Alternatives and similar repositories for hassh

Users that are interested in hassh are comparing it to the libraries listed below

• salesforce / bro-sysmon

  View on GitHub
  How to Zeek Sysmon Logs!
  ☆103Feb 12, 2022Updated 4 years ago
• 0x4D31 / fatt

  View on GitHub
  FATT /fingerprintAllTheThings - a pyshark based script for extracting network metadata and fingerprints from pcap files and live network …
  ☆679Oct 28, 2023Updated 2 years ago
• salesforce / ja3

  View on GitHub
  JA3 is a standard for creating SSL client fingerprints in an easy to produce and shareable way.
  ☆3,065May 1, 2025Updated 9 months ago
• theparanoids / rdfp

  View on GitHub
  Remote Desktop Client Fingerprint script for Zeek. Based off of https://github.com/0x4D31/fatt
  ☆40Jun 20, 2023Updated 2 years ago
• salesforce / jarm

  View on GitHub
  ☆1,279Jul 13, 2023Updated 2 years ago
• tylabs / dovehawk

  View on GitHub
  Dovehawk is a Zeek module that automatically imports MISP indicators and reports Sightings
  ☆122Jul 12, 2021Updated 4 years ago
• 0x4D31 / hassh-utils

  View on GitHub
  hassh-utils: Nmap NSE Script and Docker image for HASSH - the SSH client/server fingerprinting method (https://github.com/salesforce/hass…
  ☆58Sep 16, 2024Updated last year
• activecm / rita-legacy

  View on GitHub
  Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis…
  ☆2,514Jan 12, 2026Updated last month
• mitre-attack / bzar

  View on GitHub
  A set of Zeek scripts to detect ATT&CK techniques.
  ☆620Jun 26, 2024Updated last year
• corelight / zeek-community-id

  View on GitHub
  Zeek support for Community ID flow hashing.
  ☆37Jul 11, 2023Updated 2 years ago
• micrictor / spl-spt

  View on GitHub
  Zeek plugin to generate data on per-packet sizes and intervals
  ☆14Apr 21, 2020Updated 5 years ago
• SpiderLabs / DoHC2

  View on GitHub
  DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2…
  ☆448Aug 7, 2020Updated 5 years ago
• 3c7 / infrastructure-tracking-schema

  View on GitHub
  ☆24Sep 28, 2022Updated 3 years ago
• OTRF / Security-Datasets

  View on GitHub
  Re-play Security Events
  ☆1,723Mar 20, 2024Updated last year
• corelight / got_zoom

  View on GitHub
  A Zeek package that detects Zoom logins and meeting joins
  ☆12Apr 15, 2020Updated 5 years ago
• stufus / reconerator

  View on GitHub
  C# Targeted Attack Reconnissance Tools
  ☆120Jan 11, 2021Updated 5 years ago
• teoseller / osquery-attck

  View on GitHub
  Mapping the MITRE ATT&CK Matrix with Osquery
  ☆808May 11, 2023Updated 2 years ago
• AMOSSYS / MemITM

  View on GitHub
  Tool to make in memory man in the middle
  ☆125Oct 8, 2018Updated 7 years ago
• xorrior / RemoteRecon

  View on GitHub
  Remote Recon and Collection
  ☆459Nov 23, 2017Updated 8 years ago
• outflanknl / RedELK

  View on GitHub
  Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term o…
  ☆2,617Dec 13, 2025Updated 2 months ago
• uber-common / metta

  View on GitHub
  An information security preparedness tool to do adversarial simulation.
  ☆1,142Apr 1, 2019Updated 6 years ago
• OTRF / ThreatHunter-Playbook

  View on GitHub
  A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more e…
  ☆4,475Jan 12, 2026Updated last month
• 0x4D31 / deception-as-detection

  View on GitHub
  Deception based detection techniques mapped to the MITRE’s ATT&CK framework
  ☆291Oct 28, 2017Updated 8 years ago
• jymcheong / AutoTTP

  View on GitHub
  Automated Tactics Techniques & Procedures
  ☆260May 26, 2023Updated 2 years ago
• NextronSystems / APTSimulator

  View on GitHub
  A toolset to make a system look as if it was the victim of an APT attack
  ☆2,710Sep 23, 2025Updated 4 months ago
• Te-k / harpoon

  View on GitHub
  CLI tool for open source and threat intelligence
  ☆1,255Feb 27, 2025Updated 11 months ago
• TKCERT / mail-security-tester

  View on GitHub
  A testing framework for mail security and filtering solutions.
  ☆245Jul 24, 2023Updated 2 years ago
• rapid7 / recog

  View on GitHub
  Pattern recognition for hosts, services, and content
  ☆757Jan 16, 2026Updated 3 weeks ago
• foospidy / HoneyPy

  View on GitHub
  A low to medium interaction honeypot.
  ☆473Mar 21, 2024Updated last year
• zeek / zeek-agent

  View on GitHub
  This project is no longer maintained. There's a successor at https://github.com/zeek/zeek-agent-v2
  ☆124Nov 19, 2020Updated 5 years ago
• bfuzzy / auditd-attack

  View on GitHub
  A Linux Auditd rule set mapped to MITRE's Attack Framework
  ☆822Jul 8, 2020Updated 5 years ago
• Cyb3rWard0g / HELK

  View on GitHub
  The Hunting ELK
  ☆3,913Jun 1, 2024Updated last year
• nccgroup / Cyber-Defence

  View on GitHub
  Information released publicly by NCC Group's Cyber Incident Response Team
  ☆475Dec 12, 2021Updated 4 years ago
• clong / DetectionLab

  View on GitHub
  Automate the creation of a lab environment complete with security tooling and logging best practices
  ☆4,901Jul 6, 2024Updated last year
• salesforce / GQUIC_Protocol_Analyzer

  View on GitHub
  GQUIC Protocol Analyzer for Zeek (Bro) Network Security Monitor
  ☆80Sep 13, 2023Updated 2 years ago
• target / strelka

  View on GitHub
  Real-time, container-based file scanning at enterprise scale
  ☆974Updated this week
• mvelazc0 / Oriana

  View on GitHub
  Oriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The…
  ☆177Jun 10, 2021Updated 4 years ago
• target / halogen

  View on GitHub
  Automatically create YARA rules from malicious documents.
  ☆212May 16, 2022Updated 3 years ago
• kudelskisecurity / scannerl

  View on GitHub
  The modular distributed fingerprinting engine
  ☆219Aug 6, 2018Updated 7 years ago