{"id":20895514,"url":"https://github.com/cryp7ic/open_source_security_tools","last_synced_at":"2025-05-12T23:32:01.846Z","repository":{"id":240688065,"uuid":"579448961","full_name":"heimdev/open_source_security_tools","owner":"heimdev","description":"A list of open source Cyber Security tools","archived":false,"fork":false,"pushed_at":"2022-12-17T18:28:52.000Z","size":6,"stargazers_count":2,"open_issues_count":0,"forks_count":2,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-12T19:33:38.699Z","etag":null,"topics":["blueteam","cybersecurity","defense","tools"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/heimdev.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-12-17T18:26:35.000Z","updated_at":"2023-11-03T12:29:33.000Z","dependencies_parsed_at":"2024-05-20T16:27:59.217Z","dependency_job_id":"3e0e98dd-63a2-4ada-9f89-12aa94e73abe","html_url":"https://github.com/heimdev/open_source_security_tools","commit_stats":null,"previous_names":["cryp7ic/open_source_security_tools","heimdev/open_source_security_tools"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/heimdev%2Fopen_source_security_tools","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/heimdev%2Fopen_source_security_tools/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/heimdev%2Fopen_source_security_tools/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/heimdev%2Fopen_source_security_tools/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/heimdev","download_url":"https://codeload.github.com/heimdev/open_source_security_tools/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253840708,"owners_count":21972527,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["blueteam","cybersecurity","defense","tools"],"created_at":"2024-11-18T10:29:12.074Z","updated_at":"2025-05-12T23:32:01.604Z","avatar_url":"https://github.com/heimdev.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# A List of Open Source Cyber Security Tools\n**Security monitoring, intrusion detection/prevention**\n\n- **[Suricata](https://suricata-ids.org/features/all-features/)** – intrusion detection system\n- **[Snort](https://www.snort.org/)** – intrusion detection system\n- **[Zeek](https://zeek.org/)** – network security monitoring\n- **[OSSEC](https://www.ossec.net/)** – host-based intrusion detection system\n- **[Wazuh](https://wazuh.com/)** – a more active fork of OSSEC\n- **[Velociraptor](https://www.velocidex.com/)** – endpoint visibility and response\n- **[OSSIM](https://github.com/ossimlabs/ossim)** – open source SIEM, at the core of AlienVault\n- **[SecurityOnion](https://securityonionsolutions.com/software/)** – security monitoring and log management\n- **[Elastic SIEM](https://www.elastic.co/siem)** – SIEM functionality by Elasticsearch\n- **[Mozdef](https://mozdef.readthedocs.io/en/latest/overview.html)** – SIEM-like layer ontop of\n   Elasticsearch\n- **[Sagan](https://github.com/quadrantsec/sagan)** – log analytics and correlation\n- **[Apache Metron](https://metron.apache.org/)** – (retired) network security monitoring, evolved from Cisco OpenSOC\n- **[Arkime](https://arkime.com/)** – packet capture and search tool (formerly Moloch)\n- **[PRADAS](https://github.com/gamelinux/prads/)** – real-time asset detection\n- **[BloodHound](https://github.com/BloodHoundAD/BloodHound)** – ActiveDirectory relationship detection\n\n**Threat intelligence**\n\n- **[MISP](https://www.misp-project.org/)** – threat intelligence platform\n- **[SpiderFoot](https://github.com/smicallef/spiderfoot)** – threat intelligence aggregation\n- **[OpenCTI](https://www.opencti.io/en/)** – threat intelligence platform\n- **[OpenDXL](https://www.opendxl.com/)** – open source tools for security intelligence sharing\n- **[Sigma](https://github.com/SigmaHQ/sigma)** – Generic Signature Format for SIEM Systems\n\n**Incident response**\n\n- **[StackStorm](https://stackstorm.com/)** – SOAR platform\n- **[CimSweep](https://github.com/PowerShellMafia/CimSweep)** – Windows incident response\n- **[GRR](https://github.com/google/grr)** – incident response and remote live forensics\n- **[TheHive](https://github.com/TheHive-Project/TheHive)** – incident response / SOAR platform\n- **[TheHive Cortex](https://github.com/TheHive-Project/Cortex)** – TheHive companion used for fast queriying\n- **[Shuffle](https://github.com/frikky/shuffle)** – open source SOAR platform\n- **[osquery](https://osquery.io/)** – real-time querying of endpoint data\n- **[Kansa](https://github.com/davehull/Kansa)**[ – PowerShell incident response](https://github.com/davehull/Kansa)\n\n**Vulnerability assessment**\n\n- **[OpenVAS](https://www.openvas.org/)** – very popular vulnerability assessment\n- **[ZAProxy](https://www.zaproxy.org/getting-started/)** – web vulnerability scanner by OWASP\n- **[WebScarab](https://github.com/OWASP/OWASP-WebScarab/)** – (obsolete) web vulnerability scanner by OWASP\n- **[w3af](https://w3af.org)** – web vulnerability scanner\n- **[Loki](https://github.com/Neo23x0/Loki)** – IoC scanner\n- **[CVE Search](https://www.cve-search.org/about/)** – set of tools for search in CVE data\n\n**Firewall**\n\n- **[pfsense](https://www.pfsense.org/)** – the most popular open source firewall\n- **[OPNSense](https://opnsense.org/)** – hardened BSD-based firewall\n- **[Smoothwall](https://www.smoothwall.com/)** – Linux-based Firewall\n\n**Antivirus / endpoint protection**\n\n- **[ClamAV](https://www.clamav.net/)** – open source antivirus angine\n- **[Armadito AV](https://www.armadito.com/)** – open source AV (retired)\n- **[YARA](https://virustotal.github.io/yara/)** – The pattern matching swiss knife for malware researchers\n\n**Email security**\n\n- **[Hermes Secure Email Gateway](https://github.com/deeztek/Hermes-Secure-Email-Gateway)** – an Ubuntu-based email gateway\n- **[Proxmox](https://www.proxmox.com/en/proxmox-mail-gateway)** – email gateway\n- **[MailScanner](https://www.mailscanner.info/)** – email security system\n- **[SpamAssassin](https://spamassassin.apache.org/)** – anti-spam platform\n- **[OrangeAssassin](https://github.com/SpamExperts/OrangeAssassin)** – drop-in replacement of SpamAssassin\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcryp7ic%2Fopen_source_security_tools","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcryp7ic%2Fopen_source_security_tools","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcryp7ic%2Fopen_source_security_tools/lists"}