User Experience on mobile might not be great yet, but I'm working on it.

Your first time on this page? Allow me to give some explanations.

Awesome Cybersecurity Blue Team

๐Ÿ›ก๏ธ A curated collection of awesome resources, tools, and other shiny things for cybersecurity blue teams.

Here you can see meta information about this topic like the time we last updated this page, the original creator of the awesome list and a link to the original GitHub repository.

Last Update: Jan. 16, 2022, 7:06 p.m.

Thank you fabacab & contributors
View Topic on GitHub:
fabacab/awesome-cybersecurity-blueteam

Search for resources by name or description.
Simply type in what you are looking for and the results will be filtered on the fly.

Further filter the resources on this page by type (repository/other resource), number of stars on GitHub and time of last commit in months.

Awesome Cybersecurity Blue Team

Automation

Code libraries and bindings

Modular file scanning/analysis framework

524
121
2y 102d
MPL-2.0

PowerShell Module to interact with VirusTotal

95
28
2y 2d
n/a

An easy-to-use and lightweight API wrapper for Censys APIs.

247
58
75d
Apache-2.0

A high level C++ network packet sniffing and crafting library.

272
83
1y 6m
n/a

Pythonic interface to the Internet Storm Center / DShield API.

22
11
1y 7m
BSD-3-Clause

Minimal, consistent Python API for building integrations with malware sandboxes.

107
34
7m
GPL-2.0

OASIS TC Open Repository: Python APIs for STIX 2

231
77
115d
BSD-3-Clause

Security Orchestration, Automation, and Response (SOAR)

Cloud platform security

AWS Identity and Access Management Visualizer and Anomaly Finder

237
36
109d
n/a

A tool for quickly evaluating IAM permissions in AWS.

857
125
98d
AGPL-3.0

Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains all CIS controls and many more additional checks that help on GDPR, HIPAA and other security frameworks.

4.16K
773
75d
n/a

Multi-Cloud Security Auditing Tool

3.67K
559
89d
GPL-2.0

Application Kernel for Containers

12.31K
1.01K
4d
Apache-2.0

Distributed monitoring

Kubernetes

MKIT is a Managed Kubernetes Inspection Tool that validates several common security-related configuration settings of managed Kubernetes cluster objects and the workloads/resources running inside the cluster.

355
21
4m
MIT

Utility that exposes the expiry of TLS certificates as Prometheus metrics

83
11
1y 7m
MIT

Kubernetes security tool for policy enforcement

404
55
75d
Apache-2.0
122
23
1y 6m
Apache-2.0

Export Kubernetes events to multiple destinations with routing and filtering

685
133
93d
Apache-2.0

Service meshes

Communications security (COMSEC)

GPG Sync is designed to let users always have up-to-date public keys for other members of their organization

311
30
6m
GPL-3.0

DevSecOps

Custom & better AppArmor profile generator for Docker containers.

962
79
1y 4m
MIT

Safely store secrets in Git/Mercurial/Subversion

5.99K
342
8m
MIT

Vulnerability Static Analysis for Containers

8.26K
1.01K
75d
Apache-2.0

Prevents you from committing secrets and credentials into git repositories

9.54K
902
75d
Apache-2.0

Simple and flexible tool for managing secrets

8.52K
494
82d
MPL-2.0

Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues

8.94K
823
77d
Apache-2.0

A helm plugin that help manage secrets with Git workflow and store them anywhere

406
47
75d
Apache-2.0

Application or Binary Hardening

Compliance testing and reporting

Dependency confusion

Dependency Combobulator

20
0
69d
Apache-2.0

Compare the contents of your hosted and proxy repositories for coordinate collisions

56
5
7m
n/a

Mitigate security concerns of Dependency Confusion supply chain security risks

12
0
5m
n/a

Fuzzing

Policy enforcement

GitHub App to set and enforce security policies

735
50
84d
Apache-2.0

Tang binding daemon

239
44
105d
GPL-3.0

Supply chain security

Chart signing and verification with GnuPG for Helm.

19
6
1y 11m
n/a

Notary is a project that allows anyone to have trust over arbitrary collections of data

2.69K
485
90d
Apache-2.0

Honeypots

Canarytokens helps track activity and actions on your network.

815
142
75d
n/a

A modular OSINT honeypot for blue teamers

231
33
6m
GPL-3.0

Tarpits

SSH tarpit that slowly sends an endless banner

4.81K
206
92d
Unlicense

Host-based tools

Sandboxes

Identity and AuthN/AuthZ

Incident Response tools

Investigate malicious Windows logon by visualizing and analyzing Windows event log

1.87K
363
79d
n/a

Python installable command line utiltity for mitigation of host and key compromises.

286
59
5m
MIT

IR management consoles

Tools for the Computer Incident Response Team

130
27
4y 9m
MIT

Fast Incident Response

1.34K
443
6m
GPL-3.0

DPS' Lightweight Investigation Notebook

395
92
5y 4m
Apache-2.0

Evidence collection

AutoMacTC: Automated Mac Forensic Triage Collector

354
57
6m
n/a

OS X Auditor is a free Mac OS X computer forensics tool

3.1K
308
1y 5m
n/a

A forensic evidence collection & analysis toolkit for OS X

1.81K
247
2y 7m
n/a

A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.

346
87
11m
n/a

Remote Memory Acquisition Tool

188
40
1y 117d
MIT

Network perimeter defenses

First open-source DDoS protection system

646
151
84d
GPL-3.0

SSH server & client auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)

949
66
79d
MIT

Firewall appliances or distributions

Operating System distributions

Phishing awareness and reporting

Certificate Transparency Log Monitor

527
64
5m
MPL-2.0

Phishing Campaign Toolkit

1.56K
451
7m
BSD-3-Clause

Outlook add-in companion to report suspicious mail easily

109
12
3y 71d
GPL-3.0

The Phishing Intelligence Engine - An Active Defense PowerShell Framework for Phishing Defense with Office 365

161
57
1y 9m
MIT

Swordphish Phishing Awareness Tool

187
40
88d
GPL-3.0

Scans SPF and DMARC records for issues that could allow email spoofing.

59
18
9m
MIT

Phishing catcher using Certstream

1.32K
300
75d
GPL-3.0

Preparedness training and wargaming

A toolset to make a system look as if it was the victim of an APT attack

1.63K
332
4m
MIT

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

814
142
1y 7m
MIT

An information security preparedness tool to do adversarial simulation.

906
135
2y 9m
MIT

A utility to safely generate malicious network traffic patterns and evaluate controls.

585
103
76d
n/a

Virtual Machine for Adversary Emulation and Threat Hunting

1.03K
169
1y 6m
BSD-3-Clause

Security configurations

๐Ÿ›ก๏ธ Make your web services secure by default !

2.32K
129
85d
AGPL-3.0

Endpoint Detection and Response (EDR)

Network Security Monitoring (NSM)

Protocol Analysis/Decoder Framework

450
117
1y 9m
n/a

Malicious traffic detection system

4.2K
804
74d
MIT

Arkime (formerly Moloch) is an open source, large scale, full packet capturing, indexing, and database system.

4.96K
909
75d
n/a

Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis.

1.66K
274
88d
GPL-3.0

Respounder detects presence of responder in the network.

267
32
2y 7m
Apache-2.0

A tool to catch spoofed NBNS responses.

46
25
3y 7m
n/a

Stenographer is a packet capture solution which aims to quickly spool all packets to disk, then provide simple, fast access to subsets of those packets. Discussion/announcements at [email protected]

1.65K
218
5m
Apache-2.0

Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.

7.24K
779
90d
Apache-2.0

Visibility Across Space and Time โ€“ The network telemetry engine for data-driven security investigations.

325
57
74d
n/a

Security Information and Event Management (SIEM)

Service and performance monitoring

SQL powered operating system instrumentation, monitoring, and analytics.

18.38K
2.22K
74d
n/a

Threat hunting

CimSweep is a suite of CIM/WMI-based tools that enable the ability to perform incident response and hunting operations remotely across all versions of Windows.

585
154
2y 5m
BSD-3-Clause
1.25K
218
80d
GPL-3.0

GRR Rapid Response: remote live forensics for incident response

3.93K
702
4m
Apache-2.0

The Hunting ELK

3.05K
593
8m
GPL-3.0

DEPRECATED - MozDef: Mozilla Enterprise Defense Platform

2.16K
349
76d
MPL-2.0

Powershell Threat Hunting Module

219
57
5y 119d
Apache-2.0

PSRecon gathers data from a remote Windows host using PowerShell (v2 or later), organizes the data into folders, hashes all extracted data, hashes PowerShell and various system properties, and sends the data off to the security team. The data can be pushed to a share, sent over email, or retained locally.

427
104
4y 5m
Apache-2.0

PowerForensics provides an all in one platform for live disk forensic analysis

1.13K
262
11m
MIT

Collecting & Hunting for IOCs with gusto and style

181
47
5m
MIT

Threat intelligence

Credential Phish Analysis and Automation

86
26
3y 4m
GPL-3.0

Multithreaded threat Intelligence gathering built with Python3

148
28
3y 12m
MIT

Provides situational awareness of Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) networks in support of network security assessments. #nsacyber

670
256
1y 10m
n/a

Tool to gather Threat Intelligence indicators from publicly available sources

615
174
2y 10m
GPL-3.0

Generic Signature Format for SIEM Systems

4.26K
1.25K
74d
n/a

๐ŸšŒ Threat Bus โ€“ A threat intelligence dissemination layer for open-source security tools.

181
7
77d
BSD-3-Clause

Extract and aggregate threat intelligence.

505
108
5m
GPL-2.0

Binary analysis and management framework

1.44K
365
10m
n/a

The pattern matching swiss knife

5.09K
1.07K
74d
BSD-3-Clause

Threat signature packages and collections

Indicators of Compromises (IOC) of our various investigations

1.09K
209
104d
BSD-2-Clause

Repository of yara rules

2.8K
749
101d
GPL-2.0

Tor Onion service defenses

Vanguards help guard you from getting vanned...

110
17
94d
MIT

Transport-layer defenses

A private network system that uses WireGuard under the hood.

2.62K
84
108d
MIT

Scripts to build your own IPsec VPN server, with IPsec/L2TP, Cisco IPsec and IKEv2

16.68K
4.61K
74d
n/a

A MITM (monster-in-the-middle) detection tool. Used to build MALCOLM:

518
49
1y 7m
BSD-3-Clause

A scalable overlay networking tool with a focus on performance, simplicity and security

8.23K
560
74d
MIT

LetsEncrypt Root CA with plugins that configure various Web and e-mail server software.

macOS-based defenses

A binary authorization system for macOS

3.61K
257
4d
Apache-2.0

Easily configure macOS security settings from the terminal.

890
224
2y 104d
MIT

Firewall and Privatizing Proxy for Trackers, Attackers, Malware, Adware, and Spammers with Anti-Virus On-Demand and On-Access Scanning (PF, squid, privoxy, hphosts, dshield, emergingthreats, hostsfile, PAC file, clamav)

326
43
8m
MIT

Windows-based defenses

Scan files or process memory for CobaltStrike beacons and parse their configuration

626
82
5m
MIT

Hardentools simply reduces the attack surface on Microsoft Windows computers by disabling low-hanging fruit risky features.

2.02K
223
90d
GPL-3.0

The opposite of Ruler, provides blue teams with the ability to detect Ruler usage against Exchange.

74
16
4y 99d
CC0-1.0

Scans for accessibility tools backdoors via RDP

271
66
3y 10m
GPL-3.0

Configuration guidance for implementing the Windows 10 and Windows Server 2016 DoD Secure Host Baseline settings. #nsacyber

1.32K
265
3y 4m
n/a

Log newly created WMI consumers and processes to the Windows Application event log

107
22
3y 10m
n/a

Active Directory

Active Directory Control Paths auditing and graphing tools

531
94
1y 31d
n/a

Bloodhound for Blue and Purple Teams

565
69
119d
GPL-3.0