tht
所属分类:数据可视化
开发工具:Shell
文件大小:284KB
下载次数:0
上传日期:2023-06-01 01:02:46
上 传 者:
sh-1993
说明: no intro
(Threat Hunting Toolkit is a Swiss Army knife for threat hunting, log processing, and security-focused data science)
文件列表:
.cache-buster (32, 2023-10-01)
.dockerignore (36, 2023-10-01)
Dockerfile (17084, 2023-10-01)
LICENSE (1063, 2023-10-01)
bin (0, 2023-10-01)
bin\card (61, 2023-10-01)
bin\chop (3851, 2023-10-01)
bin\cidr2ip (62, 2023-10-01)
bin\cols (1317, 2023-10-01)
bin\conn-summary (2986, 2023-10-01)
bin\count (1680, 2023-10-01)
bin\distinct (335, 2023-10-01)
bin\domain (81, 2023-10-01)
bin\filter (13704, 2023-10-01)
bin\first (95, 2023-10-01)
bin\freq (333, 2023-10-01)
bin\headers (70, 2023-10-01)
bin\ip2cidr (76, 2023-10-01)
bin\ipcount (74, 2023-10-01)
bin\ipdiff (532, 2023-10-01)
bin\ipdiffs (542, 2023-10-01)
bin\ipintersect (531, 2023-10-01)
bin\ipunion (527, 2023-10-01)
bin\last (95, 2023-10-01)
bin\lfo (360, 2023-10-01)
bin\mfo (360, 2023-10-01)
bin\plot-bar (776, 2023-10-01)
bin\random-tip (1153, 2023-10-01)
bin\skip (122, 2023-10-01)
bin\ts2 (1334, 2023-10-01)
... ...
Threat Hunting Toolkit
[GitHub][github-url] |
[DockerHub][docker-url] |
[Docs][docs-url]
[![Docker Image Size][docker-size-badge]][docker-url]
[![Docker Pull Count][docker-pulls-badge]][docker-url]
[![MIT license][mit-badge]](https://github.com/ethack/tht/blob/master/#license)
The Threat Hunting Toolkit (THT) is a Swiss Army knife for threat hunting, log processing, and security-focused data science. It incorporates many CLI tools into one place for ease of deployment and includes wrappers and convenience features for ease of use. It comes packaged as a Docker image that can be deployed with a single command. Spend less time struggling with installation, configuration, or environment differences, and more on filtering, slicing, and data stacking.
## Features
§° **Easy to Install**
- Small - Keep download size under 300 MB.
- Portable - Works across a variety of systems thanks to Docker.
“– **Fast to Learn**
- Consistent - Get the same configuration on every system, which means a familiar environment everywhere.
- Format Agnostic - Avoid swapping between similar tools with annoying syntax variations for different formats including Zeek, CSV, TSV, and JSON.
- Remove Boilerplate - Remove the boilerplate for common use cases with the included scripts, functions, and aliases.
- Documented - There are [cheatsheets][cheat-url] and [documentation][docs-url] available to get started right away.
**Fast to Run**
- Optimized - Everything is benchmarked to find the fastest methods when there are several options.
- Parallel - Many of the components take advantage of multiple CPU cores to process data in parallel.
## Usage
The recommended method is to use the `tht` wrapper script included in the repo.
**Install**
```bash
sudo curl -o /usr/local/bin/tht https://raw.githubusercontent.com/ethack/tht/main/tht && sudo chmod +x /usr/local/bin/tht
```
**Run**
```bash
tht
```
**Update**
```bash
tht update
```
You can also start THT with a docker command.
**From DockerHub**
```bash
docker run \
--rm -it \
-h $(hostname) \
--init \
--pid host \
-v /etc/localtime:/etc/localtime \
-v /:/host \
-w "/host/$(pwd)" \
ethack/tht
```
**From GitHub Container Registry**
```bash
docker run \
--rm -it \
-h $(hostname) \
--init \
--pid host \
-v /etc/localtime:/etc/localtime \
-v /:/host \
-w "/host/$(pwd)" \
ghcr.io/ethack/tht
```
However, you will lose all the convenience features the `tht` wrapper script provides.
If you'd like to build the image or documentation manually, see [here](https://github.com/ethack/tht/blob/master/https://ethack.github.io/tht/development/).
## Documentation
For the current documentation, see [here](https://github.com/ethack/tht/blob/master/https://ethack.github.io/tht/).
These pages are good place to get the lay of the land:
- [List of tools included in THT](https://github.com/ethack/tht/blob/master/https://ethack.github.io/tht/#/reference/)
- [Cheatsheets covering common cases](https://github.com/ethack/tht/blob/master/https://ethack.github.io/tht/#/cheatsheets/)
- You can also access these from inside THT by running `cheat` or by pressing the `ctrl-g` keyboard shortcut.
- You'll get a random tip from these cheatsheets every time you start THT.
## License
The source code in this project is licensed under the [MIT license](https://github.com/ethack/tht/blob/master/LICENSE).
The [documentation](https://github.com/ethack/tht/blob/master/docs/content/) is licensed under the [CC BY-NC-SA 4.0 license][cc-url].
[github-url]: https://github.com/ethack/tht
[docker-url]: https://hub.docker.com/r/ethack/tht
[docs-url]: https://ethack.github.io/tht/
[cheat-url]: https://github.com/ethack/tht/tree/main/cheatsheets
[docker-size-badge]: https://badgen.net/docker/size/ethack/tht
[docker-pulls-badge]: https://badgen.net/docker/pulls/ethack/tht
[mit-badge]: https://badgen.net/badge/license/MIT/green
[cc-url]: https://creativecommons.org/licenses/by-nc-sa/4.0/
近期下载者:
相关文件:
收藏者: