PyRank
  • Insights
  • PyPI
  • GitHub
  • Search
  • Compare
  • Advisories
  • Ecosystem
  • About

Dfir Python Packages

Python packages with the GitHub topic dfir. Sorted by relevance, with stars and monthly downloads.
InQuest
iocextract

Defanged Indicator of Compromise (IOC) Extractor.

55K 581 92
fox-it
dissect

Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats, developed by Fox-IT (part of NCC Group).

45K 1K 85
TheHive-Project
cortexutils

Cortex Analyzers Repository

17K 485 403
obsidianforensics
pyhindsight

Browser forensics tool for Google Chrome (and other Chromium-based browsers)

4K 1K 183
InQuest
threatingestor

Extract and aggregate threat intelligence.

4K 921 136
Thehive-Project
cortex4py

Python API Client for Cortex

3K 33 31
BayyinahEnterprise
bayyinah

File integrity scanner detecting hidden, concealed, or adversarial content across 23 file kinds. Input-layer application of the Munafiq Protocol

3K 0 0
michelcrypt4d4mus
yaralyzer

Visually inspect and force decode YARA and regex matches found in both binary and text data with colors. Lots of colors.

3K 150 15
google
turbinia

Automation and Scaling of Digital Forensics Tools

2K 790 171
infosecB
pyloobins

Living Off the Orchard: macOS Binaries (LOOBins) is designed to provide detailed information on various built-in "living off the land" macOS binaries and how they can be used by threat actors for malicious purposes.

2K 539 68
erichutchins
polars-iptools

Polars extension for IP address parsing and enrichment including geolocation

2K 32 1
google
turbinia-api-lib

Automation and Scaling of Digital Forensics Tools

2K 790 171
google
turbinia-client

Automation and Scaling of Digital Forensics Tools

1K 790 171
VladTepes84
rekos

Terminal-native passive OSINT CLI for local-first public-source investigation workspaces

917 10 2
cert-edf
generaptor

CLI generator for Velociraptor offline collector

903 16 5
fox-it
flow-transport

Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats, developed by Fox-IT (part of NCC Group).

888 1K 85
fox-it
flow-ioc

Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats, developed by Fox-IT (part of NCC Group).

816 1K 85
cert-edf
edf-helium-core

Collaborative Forensic Collections Manager

809 1 2
sumeshi
ntfsdump

A command-line tool for efficiently extracting files, directories, and alternate data streams directly from NTFS image files.

773 22 7
cert-edf
edf-helium-server

Collaborative Forensic Collections Manager

743 1 2
helixmap
loghunter-cli

Local-first, transparent threat hunting for the logs you already have: Zeek, Pi-hole, syslog, CloudTrail. Names the technique behind every finding. No SIEM, no agent, no black box.

718 2 0
cert-edf
edf-helium-client

Collaborative Forensic Collections Manager

697 1 2
sumeshi
ntfsfind

A command-line tool for searching files, directories, and alternate data streams directly from NTFS image files.

581 29 2
cert-edf
edf-plasma-dissectors

Extract and normalize information from forensics artifacts

554 5 3
    • Data from PyPI, GitHub, ClickHouse, and BigQuery