Alternatives and similar repositories for sandfly-entropyscan

Users that are interested in sandfly-entropyscan are comparing it to the libraries listed below

• sandflysecurity / sandfly-processdecloak

  View on GitHub
  Sandfly Linux Stealth Rootkit Decloaking Utility
  ☆108Jan 19, 2023Updated 3 years ago
• sandflysecurity / sandfly-setup

  View on GitHub
  Sandfly Security Agentless Compromise and Intrusion Detection System For Linux
  ☆88Jan 21, 2026Updated 3 weeks ago
• sandflysecurity / sandfly-file-decloak

  View on GitHub
  Decloak Linux stealth rootkits hiding data with this simple memory mapped IO investigation tool.
  ☆29Sep 29, 2025Updated 4 months ago
• jstnk9 / ETW-Almulahaza

  View on GitHub
  ETW-Almulahaza is a consumer python-based tool that help you monitor ETW events of the operating system
  ☆13Jun 24, 2022Updated 3 years ago
• georgi-i / winevt_logs_analysis

  View on GitHub
  Searching .evtx logs for remote connections
  ☆24Jul 6, 2023Updated 2 years ago
• kacos2000 / Evtx_Log_Browser

  View on GitHub
  Evtx Log (xml) Browser
  ☆56Mar 12, 2023Updated 2 years ago
• cado-security / MalwareAnalysis

  View on GitHub
  MalwareAnalysis
  ☆12Dec 19, 2020Updated 5 years ago
• splunk / ShellSweep

  View on GitHub
  ShellSweeping the evil.
  ☆181Nov 25, 2024Updated last year
• LETHAL-FORENSICS / Collect-MemoryDump

  View on GitHub
  Collect-MemoryDump - Automated Creation of Windows Memory Snapshots for DFIR
  ☆252Oct 29, 2025Updated 3 months ago
• RomaissaAdjailia / Get-AppLockerEventlog

  View on GitHub
  This is a repo for fetching Applocker event log by parsing the win-event log
  ☆31Aug 6, 2022Updated 3 years ago
• knight0x07 / OneNoteAnalyzer

  View on GitHub
  A C# based tool for analysing malicious OneNote documents
  ☆118Apr 4, 2023Updated 2 years ago
• reprise99 / 4688-sysmon

  View on GitHub
  ☆61Jun 24, 2023Updated 2 years ago
• ancat / egrets

  View on GitHub
  egrets monitors egress
  ☆46Apr 12, 2020Updated 5 years ago
• wagga40 / Zircolite

  View on GitHub
  A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs
  ☆780Updated this week
• certsocietegenerale / rAIdline

  View on GitHub
  IR drill plateform
  ☆23Jul 29, 2025Updated 6 months ago
• montysecurity / InfraSpyder

  View on GitHub
  Automatically spider the result set of a Censys/Shodan search and download all files where the file name or folder path matches a regex.
  ☆28Apr 22, 2023Updated 2 years ago
• CiscoCXSecurity / presentations

  View on GitHub
  Presentations from the CX Security Labs team
  ☆35Jul 24, 2025Updated 6 months ago
• lucky-luk3 / Grafiki

  View on GitHub
  Threat Hunting tool about Sysmon and graphs
  ☆336May 28, 2023Updated 2 years ago
• mbabinski / Sigma-Rules

  View on GitHub
  A repository of my own Sigma detection rules.
  ☆163Nov 25, 2025Updated 2 months ago
• alex-cart / LEAF

  View on GitHub
  Linux Evidence Acquisition Framework
  ☆119Sep 30, 2024Updated last year
• cado-security / rip_raw

  View on GitHub
  Rip Raw is a small tool to analyse the memory of compromised Linux systems.
  ☆134Jan 31, 2022Updated 4 years ago
• AndrewRathbun / DFIRArtifactMuseum

  View on GitHub
  The goal of this repo is to archive artifacts from all versions of various OS's and categorizing them by type. This will help with artifa…
  ☆645Nov 7, 2025Updated 3 months ago
• TakahiroHaruyama / SpiMitm

  View on GitHub
  SPI flash read MitM attack PoC
  ☆40May 24, 2022Updated 3 years ago
• SecurityRiskAdvisors / RedTeamSIEM

  View on GitHub
  Repository of resources for configuring a Red Team SIEM using Elastic
  ☆101Jul 10, 2018Updated 7 years ago
• Yamato-Security / EnableWindowsLogSettings

  View on GitHub
  Documentation and scripts to properly enable Windows event logs.
  ☆671Oct 3, 2025Updated 4 months ago
• ashemery / LinuxForensics

  View on GitHub
  Everything related to Linux Forensics
  ☆719Jul 13, 2023Updated 2 years ago
• EmergingThreats / IDSDeathBlossom

  View on GitHub
  IDS Utility Belt For Automating/Testing Various Things
  ☆30Oct 14, 2020Updated 5 years ago
• forensiclunch / ETLParser

  View on GitHub
  Binary commandline executable to parse ETL files
  ☆69Jun 7, 2018Updated 7 years ago
• jamf / aftermath

  View on GitHub
  Aftermath is a free macOS IR framework
  ☆569Sep 25, 2025Updated 4 months ago
• CERT-Polska / drakvuf-sandbox

  View on GitHub
  DRAKVUF Sandbox - automated hypervisor-level malware analysis system
  ☆1,263Updated this week
• WithSecureLabs / LinuxCatScale

  View on GitHub
  Incident Response collection and processing scripts with automated reporting scripts
  ☆319Jun 25, 2024Updated last year
• sandflysecurity / sandfly-ssh-security-scanner

  View on GitHub
  Scripts to check for security issues with SSH keys and authorized_keys files on Linux and other Unix-like operating systems.
  ☆23Sep 29, 2025Updated 4 months ago
• certego / PcapMonkey

  View on GitHub
  PcapMonkey will provide an easy way to analyze pcap using the latest version of Suricata and Zeek.
  ☆163Mar 27, 2025Updated 10 months ago
• NVISOsecurity / evtx-hunter

  View on GitHub
  evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.
  ☆158Nov 30, 2021Updated 4 years ago
• forensicmatt / PancakeViewer

  View on GitHub
  A DFVFS Backed Forensic Viewer
  ☆42Apr 13, 2020Updated 5 years ago
• fkie-cad / amides

  View on GitHub
  An Adaptive Misuse Detection System
  ☆46Nov 4, 2024Updated last year
• microsoft / MSTIC-Sysmon

  View on GitHub
  Anything Sysmon related from the MSTIC R&D team
  ☆156Jun 8, 2024Updated last year
• DBHeise / VM_Setup

  View on GitHub
  A collection of scripts to initialize a windows VM to run all the malwares!
  ☆107Apr 3, 2020Updated 5 years ago
• darksh3llRU / dark-doh

  View on GitHub
  ☆19Dec 12, 2023Updated 2 years ago