A curated list of tools for incident response

TheHive: a Scalable, Open Source and Free Security Incident Response Platform

Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders

DFIRTrack - The Incident Response Tracking Application

AWS CloudSaga - Simulate security events in AWS

AHA is an incident management & communication framework to provide real-time alert customers when there are active AWS event(s). For customers with AWS Organizations, customers can get aggregated active account level events of all the accounts in the Organization. Customers not using AWS Organizations still benefit alerting at the account level.

Open-source AI copilot that lets you chat with your observability data and code 🧙‍♂️

A portable OSINT Swiss Army Knife for DFIR/OSINT professionals 🕵️ 🕵️ 🕵️

RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.

A curated list of tools for incident response. With repository stars⭐ and forks🍴

Forensic toolkit for iOS sysdiagnose feature

Entropy scanner for Linux to detect packed or encrypted binaries related to malware. Finds malicious files and Linux processes and gives output with cryptographic hashes.

Shodan Monitoring integration for TheHive.

An extensible, end-to-end encrypted reverse shell that works across networks without port forwarding.

PowerShell script designed to help Incident Responders collect forensic evidence from local and remote Windows devices.

Linux Incident Response Reporting

The DNA test for websites

A collection of awesome tools, software, libraries, learning tutorials & videos, frameworks, best practices and technical resources about Incident Response & Management in Cybersecurity

CLI program for automating the setup, configuration, and use of cybersecurity solutions

Volatility MindMap & Cheat Sheet