{"id":20014990,"url":"https://github.com/ethack/tht","last_synced_at":"2025-05-04T22:31:24.513Z","repository":{"id":38422749,"uuid":"348578872","full_name":"ethack/tht","owner":"ethack","description":"Threat Hunting Toolkit is a Swiss Army knife for threat hunting, log processing, and security-focused data science","archived":false,"fork":false,"pushed_at":"2025-05-01T01:07:23.000Z","size":5612,"stargazers_count":137,"open_issues_count":1,"forks_count":18,"subscribers_count":9,"default_branch":"main","last_synced_at":"2025-05-01T02:23:40.204Z","etag":null,"topics":["docker","threat-hunting","zeek"],"latest_commit_sha":null,"homepage":"https://ethack.github.io/tht/","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ethack.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2021-03-17T04:27:55.000Z","updated_at":"2025-05-01T01:07:26.000Z","dependencies_parsed_at":"2023-02-10T02:31:19.824Z","dependency_job_id":"d7b653a7-8426-4965-9a5d-890a9f551dfb","html_url":"https://github.com/ethack/tht","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ethack%2Ftht","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ethack%2Ftht/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ethack%2Ftht/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ethack%2Ftht/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ethack","download_url":"https://codeload.github.com/ethack/tht/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252408207,"owners_count":21743074,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["docker","threat-hunting","zeek"],"created_at":"2024-11-13T07:44:24.606Z","updated_at":"2025-05-04T22:31:24.155Z","avatar_url":"https://github.com/ethack.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003ch1 align=\"center\"\u003e\n  Threat Hunting Toolkit\n\u003c/h1\u003e\n\n\u003ch4 align=\"center\"\u003e\n\n[GitHub][github-url] |\n[DockerHub][docker-url] |\n[Docs][docs-url]\n\n[![Docker Image Size][docker-size-badge]][docker-url]\n[![Docker Pull Count][docker-pulls-badge]][docker-url]\n[![MIT license][mit-badge]](#license)\n\n\u003c/h4\u003e\n\nThe Threat Hunting Toolkit (\u003cspan title=\"Think Happy Thoughts  (⌒‿⌒)\"\u003eTHT\u003c/span\u003e) is a Swiss Army knife for threat hunting, log processing, and security-focused data science. It incorporates many CLI tools into one place for ease of deployment and includes wrappers and convenience features for ease of use. It comes packaged as a Docker image that can be deployed with a single command. Spend less time struggling with installation, configuration, or environment differences, and more on filtering, slicing, and data stacking.\n\n## Features\n\n🧰 **Easy to Install**\n\n- Small - Keep download size under 300 MB.\n- Portable - Works across a variety of systems thanks to Docker.\n\n📖 **Fast to Learn**\n\n- Consistent - Get the same configuration on every system, which means a familiar environment everywhere.\n- Format Agnostic - Avoid swapping between similar tools with annoying syntax variations for different formats including Zeek, CSV, TSV, and JSON.\n- Remove Boilerplate - Remove the boilerplate for common use cases with the included scripts, functions, and aliases.\n- Documented - There are [cheatsheets][cheat-url] and [documentation][docs-url] available to get started right away.\n\n🚀 **Fast to Run**\n\n- Optimized - Everything is benchmarked to find the fastest methods when there are several options.\n- Parallel - Many of the components take advantage of multiple CPU cores to process data in parallel.\n\n## Usage\n\nThe recommended method is to use the `tht` wrapper script included in the repo.\n\n**Install**\n```bash\nsudo curl -o /usr/local/bin/tht https://raw.githubusercontent.com/ethack/tht/main/tht \u0026\u0026 sudo chmod +x /usr/local/bin/tht\n```\n\n**Run**\n```bash\ntht\n```\n\n**Update**\n```bash\ntht update\n```\n\n\u003cdetails\u003e\n\u003csummary\u003eYou can also start THT with a docker command.\u003c/summary\u003e\n\n**From DockerHub**\n```bash\ndocker run \\\n    --rm -it \\\n    -h $(hostname) \\\n    --init \\\n    --pid host \\\n    -v /etc/localtime:/etc/localtime \\\n    -v /:/host \\\n    -w \"/host/$(pwd)\" \\\n    ethack/tht\n```\n\n**From GitHub Container Registry**\n```bash\ndocker run \\\n    --rm -it \\\n    -h $(hostname) \\\n    --init \\\n    --pid host \\\n    -v /etc/localtime:/etc/localtime \\\n    -v /:/host \\\n    -w \"/host/$(pwd)\" \\\n    ghcr.io/ethack/tht\n```\n\n\u003c/details\u003e\n\nHowever, you will lose all the convenience features the `tht` wrapper script provides.\n\nIf you'd like to build the image or documentation manually, see [here](https://ethack.github.io/tht/development/).\n\n## Documentation\n\nFor the current documentation, see [here](https://ethack.github.io/tht/).\n\nThese pages are good place to get the lay of the land:\n- [List of tools included in THT](https://ethack.github.io/tht/#/reference/)\n- [Cheatsheets covering common cases](https://ethack.github.io/tht/#/cheatsheets/)\n  - You can also access these from inside THT by running `cheat` or by pressing the `ctrl-g` keyboard shortcut.\n  - You'll get a random tip from these cheatsheets every time you start THT.\n\n## License\n\nThe source code in this project is licensed under the [MIT license](LICENSE).\n\nThe [documentation](docs/content/) is licensed under the [CC BY-NC-SA 4.0 license][cc-url]. \n\n\n[github-url]: https://github.com/ethack/tht\n[docker-url]: https://hub.docker.com/r/ethack/tht\n[docs-url]: https://ethack.github.io/tht/\n[cheat-url]: https://github.com/ethack/tht/tree/main/cheatsheets\n\n\u003c!-- [![GitHub][github-badge]][github-url] --\u003e\n\u003c!-- [![DockerHub][docker-badge]][docker-url] --\u003e\n\u003c!-- [![Documentation][docs-badge]][docs-url] --\u003e\n\u003c!-- [github-badge]: https://img.shields.io/badge/--181717?style=flat\u0026logo=github\u0026logoColor=white --\u003e\n\u003c!-- [docker-badge]: https://img.shields.io/badge/--white?style=flat\u0026logo=docker --\u003e\n\u003c!-- [docs-badge]: https://img.shields.io/badge/--EEEEEE?style=flat\u0026logo=readthedocs --\u003e\n\u003c!-- [github-badge]: https://badgen.net/badge/icon/GitHub?icon=github\u0026label\u0026color=black --\u003e\n\u003c!-- [docker-badge]: https://badgen.net/badge/icon/DockerHub?icon=docker\u0026label\u0026color=blue --\u003e\n\u003c!-- [docs-badge]: https://badgen.net/badge/icon/Docs?icon=terminal\u0026label\u0026color=green --\u003e\n\n[docker-size-badge]: https://badgen.net/docker/size/ethack/tht\n[docker-pulls-badge]: https://badgen.net/docker/pulls/ethack/tht\n\u003c!-- [docker-size-badge]: https://img.shields.io/docker/image-size/ethack/tht?sort=date --\u003e\n\u003c!-- [docker-pulls-badge]: https://img.shields.io/docker/pulls/ethack/tht?label=pulls --\u003e\n\n[mit-badge]: https://badgen.net/badge/license/MIT/green\n\u003c!--[![CC BY-NC-SA 4.0 license][cc-badge]][cc-url]--\u003e\n\u003c!-- [cc-badge]: https://licensebuttons.net/l/by-nc-sa/4.0/80x15.png --\u003e\n[cc-url]: https://creativecommons.org/licenses/by-nc-sa/4.0/\n\u003c!-- [mit-badge]: https://img.shields.io/badge/License-MIT-blue.svg --\u003e\n\u003c!-- [cc-badge]: https://licensebuttons.net/l/by-nc-sa/4.0/88x31.png --\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fethack%2Ftht","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fethack%2Ftht","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fethack%2Ftht/lists"}