// COSSAS

Software released by our partners

On this page we feature software components that partners of the COSSAS initiative have released through their own GitHub repositories. These components align well with the automation objectives expressed in our mission and some have a direct link with software components that we have released ourselves.

ACT Platform

owner
Released
June 6, 2017
Language
Java
License
ISC

ACT is a graph based Threat Intelligence Platform that enables the collection, analysis and sharing of threat intelligence. It is the result of the Semi-Automated Cyber Threat Intelligence (ACT) project, a mnemonic-led joint research effort together with the University of Oslo, NTNU, Norwegian Security Authority (NSM), KraftCERT and Nordic Financial CERT.

Adversary Emulation Planner (AEP)

owner
Released
June 23rd, 2021
Language
Python
License
ISC

The Adversary Emulation Planner (AEP) can be used to automatically build an ordered set of attack stages with MITRE ATT&CK techniques executed during each stage. The output is a set of attack stages that show all possible techniques that an adversary might execute during each stage. To decide when the different techniques are to be found in such a set, promises are used as access tokens for the execution of techniques. Each technique defines the set of promises required to execute it (pre-conditions) and the set of promises it provides upon execution (post-conditions).The AEP software was developed in the pan-European SOCCRATES innovation project (EU Horizon 2020 program). 

AIL project

owner
Released
2014
Language
Python
License
AGPL-3.0

AIL Project is an open source framework to collect, crawl, dig and analyse unstructured data. The framework can be used to find information leaks, intelligence, insights and much more. It includes an extensible Python-based framework for analysis of unstructured information collected via an advanced Crawler manager or from different feeders (such as Twitter, Discord, Telegram Stream providers) or custom feeders. It also supports active crawling of Tor hidden services along with crawling protected websites and forums with pre-recorded session cookies.

Cerebrate

owner
Released
2019
Language
PHP
License
AGPL-3.0

Cerebrate is an open-source platform meant to act as a trusted contact information provider and interconnection orchestrator for other security tools (such as MISP and other open source security tools).

D4 project

owner
Released
2019
Language
Python
License
AGPL-3.0

A large-scale distributed sensor network to monitor DDoS and other malicious activities relying on an open and collaborative project. D4 project is set of open source components to build your own sensor network from scratch including the sensors up to the analysis.

LookyLoo

owner
Released
2020
Language
Python
License
BSD3

LookyLoo is a Web interface allowing to scrape a website and then displays a tree of domains calling each other. LookyLoo can perform web forensic analysis while providing an integration with other open source tools such as MISP.

MISP project

owner
Released
2012
Language
PHP
License
AGPL-3.0

Open Source Threat Intelligence Sharing Platform & Open Standards For Threat Information Sharing. MISP is a complete open source solution to handle intelligence (from cyber security, threat intelligence, fraud to counter-terrorism) from its collection, storing, visualisation to sharing and collaboration.

Pandora

owner
Released
2017
Language
Python
License
AGPL-3.0

Pandora is an analysis framework to discover if a file is suspicious and conveniently show the results. It’s a flexible and open source framework to integrate external tools for checking files. Report and analysis can be shared with MISP.