PyRank

Dfir Python Packages

Python packages with the GitHub topic dfir. Sorted by relevance, with stars and monthly downloads.
InQuest
iocextract

Defanged Indicator of Compromise (IOC) Extractor.

60K 578 92
fox-it
dissect

Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats, developed by Fox-IT (part of NCC Group).

35K 1K 82
TheHive-Project
cortexutils

Cortex Analyzers Repository

21K 484 398
infosecB
pyloobins

Living Off the Orchard: macOS Binaries (LOOBins) is designed to provide detailed information on various built-in "living off the land" macOS binaries and how they can be used by threat actors for malicious purposes.

6K 538 68
google
turbinia

Automation and Scaling of Digital Forensics Tools

4K 790 169
InQuest
threatingestor

Extract and aggregate threat intelligence.

4K 910 135
obsidianforensics
pyhindsight

Browser forensics tool for Google Chrome (and other Chromium-based browsers)

3K 1K 179
Thehive-Project
cortex4py

Python API Client for Cortex

3K 33 31
michelcrypt4d4mus
yaralyzer

Visually inspect and force decode YARA and regex matches found in both binary and text data with colors. Lots of colors.

3K 148 15
erichutchins
polars-iptools

Polars extension for IP address parsing and enrichment including geolocation

2K 32 1
google
turbinia-api-lib

Automation and Scaling of Digital Forensics Tools

910 790 169
fox-it
flow-ioc

Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats, developed by Fox-IT (part of NCC Group).

784 1K 82
google
turbinia-client

Automation and Scaling of Digital Forensics Tools

773 790 169
luminaut-org
luminaut

Casting light on shadow cloud deployments

759 27 2
sumeshi
ntfsdump

An efficient tool for extracting files, directories, and alternate data streams directly from NTFS image files.

550 22 6
cert-edf
edf-plasma-dissectors

Extract and normalize information from forensics artifacts

510 5 3
cert-edf
edf-plasma-core

Extract and normalize information from forensics artifacts

500 5 3
Lazza
recuperabit

A tool for forensic file system reconstruction.

474 620 81
erichutchins
ipextract

Fast, inline geolocation decoration of IPv4 and IPv6 addresses written in Rust

466 29 3
BayyinahEnterprise
bayyinah

File integrity scanner detecting hidden, concealed, or adversarial content across 23 file kinds. Input-layer application of the Munafiq Protocol

451 2 0
cert-edf
edf-plasma-cli

EDF Plasma CLI

443 5 3
NUKIB
maldump

Multi-quarantine extractor

443 56 10
sumeshi
ntfsfind

An efficient tool for search files, directories, and alternate data streams directly from NTFS image files.

367 28 2
airbus-cert
regrippy

A modern Python-3-based alternative to RegRipper

333 213 20