Repositories list

• iocextract

  Public
  Defanged Indicator of Compromise (IOC) Extractor.

  ioclibraryosint+ 11base64decodingdfirmalware-researchthreat-sharingthreatintelyara+ 4

  Python

  •

  GNU General Public License v2.0

  •91•505•1•0•Updated Aug 28, 2024Aug 28, 2024

• awesome-yara

  Public
  A curated list of awesome YARA rules, tools, and people.

  awesomeawesome-listthreat-hunting+ 11malware-analysismalware-researchyaramalware-detectionyara-managerawesome-yaraioc+ 4

  Other

  •487•3.5k•0•1•Updated Aug 22, 2024Aug 22, 2024

• ThreatKB

  Public
  Knowledge base workflow management for YARA rules and C2 artifacts (IP, DNS, SSL) (ALPHA STATE AT THE MOMENT)

  malware-researchyarayara-rules+ 2yara-manageryara-signatures

  JavaScript

  •

  GNU General Public License v2.0

  •18•96•38•2•Updated May 31, 2024May 31, 2024

• omnibus

  Public
  The OSINT Omnibus (beta release)

  pythonsecurityosint+ 3iocssecurity-automationthreat-intelligence

  Python

  •

  MIT License

  •71•326•18•5•Updated May 20, 2024May 20, 2024

• yara-rules-vt

  Public
  Collection of YARA rules designed for usage through VirusTotal.com.

  YARA

  •

  MIT License

  •7•65•3•2•Updated Apr 4, 2024Apr 4, 2024

• malware-samples

  Public
  A collection of malware samples and relevant dissection information, most probably referenced from http://blog.inquest.net

  malwaremalware-analysismalware-research+ 1malware-samples

  ActionScript

  •

  MIT License

  •191•885•0•0•Updated Mar 26, 2024Mar 26, 2024

• bincapz

  Public
  enumerate binary capabilities, including malicious behaviors

  YARA

  •

  Apache License 2.0

  •29•1•0•0•Updated Mar 20, 2024Mar 20, 2024

• ThreatIngestor

  Public
  Extract and aggregate threat intelligence.

  iocosintdfir+ 15threat-huntingmalware-researchmispthreat-sharingthreatintelyarathreat-analysis+ 8

  Python

  •

  GNU General Public License v2.0

  •135•830•15•0•Updated Jan 31, 2024Jan 31, 2024

• sandboxapi

  Public
  Minimal, consistent Python API for building integrations with malware sandboxes.

  pythonlibrarysandbox+ 3api-clientmalware-analysisautomated-analysis

  Python

  •

  GNU General Public License v2.0

  •40•137•0•0•Updated Jan 31, 2024Jan 31, 2024

• yaradbg-backend

  Public
  Python

  •

  Apache License 2.0

  •9•1•0•0•Updated Jan 8, 2024Jan 8, 2024

• yaradbg-frontend

  Public
  JavaScript

  •

  Apache License 2.0

  •9•0•0•0•Updated Jan 8, 2024Jan 8, 2024

• microsoft-office-macro-clustering

  Public
  Jupyter Notebook

  •

  MIT License

  •5•17•0•2•Updated Nov 7, 2023Nov 7, 2023

• python-inquestlabs

  Public
  A Pythonic interface and command line tool for interacting with the InQuest Labs API.

  Python

  •

  GNU General Public License v2.0

  •7•34•0•0•Updated Sep 18, 2023Sep 18, 2023

• RFIQ-Card

  Public
  Recorded Future InQuest Labs Integration

  Python

  •

  MIT License

  •2•1•0•0•Updated Sep 14, 2023Sep 14, 2023

• python-threatkb

  Public
  Python library and command-line tool for InQuest ThreatKB. (pre-release)

  Python

  •

  GNU General Public License v2.0

  •1•2•0•0•Updated Aug 17, 2023Aug 17, 2023

• iqui-ngx

  Public
  Angular CDK based, Bootstrap styled components library

  TypeScript

  •

  MIT License

  •0•2•0•16•Updated Jul 11, 2023Jul 11, 2023

• iq-cli

  Public
  InQuest Platform v3 CLI and Python Library

  Python

  •

  GNU Lesser General Public License v2.1

  •0•0•3•0•Updated Jun 29, 2023Jun 29, 2023

• PackMyPayload

  Public
  A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file formats. Supports: ZIP, 7zip, PDF, ISO, IMG, CAB, VHD, VHDX

  Python

  •

  MIT License

  •135•3•0•0•Updated May 24, 2023May 24, 2023

• ransomware_notes

  Public
  An archive of ransomware notes past and present

  HTML

  •

  MIT License

  •46•1•0•0•Updated May 22, 2023May 22, 2023

• cyberchef-recipes

  Public
  A list of cyber-chef recipes and curated links

  256•0•0•0•Updated Nov 6, 2022Nov 6, 2022

• malwoverview

  Public
  Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, ThreatFox, Triage, InQuest and it is able to scan Android devices against VT.

  Python

  •

  GNU General Public License v3.0

  •445•0•0•0•Updated Oct 31, 2022Oct 31, 2022

• chepy

  Public
  Chepy is a python lib/cli equivalent of the awesome CyberChef tool.

  Python

  •

  GNU General Public License v3.0

  •54•0•0•0•Updated Aug 20, 2022Aug 20, 2022

• restringer

  Public
  A Javascript Deobfuscator

  JavaScript

  •

  MIT License

  •36•0•0•0•Updated Jul 28, 2022Jul 28, 2022

• binlex

  Public
  A Binary Genetic Traits Lexer Framework

  C++

  •

  The Unlicense

  •45•0•0•0•Updated May 25, 2022May 25, 2022

• MalwareSourceCode

  Public
  Collection of malware source code for a variety of platforms in an array of different programming languages.

  Assembly

  •1.8k•1•0•0•Updated May 23, 2022May 23, 2022

• yara-rules

  Public
  A collection of YARA rules we wish to share with the world, most probably referenced from http://blog.inquest.net.

  threat-huntingyarayara-rules+ 1yara-signatures

  Python

  •

  MIT License

  •55•363•1•0•Updated May 11, 2022May 11, 2022

• malware_lure

  Public
  Collection of Malware Lures

  10•2•0•0•Updated Oct 8, 2021Oct 8, 2021

• inquest-labs-community-rules

  Public
  This repository houses a collection of community submitted YARA rules that run atop of labs.inquest.net

  MIT License

  •1•0•0•0•Updated May 28, 2021May 28, 2021

• pigasus

  Public
  100Gbps Intrusion Detection and Prevention System

  C++

  •76•1•0•0•Updated Nov 6, 2020Nov 6, 2020

• bddisasm

  Public
  bddisasm is a fast, lightweight, x86/x64 instruction decoder. The project also features a fast, basic, x86/x64 instruction emulator, designed specifically to detect shellcode-like behavior.

  C

  •

  Apache License 2.0

  •115•1•0•0•Updated Nov 6, 2020Nov 6, 2020