vavarachen

evtx2json

A tool to convert Windows evtx files (Windows Event Log Files) into JSON format and log to Splunk (optional) using HTTP Event Collector.

crtsh_scanner

A tool to discover domains using crt.sh site (certificate transparency logs).

volatility_automation

A tool to automate memory dump processing using Volatility, including optional Splunk integration.

splunk_hec_handler

A Python Logging Handler for Splunk HTTP Event Collector (HEC).

block-doh

RPZ Zone Files to Block DNS-over-HTTPS

Chrome-Extension-Mapper

Simple script to map Chrome extension IDs to extension name and app store URL

checkpoint_client

A python client to interact with CheckPoint R80 API (https://sc1.checkpoint.com/documents/R80/APIs/#ws).

DLLPasswordFilterImplant

DLL Password Filter Implant with Exfiltration Capabilities

DNSrazzle

A pure python tool for finding and comparing typo-squatting, bytesqatting, phishing attacks and brand impersonation

ts_webhook_alert

Splunk alert app for exporting indicators from Splunk to Anomali ThreatStream.

flare-fakenet-ng

FakeNet-NG - Next Generation Dynamic Network Analysis Tool

python-whois

A python module for retrieving and parsing WHOIS data

site_compare

Proof of concept code for using the Structural Similarity Index Measurement (SSIM) for comparing 2 websites.

ThreatIngestor

Extract and aggregate threat intelligence.

threatstream-api