https://github.com/brandonhimpfen/awesome-threat-intelligence
A curated list of high-quality threat intelligence resources, feeds, platforms, and tools to help detect, analyze, and respond to cybersecurity threats.
https://github.com/brandonhimpfen/awesome-threat-intelligence
List: awesome-threat-intelligence
awesome awesome-list awesome-lists cybersecurity security threat-intelligence
Last synced: about 2 months ago
JSON representation
A curated list of high-quality threat intelligence resources, feeds, platforms, and tools to help detect, analyze, and respond to cybersecurity threats.
- Host: GitHub
- URL: https://github.com/brandonhimpfen/awesome-threat-intelligence
- Owner: brandonhimpfen
- Created: 2025-06-29T01:38:22.000Z (about 1 year ago)
- Default Branch: main
- Last Pushed: 2026-03-23T13:38:37.000Z (3 months ago)
- Last Synced: 2026-04-15T23:37:40.736Z (2 months ago)
- Topics: awesome, awesome-list, awesome-lists, cybersecurity, security, threat-intelligence
- Language: Python
- Homepage: https://lnktr.net/awesome
- Size: 23.4 KB
- Stars: 7
- Watchers: 0
- Forks: 4
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- Code of conduct: CODE_OF_CONDUCT.md
Awesome Lists containing this project
- awesome-api-security - Awesome Threat Intelligence
- awesome-lists - Awesome Threat Intelligence
- ultimate-awesome - awesome-threat-intelligence - A curated list of high-quality threat intelligence resources, feeds, platforms, and tools to help detect, analyze, and respond to cybersecurity threats. (Other Lists / TeX Lists)
README
# Awesome Threat Intelligence [](https://github.com/awesomelistsio/awesome)
[](https://doi.org/10.5281/zenodo.19682080)
[](https://github.com/sponsors/brandonhimpfen)
[](https://buymeacoffee.com/brandonhimpfen)
[](https://ko-fi.com/brandonhimpfen)
[](https://paypal.me/brandonhimpfen)
📌 This repository is archived with Zenodo and can be cited using the DOI above.
> A curated list of high-quality threat intelligence resources, feeds, platforms, and tools to help detect, analyze, and respond to cybersecurity threats.
Threat intelligence (TI) involves collecting and analyzing information about current and emerging threats to support decision-making and defense strategies. This list is intended for cybersecurity professionals, analysts, researchers, and defenders.
_Support ongoing maintenance and curation via [GitHub Sponsors](https://github.com/sponsors/brandonhimpfen)._
## Contents
- [Learning Resources](#learning-resources)
- [Threat Intelligence Feeds](#threat-intelligence-feeds)
- [Open Source Platforms & Frameworks](#open-source-platforms--frameworks)
- [Indicators of Compromise (IOCs)](#indicators-of-compromise-iocs)
- [Malware & Threat Analysis](#malware--threat-analysis)
- [Threat Reports & Dashboards](#threat-reports--dashboards)
- [APIs & Datasets](#apis--datasets)
- [Communities & Sharing](#communities--sharing)
- [Related Awesome Lists](#related-awesome-lists)
## Learning Resources
- [MITRE ATT&CK](https://attack.mitre.org/) – A knowledge base of adversary tactics and techniques based on real-world observations.
- [The DFIR Report](https://thedfirreport.com/) – Real-world intrusion analysis and incident reports.
- [Cyber Threat Intelligence Guide (SANS)](https://www.sans.org/white-papers/36697/) – Foundations of threat intelligence practices.
- [Threat Intelligence Handbook (Recorded Future)](https://go.recordedfuture.com/hubfs/reports/handbook/cta-2020-threat-intelligence-handbook.pdf) – Practical guide to threat intelligence use cases.
## Threat Intelligence Feeds
- [Abuse.ch Feeds](https://abuse.ch/) – Open feeds on malware, botnets, and ransomware.
- [AlienVault OTX](https://otx.alienvault.com/) – Open threat exchange platform for indicators and trends.
- [Feodo Tracker](https://feodotracker.abuse.ch/) – Tracker for botnet command and control servers.
- [URLhaus](https://urlhaus.abuse.ch/) – Malware distribution URLs feed.
- [CIRCL MISP Feeds](https://www.circl.lu/services/misp-feeds/) – Trusted feeds for threat intelligence sharing.
## Open Source Platforms & Frameworks
- [MISP](https://www.misp-project.org/) – Threat intelligence platform for sharing indicators and analysis.
- [OpenCTI](https://www.opencti.io/) – Open Cyber Threat Intelligence platform built on graph tech.
- [CRITIFENCE ThreatCrowd](https://www.threatcrowd.org/) – Search engine for IPs, domains, hashes, and malware.
- [IntelMQ](https://github.com/certtools/intelmq) – Framework for collecting and processing security feeds.
- [Yeti](https://github.com/yeti-platform/yeti) – Platform to collect, enrich, and analyze threat intelligence.
## Indicators of Compromise (IOCs)
- [VirusTotal](https://www.virustotal.com/) – File and URL scanner with crowd-sourced intelligence.
- [MalShare](https://malshare.com/) – Open malware repository and IOC data.
- [Any.run](https://any.run/) – Interactive online malware sandbox.
- [Hybrid Analysis](https://www.hybrid-analysis.com/) – Malware analysis and IOC extraction platform.
## Malware & Threat Analysis
- [Joe Sandbox](https://www.joesecurity.org/) – Advanced malware analysis sandbox.
- [Intezer Analyze](https://analyze.intezer.com/) – Malware DNA mapping and threat classification.
- [Malpedia](https://malpedia.caad.fkie.fraunhofer.de/) – Encyclopedia of malware families and behaviors.
- [ThreatFox](https://threatfox.abuse.ch/) – Platform for sharing indicators of malware threats.
## Threat Reports & Dashboards
- [FireEye Threat Intelligence](https://www.mandiant.com/resources) – Reports and threat briefings by Mandiant.
- [Cisco Talos Intelligence](https://talosintelligence.com/) – Cyber threat intelligence and advisories.
- [Kaspersky Threat Intelligence Portal](https://opentip.kaspersky.com/) – IOC lookups and threat data.
- [CrowdStrike Blog](https://www.crowdstrike.com/blog/) – Industry-leading threat reports and trends.
- [Anomali ThreatStream](https://www.anomali.com/product/threatstream) – Commercial TI platform with feed integrations.
- [Pharos AI](https://conflicts.app) – Open source real-time intelligence dashboard for geopolitical conflict tracking, aggregating OSINT feeds with geospatial visualization, timelines, and event data.
## APIs & Datasets
- [Have I Been Pwned API](https://haveibeenpwned.com/API/v3) – Check compromised email addresses and credentials.
- [GreyNoise API](https://www.greynoise.io/) – Context for IPs on the internet to reduce false positives.
- [AbuseIPDB API](https://www.abuseipdb.com/) – Report and analyze abusive IP addresses.
- [OTX API](https://otx.alienvault.com/api) – Access AlienVault's Open Threat Exchange data.
## Communities & Sharing
- [Cyber Threat Intelligence Subreddit](https://www.reddit.com/r/cyberthreatintel/) – Discussion on TI tools, sources, and reports.
- [FIRST](https://www.first.org/) – Forum of Incident Response and Security Teams.
- [Open Threat Exchange (OTX)](https://otx.alienvault.com/) – Community threat data collaboration.
- [MISP Communities](https://www.misp-project.org/communities/) – Users sharing threat intelligence globally.
## Related Awesome Lists
- **[Awesome Cybersecurity](https://github.com/awesomelistsio/awesome-cybersecurity)** – General cybersecurity resources and tools.
- **[Awesome OSINT](https://github.com/awesomelistsio/awesome-osint)** – Open-source intelligence tools and resources.
- **[Awesome Privacy](https://github.com/awesomelistsio/awesome-privacy)** – Tools and knowledge for digital privacy.
- **[Awesome Malware Analysis](https://github.com/awesomelistsio/awesome-malware-analysis)** – Tools and resources for analyzing malicious software.
## Contribute
Contributions are welcome. Please ensure your submission fully follows the requirements outlined in [`CONTRIBUTING.md`](CONTRIBUTING.md), including formatting, scope alignment, and category placement.
Pull requests that do not adhere to the contribution guidelines may be closed.
## License
[](http://creativecommons.org/licenses/by-sa/4.0/)