awesome threat detection and hunting resources☆10Mar 23, 2018Updated 8 years ago
- ☆16May 15, 2025Updated 10 months ago
- The CAPTCHA-resilient contact scraper.☆48Nov 18, 2025Updated 4 months ago
- Hunting IOCs all day every day...☆88Sep 26, 2023Updated 2 years ago
- AT-AT (Attack Tree Analysis Tool) is a application that allows users to develop and analyze attack trees. The overall goal is to automati…☆29Aug 17, 2022Updated 3 years ago