Blue Team Opensource Online Tools
Source: https://gitlab.com/syntax-ir/playbooks
Last updated
Was this helpful?
Source: https://gitlab.com/syntax-ir/playbooks
Last updated
Was this helpful?
In this section you will find link to free tools sometimes with a short description of what the tool does and how to use it.
Search by IP, domain, or network owner for real-time threat data.
Website Reputation Checker This service helps you detect potentially malicious websites. Check the online reputation/safety of a website.
Search by Domain, IP, Email or Organization ThreatCrowd is now powered by AlienVault®
The Domain Dossier tool generates reports from public records about domain names and IP addresses to help solve problems, investigate cybercrime, or just better understand how things are set up. These reports may show you:
Owner’s contact information
Registrar and registry information
The company that is hosting a Web site
Where an IP address is geographically located
What type of server is at the address
The upstream networks of a site
and much more
Analyze PCAP files to gain insights into HTTP headers, request and response data. Effortlessly extract transferred files, office documents, and images. Find passwords for various protocols.
Analyze PCAP files to gain insights into HTTP headers, request and response data. Effortlessly extract transferred files, office documents, and images. Find passwords for various protocols.
Analyze suspicious files and URLs to detect types of malware, automatically share them with the security community
A sandbox for the web This site will give you an image of the the site. Very useful to investigate phishing without visiting the site from your machine.
A free malware analysis service for the community that detects and analyzes unknown threats using a unique Hybrid Analysis technology. Powered by CrowdStrike Falcon® Sandbox.
Note: You need to create an account. Innovative cloud-based sandbox with full interactive access
An online version of Cuckoo Sandbox (currently of line)
Joe Sandbox detects and analyzes potential malicious files and URLs on Windows, Android, Mac OS, Linux, and iOS for suspicious activities. It performs deep malware analysis and generates comprehensive and detailed analysis reports. This website gives you access to the Community Edition of Joe Sandbox Cloud. It allows you to run a maximum of 15 analyses / month, 5 analyses / day on Windows, Linux and Android with limited analysis output.
This cheat sheet outlines tips and tools for analyzing malicious documents, such as Microsoft Office, RTF and Adobe Acrobat (PDF) files. To print it, use the one-page PDF version; you can also edit the Word version to customize it for you own needs.
The Cyber Swiss Army Knife
CyberChef is a simple, intuitive web app for carrying out all manner of "cyber" operations within a web browser. These operations include simple encoding like XOR or Base64, more complex encryption like AES, DES and Blowfish, creating binary and hexdumps, compression and decompression of data, calculating hashes and checksums, IPv6 and X.509 parsing, changing character encodings, and much more.
The tool is designed to enable both technical and non-technical analysts to manipulate data in complex ways without having to deal with complex tools or algorithms. It was conceived, designed, built and incrementally improved by an analyst in their 10% innovation time over several years.
Uncoder.IO is the online translator for SIEM saved searches, filters, queries, API requests, correlation and Sigma rules to help SOC Analysts, Threat Hunters and SIEM Engineers. Serving as one common language for cyber security it allows blue teams to break the limits of being dependent on single tool for hunting and detecting threats and avoid technology lock-in. With easy, fast and private UI you can translate the queries from one tool to another without a need to access to SIEM environment and in a matter of just few seconds.
Deploy a DFIR forensics lab with one script on Google Cloud Platform!
Malwoverview.py is a simple tool to perform an initial and quick triage of malware samples, URLs and hashes. Additionally, Malwoverview is able to show some threat intelligence information.