Open Source Tools

Open Source Threat Intelligence

Threat intelligence is only useful if you trust where the indicators came from and can act on them before they go stale, yet most feeds arrive as opaque lists you are expected to ingest on faith. The open source tools here let you see how indicators are collected, enriched, and correlated, and keep your own sensitive observations inside your environment rather than handing your incident data to a sharing platform.

8 threat intelligence100% OSI-approved licensesUpdated June 2026
Showing 1-8 of 8
OpenCTI logo

OpenCTI

Threat Intelligence
9.5k

Threat intelligence platform for structuring, linking, and visualizing cyber threat knowledge

OtherTypeScriptSelf-host
MISP logo

MISP

Threat Intelligence
6.4k

Open source threat intelligence sharing platform for collecting, correlating, and exchanging cyber threat data

AGPL-3.0PHPSelf-host
capa logo

capa

Threat Intelligence
6.1k

Command line binary analysis tool that identifies capabilities in PE, ELF, .NET, shellcode, and sandbox reports

Apache-2.0Python
IntelOwl logo

IntelOwl

Threat Intelligence
4.6k

Threat intelligence management with one API to query many sources and analysis tools at once

AGPL-3.0PythonSelf-host
Yeti logo

Yeti

Threat Intelligence
2k

Threat intelligence platform for DFIR teams, with bulk observable search and enrichment via web API

Apache-2.0PythonSelf-host
Cortex logo

Cortex

Threat Intelligence
1.6k

Observable analysis and active response engine for threat intelligence and incident response

AGPL-3.0ScalaSelf-host

Harpoon

Threat Intelligence
1.3k

OSINT and threat intelligence CLI tool for querying many external sources from one command line

GPL-3.0PythonSelf-host
IntelMQ logo

IntelMQ

Threat Intelligence
1.1k

Threat intelligence collection and processing for CERTs, CSIRTs, and SOCs

AGPL-3.0PythonSelf-host

Related categories

VPN14Vulnerability Scanner12Firewall7Security121Antivirus3