Software released by our partners
On this page we feature software components that partners of the COSSAS initiative have released through their own GitHub repositories. These components align well with the automation objectives expressed in our mission and some have a direct link with software components that we have released ourselves.
ACT is a graph based Threat Intelligence Platform that enables the collection, analysis and sharing of threat intelligence. It is the result of the Semi-Automated Cyber Threat Intelligence (ACT) project, a mnemonic-led joint research effort together with the University of Oslo, NTNU, Norwegian Security Authority (NSM), KraftCERT and Nordic Financial CERT.
Adversary Emulation Planner (AEP)
The Adversary Emulation Planner (AEP) can be used to automatically build an ordered set of attack stages with MITRE ATT&CK techniques executed during each stage. The output is a set of attack stages that show all possible techniques that an adversary might execute during each stage. To decide when the different techniques are to be found in such a set,
promises are used as access tokens for the execution of techniques. Each technique defines the set of promises required to execute it (pre-conditions) and the set of promises it provides upon execution (post-conditions).The AEP software was developed in the pan-European SOCCRATES innovation project (EU Horizon 2020 program).
AIL Project is an open source framework to collect, crawl, dig and analyse unstructured data. The framework can be used to find information leaks, intelligence, insights and much more. It includes an extensible Python-based framework for analysis of unstructured information collected via an advanced Crawler manager or from different feeders (such as Twitter, Discord, Telegram Stream providers) or custom feeders. It also supports active crawling of Tor hidden services along with crawling protected websites and forums with pre-recorded session cookies.
Cerebrate is an open-source platform meant to act as a trusted contact information provider and interconnection orchestrator for other security tools (such as MISP and other open source security tools).
A large-scale distributed sensor network to monitor DDoS and other malicious activities relying on an open and collaborative project. D4 project is set of open source components to build your own sensor network from scratch including the sensors up to the analysis.
Dissect is a framework consisting of several Python libraries and tools to facilitate enterprise-scale incident response and forensics. It supports the analyst from the moment of acquisition of artifacts, to normalization, processing and analysis. Dissect frees you from limitations by data formats and platforms and takes away concerns about how to access your investigation data. Analysts can focus on performing analysis, developing analysis plugins or performing innovative research. The flexibility of Dissect also means that it can be used beyond incident response and forensics of classic computer systems. Anything that has a filesystem, such as phone backups or embedded device firmware, can be a target for analysis and workflow automation.
LookyLoo is a Web interface allowing to scrape a website and then displays a tree of domains calling each other. LookyLoo can perform web forensic analysis while providing an integration with other open source tools such as MISP.
Open Source Threat Intelligence Sharing Platform & Open Standards For Threat Information Sharing. MISP is a complete open source solution to handle intelligence (from cyber security, threat intelligence, fraud to counter-terrorism) from its collection, storing, visualisation to sharing and collaboration.