InQuest

Repositories

• python-inquestlabs

  A Pythonic interface and command line tool for interacting with the InQuest Labs API.
  Python GPL-2.0 2 18 1 2 Updated Jun 1, 2021

• ThreatKB

  Knowledge base workflow management for YARA rules and C2 artifacts (IP, DNS, SSL) (ALPHA STATE AT THE MOMENT)

  malware-research yara yara-rules yara-manager yara-signatures
  JavaScript GPL-2.0 15 62 44 (1 issue needs help) 3 Updated Jun 1, 2021

• iqui-ngx

  Angular CDK based, Bootstrap styled components library
  TypeScript MIT 0 2 0 13 Updated May 28, 2021

• inquest-labs-community-rules

  This repository houses a collection of community submitted YARA rules that run atop of labs.inquest.net
  MIT 0 0 0 0 Updated May 28, 2021

• python-sandboxapi

  Minimal, consistent Python API for building integrations with malware sandboxes.

  python library sandbox api-client malware-analysis automated-analysis
  Python GPL-2.0 33 104 3 0 Updated May 27, 2021

• python-iocextract

  Defanged Indicator of Compromise (IOC) Extractor.

  ioc library osint base64 decoding dfir malware-research
  Python GPL-2.0 67 307 12 1 Updated May 7, 2021

• awesome-yara

  A curated list of awesome YARA rules, tools, and people.

  ioc awesome awesome-list threat-hunting malware-analysis malware-research yara
  255 1,488 1 1 Updated Mar 31, 2021

• microsoft-office-macro-clustering

  This repository contains the data files and algorithms for clustering Microsoft Office documents by their macro content.
  Jupyter Notebook MIT 0 4 0 0 Updated Feb 3, 2021

• yara-rules

  A collection of YARA rules we wish to share with the world, most probably referenced from http://blog.inquest.net.

  threat-hunting yara yara-rules yara-signatures
  Python MIT 39 214 2 0 Updated Feb 3, 2021

• ThreatIngestor

  Extract and aggregate threat intelligence.

  ioc osint dfir threat-hunting malware-research misp threat-sharing
  Python GPL-2.0 92 463 16 0 Updated Feb 3, 2021

• malware-samples

  A collection of malware samples and relevant dissection information, most probably referenced from http://blog.inquest.net

  malware malware-analysis malware-research malware-samples
  ActionScript MIT 147 588 0 0 Updated Dec 7, 2020

• pigasus

  Forked from cmu-snap/pigasus

  100Gbps Intrusion Detection and Prevention System
  C++ 53 0 0 0 Updated Nov 6, 2020

• bddisasm

  Forked from bitdefender/bddisasm

  bddisasm is a fast, lightweight, x86/x64 instruction decoder. The project also features a fast, basic, x86/x64 instruction emulator, designed specifically to detect shellcode-like behavior.
  C Apache-2.0 73 0 0 0 Updated Nov 6, 2020

• Macrome

  Forked from michaelweber/Macrome

  Excel Macro Document Reader/Writer for Red Teamers & Analysts
  C# MIT 49 0 0 0 Updated Oct 16, 2020

• slate

  Forked from slatedocs/slate

  Beautiful static documentation for your API
  SCSS Apache-2.0 20,457 0 0 0 Updated Oct 12, 2020

• msoffcrypto-tool

  Forked from DissectMalware/msoffcrypto-tool

  Python tool and library for decrypting MS Office files with passwords or other keys
  Python MIT 67 0 0 0 Updated Oct 10, 2020

• SpuriousEmu

  Forked from ldbo/SpuriousEmu

  VBA analysis tools
  Python AGPL-3.0 1 0 0 0 Updated Aug 25, 2020

• omnibus

  The OSINT Omnibus (beta release)

  python security osint iocs security-automation threat-intelligence
  Python MIT 61 248 18 1 Updated Aug 18, 2020

• XLMMacroDeobfuscator

  Forked from DissectMalware/XLMMacroDeobfuscator

  Extract and Deobfuscate XLM macros (a.k.a Excel 4.0 Macros)
  Python Apache-2.0 56 1 0 0 Updated Jun 27, 2020

• inquest-labs

  DEPRECATED! See https://github.com/InQuest/python-inquestlabs
  Python MIT 0 0 0 0 Updated May 14, 2020

• ipython-notebooks

  A collection of iPython notebooks probably referenced from https://inquest.net/blog
  Jupyter Notebook MIT 1 1 0 0 Updated May 12, 2020

• pcodedmp

  Forked from bontchev/pcodedmp

  A VBA p-code disassembler
  Python GPL-3.0 68 0 0 0 Updated Feb 12, 2020

• OSINT-Framework

  Forked from lockfale/OSINT-Framework

  OSINT Framework
  JavaScript MIT 654 0 0 0 Updated Jan 23, 2020

• iqui-icons
  MIT 0 2 0 0 Updated Jan 13, 2020

• Cortex-Analyzers

  Forked from TheHive-Project/Cortex-Analyzers

  Cortex Analyzers Repository
  Python AGPL-3.0 269 0 0 0 Updated Nov 27, 2019

• pcode2code

  Forked from Big5-sec/pcode2code

  a vba pcode decompiler based on pcodedmp
  Python 20 0 0 0 Updated Nov 26, 2019

• splunk-inquest

  Splunk Addon for InQuest.
  Python GPL-2.0 0 2 0 0 Updated Oct 16, 2019

• python-threatkb

  Python library and command-line tool for InQuest ThreatKB. (pre-release)
  Python GPL-2.0 1 2 0 0 Updated Oct 16, 2019

• labs-experiments

  A collection of experiments overtop the InQuest Labs open data portal (https://labs.inquest.net).
  Python MIT 1 3 0 0 Updated Oct 14, 2019

• olefile

  Forked from decalage2/olefile

  olefile is a Python package to parse, read and write Microsoft OLE2 files (also called Structured Storage, Compound File Binary Format or Compound Document File Format), such as Microsoft Office 97-2003 documents, vbaProject.bin in MS Office 2007+ files, Image Composer and FlashPix files, Outlook messages, StickyNotes, several Microscopy file fo…
  Python 60 1 0 0 Updated Oct 13, 2019