cyberstars
cyberstars / purpose / blue-team

Tools for blue team

Defensive monitoring, detection and response.

95 tools indexed

Tetragon

eBPF-based runtime security.

MonitorHardenCloudEndpoints
GoApache-2.0

TheHive

Open-source SIRP for incident response.

AutomateMonitorEndpointsNetworks
ScalaAGPL-3.0

ThreatMapper

Open-source cloud-native protection platform.

ScanMonitorCloudIaC
JavaScriptApache-2.0

Trivy

Container and IaC vulnerability scanner.

ScanCloudIaC
GoApache-2.0

UAC

Unix-like artifact collector.

AnalyzeMonitorEndpoints
ShellApache-2.0

Velociraptor

Endpoint visibility and DFIR.

MonitorAnalyzeEndpoints
GoAGPL-3.0

Vuls

Agent-less Linux vulnerability scanner.

ScanEndpointsCloud
GoGPL-3.0

WHIDS

Open-source EDR for Windows.

MonitorAnalyzeEndpoints
GoGPL-3.0

Wazuh

Open-source XDR and SIEM.

MonitorScanEndpointsCloud
CAGPL-3.0

Wireshark

Network protocol analyzer.

InterceptAnalyzeNetworksWireless
CGPL-2.0

YARA

Pattern matching for malware research.

AnalyzeMonitorBinariesEndpoints
CBSD-3-Clause

YARA Rules

Community YARA rule repository.

MonitorAnalyzeBinariesEndpoints
YARAGPL-2.0

Yeti

Open-source threat-intel platform.

AutomateAnalyzeNetworksEndpoints
PythonApache-2.0

Zeek

Network analysis framework.

MonitorAnalyzeNetworks
C++BSD-3-Clause

capa

Identify executable capabilities.

AnalyzeBinaries
PythonApache-2.0

dnstwist

Detect typosquats and phishing domains.

ScanReconWeb apps
PythonApache-2.0

osquery

SQL-powered endpoint visibility.

MonitorAnalyzeEndpoints
C++Apache-2.0

ssh-audit

SSH server and client config auditor.

ScanHardenNetworksEndpoints
PythonMIT

sshesame

Easy SSH honeypot.

MonitorNetworksEndpoints
GoMIT

sshportal

Transparent SSH bastion.

HardenMonitorNetworksEndpoints
GoApache-2.0

sysmon-modular

Modular Sysmon configuration repo.

MonitorHardenEndpoints
PowerShellMIT

tcpdump

Command-line packet capture.

InterceptAnalyzeNetworks
CBSD-3-Clause

testssl.sh

Test TLS/SSL on any port.

ScanAnalyzeWeb appsNetworks
ShellGPL-2.0