A curated list of amazingly awesome Cybersecurity datasets

Overview

Awesome-Cybersecurity-Datasets

A curated list of amazingly awesome Cybersecurity datasets.

Please contribute to this list with new datasets by sending me a pull request or by contacting me at @santiagohramos.

Happy learning!

Table of contents

Datasets

Network traffic

  • Unified Host and Network Dataset - The Unified Host and Network Dataset is a subset of network and computer (host) events collected from the Los Alamos National Laboratory enterprise network over the course of approximately 90 days. The host event logs originated from most enterprise computers running the Microsoft Windows operating system on Los Alamos National Laboratory's (LANL) enterprise network. The network event data originated from many of the internal enterprise routers within the LANL enterprise network.
  • Comprehensive, Multi-Source Cyber-Security Events - This data set represents 58 consecutive days of de-identified event data collected from five sources within Los Alamos National Laboratory's corporate, internal computer network.
  • User-Computer Authentication Associations in Time - This anonymized data set encompasses 9 continuous months and represents 708,304,516 successful authentication events from users to computers collected from the Los Alamos National Laboratory (LANL) enterprise network.
  • Canadian Institute for Cybersecurity datasets - Canadian Institute for Cybersecurity datasets are used around the world by universities, private industry and independent researchers.
  • KDD Cup 1999 Data - This database contains a standard set of data to be audited, which includes a wide variety of intrusions simulated in a military network environment.
  • 2017-SUEE-data-set - The data sets contain traffic in and out of the web server of the Student Union for Electrical Engineering (Fachbereichsvertretung Elektrotechnik) at Ulm University. Internal hosts are hosts from within the university network, some of them are cable bound, others connect through one of two wifi services on campus (eduroam and welcome). The data was mixed with attack traffic.
  • CTU-13 Dataset - A Labeled Dataset with Botnet, Normal and Background traffic.
  • PCAP files - Malware Traffic, Network Forensics, SCADA/ICS Network Captures, Packet Injection Attacks / Man-on-the-Side Attacks...
  • pcapt - Big repository of PCAP files.
  • Project Sonar - Project Sonar produces multiple UDP datasets every month. This data is gathered by sending protocol-specific UDP probes across the entire IPv4 address space. The types of probes sent each week continues to expand as the project matures.
  • IoT devices captures - This dataset represents the traffic emitted during the setup of 31 smart home IoT devices of 27 different types (4 types are represented by 2 devices each). Each setup was repeated at least 20 times per device-type.

Malware

  • UNSW-NB15 data set - This data set has nine families of attacks, namely, Fuzzers, Analysis, Backdoors, DoS, Exploits, Generic, Reconnaissance, Shellcode and Worms. The Argus, Bro-IDS tools are utilised and twelve algorithms are developed to generate totally 49 features with the class label.
  • Malware Training Sets - Today (please refers to blog post date) the collected classified datasets is composed by the following samples: APT1 292 Samples, Crypto 2024 Samples, Locker 434 Samples, Zeus 2014 Samples
  • The Drebin Dataset - The dataset contains 5,560 applications from 179 different malware families. The samples have been collected in the period of August 2010 to October 2012 and were made available to us by the MobileSandbox project.
  • Stratosphere IPS - Malware captures, Normal captures, mixed captures...
  • Microsoft Malware Classification Challenge - You are provided with a set of known malware files representing a mix of 9 different families. Each malware file has an Id, a 20 character hash value uniquely identifying the file, and a Class, an integer representing one of 9 family names.

Software

  • Javascript Vulnerability dataset - Dataset constructed from the vulnerability information in public databases of the Node Security Project and the Snyk platform, and code fixing patches from GitHub.

WebApps

  • West Point NSA Data Sets - Snort Intrusion Detection Log. Domain Name Service Logs. Web Server Logs. Log Server Aggregate Log.
  • Web Attack Payloads - A collection of web attack payloads.
  • Machine-Learning-driven-Web-Application-Firewall - Set of good and bad queries to a web application firewall.
  • Internet-Wide Scan Data Repository - The Censys Projects publishes daily snapshots of what we know about each IPv4 host, Alexa Top Million website, and known X.509 certificate. These datasets contain structured, non-ephemeral JSON records that identify a host's configuration.
  • 500K HTTP Headers - Recently we crawled the Top 500K sites (as ranked by Alexa). Following requests from readers we are making available the HTTP Headers for research purposes.
  • HTTP DATASET CSIC 2010 - The HTTP dataset CSIC 2010 contains thousands of web requests automatically generated. It can be used for the testing of web attack protection systems. It was developed at the Information Security Institute of CSIC (Spanish Research National Council).
  • ISOT datasets - The ISOT Lab has collected through different projects various datasets some of which are available for public sharing. ISOT Web Interactions Dataset (Mouse/Keystroke/Site Actions), ISOT Botnet Dataset...
  • Web Logs Secrepo - Web logs generated by secrepo community and secrepo web application
  • Common Crawl - The Common Crawl corpus contains petabytes of data collected over the last 7 years. It contains raw web page data, extracted metadata and text extractions.
  • Website Classification Dataset - The entire selective archive is manually curated, including classification of sites into a two-tiered subject hierarchy. We have made this manually-generated classification information available as an open dataset, in tab-separated column format.
  • AZSecure-data - The AZSecure-data PORTAL currently provides access to Web forums, Internet phishing websites, Twitter data, and other data.

URLs & Domain Names

  • Malicious URLs Dataset - The data set consists of about 2.4 million URLs (examples) and 3.2 million features.
  • cybercrime-tracker - List of labeled malicious URLs.
  • Malware Domain List - Malware Domain List.
  • ZeuS Tracker - ZeuS Tracker tracks ZeuS Command&Control servers (hosts) around the world and provides you a domain- and a IP-blocklist.
  • Feodo Tracker - List of Feodo botnet C&C servers
  • Ransomware Tracker - Ransomware Tracker offers various types of blocklists that allows you to block Ransomware botnet C&C traffic.
  • URLhaus - URLhaus is a project from abuse.ch with the goal of sharing malicious URLs that are being used for malware distribution.
  • Alexa Top 1 Million - CSV dataset with the most popular sites by Alexa.
  • OpenDNS Top Domains List - The OpenDNS Top Domains List is the top 10,000 domain names our resolvers all over the globe are receiving queries for, sorted by popularity.
  • The Majestic Million - The million domains we find with the most referring subnets.
  • StopForumSpam - The data provided here represents what we believe will only ever ben used to abuse. IP Addresses, domains and usernames listed here will be returned in API results as "blacklisted".

Host

  • The ADFA Intrusion Detection Datasets - This dataset provides a contemporary Linux dataset for evaluation by traditional HIDS. This dataset provides a contemporary Windows dataset for evaluation by HIDS.
  • Unified Host and Network Dataset - The Unified Host and Network Dataset is a subset of network and computer (host) events collected from the Los Alamos National Laboratory enterprise network over the course of approximately 90 days. The host event logs originated from most enterprise computers running the Microsoft Windows operating system on Los Alamos National Laboratory's (LANL) enterprise network. The network event data originated from many of the internal enterprise routers within the LANL enterprise network.
  • Public Security Log Sharing Site - This site contains various free shareable log samples from various systems, security and network devices, applications, etc. The logs are collected from real systems, some contain evidence of compromise and other malicious activity. Wherever possible, the logs are NOT sanitized, anonymized or modified in any way (just as they came from the logging system).
  • Aktaion2 Data - The project is meant to be a learning/teaching tool on how to blend multiple security signals and behaviors into an expressive framework for intrusion detection.

Email

Fraud

  • Credit Card Fraud - The datasets contains transactions made by credit cards in September 2013 by european cardholders. This dataset presents transactions that occurred in two days, where we have 492 frauds out of 284,807 transactions. The dataset is highly unbalanced, the positive class (frauds) account for 0.172% of all transactions.

Honeypots

  • DDS Dataset Collection - A tar/gzip CSV file from a collection of AWS honeypots. A zip CSV file of domains and a high level classification of dga or legit along with a subclass of either legit, cryptolocker, gox or newgoz.
  • Threat_Research - Centralized repository to dump threat research data gathered from my network of honeypots.

Binaries

  • The ember dataset - The ember dataset is a collection of 1.1 million sha256 hashes from PE files that were scanned sometime in 2017. This repository makes it easy to reproducibly train the benchmark model, extend the provided feature set, or classify new PE files with the benchmark model.

Phishing

  • Phishing Websites Data Set - In this dataset, we shed light on the important features that have proved to be sound and effective in predicting phishing websites. In addition, we propose some new features.

Passwords

MISC

  • SecRepo - Samples of Security Related Data.
  • PANDA SHARE - This site stores recordings of executions produced by the PANDA dynamic analysis platform. The goal is to make dyanamic analysis repeatable. Any analysis dynamic analysis, run on the same replay, will produce the same results.
  • SHERLOCK - The dataset is essentially a massive time-series dataset spanning nearly every single kind of software and hardware sensor that can be sampled from a Samsung Galaxy S5 smartphone, without root privileges. The dataset contains over 600 billion data points in over 10 billion data records.
  • WerdLists - Wordlists, Dictionaries and Other Data Sets for Writing Software Security Test Cases.
Aiminsun 165 Dec 21, 2022
GitLab CI security tools runner

Common Security Pipeline Описание проекта: Данный проект является вариантом реализации DevSecOps практик, на базе: GitLab DefectDojo OpenSouce tools g

Сити-Мобил 14 Dec 23, 2022
A proxy server application written in python for trial purposes

python-proxy-server This is a proxy server ❤️ application written in python ❤️ for trial purposes. The purpose of the application; Connecting to Hacke

Ali Kasimoglu 2 Dec 27, 2021
LittleBrother is a simple parental control application monitoring specific processes on Linux hosts to monitor and limit the play time of children.

Parental Control Application LittleBrother Overview LittleBrother is a simple parental control application monitoring specific processes (read "games"

40 Dec 21, 2022
ORector - A Fast Python tool designed to detect open redirects vulnerabilities on websites

ORector is a Fast Python tool designed to detect open redirects vulnerabilities

11 Apr 02, 2022
Exploit and Check Script for CVE 2022-1388

F5-CVE-2022-1388-Exploit Exploit and Check Script for CVE 2022-1388 Usage Check against single host python3 CVE-2022-1388.py -v true -u target_url At

Andy Gill 52 Dec 22, 2022
MVT is a forensic tool to look for signs of infection in smartphone devices

Mobile Verification Toolkit Mobile Verification Toolkit (MVT) is a collection of utilities to simplify and automate the process of gathering forensic

8.3k Jan 08, 2023
PwdGen is a Python Tkinter tool for generating secure 16 digit passwords.

PwdGen ( Password Generator ) is a Python Tkinter tool for generating secure 16 digit passwords. Installation Simply install requirements pip install

zJairO 7 Jul 14, 2022
Orthrus is a macOS agent that uses Apple's MDM to backdoor a device using a malicious profile.

Orthrus is a macOS agent that uses Apple's MDM to backdoor a device using a malicious profile. It effectively runs its own MDM server and allows the operator to interface with it using Mythic.

Mythic Agents 37 Dec 06, 2022
Script for automatic dump and brute-force passwords using Volatility Framework

Volatility-auto-hashdump Script for automatic dump and brute-force passwords using Volatility Framework

whoamins 11 Apr 11, 2022
Web3 Pancakeswap Sniper & honeypot detector Take Profit/StopLose bot written in python3, For ANDROID WIN MAC & LINUX

🏆 Pancakeswap BSC Sniper Bot web3 with honeypot detector (ANDROID WINDOWS MAC LINUX) 🥇 ⭐️ ⭐️ ⭐️ First SNIPER BOT for ANDROID & WINDOWS with honeypot

Mayank 12 Jan 07, 2023
Scans for Log4j versions effected by CVE-2021-44228

check_mkExtension to check for log4j2 CVE-2021-44228 This Plugin wraps around logpresso/CVE-2021-44228-Scanner (Apache License 2.0) How it works Run i

inett GmbH 4 Jun 30, 2022
将hw时信息收集以及简单的漏洞操作步骤简单化

Braised-vegetables 将hw时信息收集以及简单的漏洞扫描操作步骤简单化 使用subfinder(被动子域名爆破收集) subdomain(主动域名爆破) nabbu(端口扫描) httpx(探测目录浏览) crawlergo(360深度爬虫) chorme(谷歌浏览器) xray(漏

19 Nov 15, 2022
A secure way of storing your passwords.

StrongBox 🔐 A secure way of storing your passwords. 🔑 Why to use StrongBox? StrongBox makes it possible to have a random generated strong password i

Dylan Tintenfich 5 Dec 25, 2021
Python bindings to LibreSSL library

LibreSSL bindings for Python using CFFI Python3 bindings to LibreSSL using CFFI. It aims to provide interface to the most important bits of LibreSSL o

Alexander Kiselyov 1 Aug 02, 2022
A small Minecraft server to help players detect vulnerability to the Log4Shell exploit 🐚

log4check A small Minecraft server to help players detect vulnerability to the Log4Shell exploit 🐚 Tested to work between Minecraft versions 1.12.2 a

Evan J. Markowitz 4 Dec 23, 2021
dos-atack-tor script de python que permite usar conexiones cebollas para atacar paginas .onion o paginas convencionales via tor.

script de python que permite usar conexiones cebollas para atacar paginas .onion o paginas convencionales via tor. tiene capacidad de ajustar la cantidad de informacion a enviar, el numero de hilos a

Desmon 2 Jun 01, 2022
Unicode fuzzer for various purposes

UnicodeToy Unicode fuzzer for various purposes Unicode based on version 14.0 features Generate the shortest xss domain payload Generate unicode str, u

33 Nov 27, 2022
Hadoop Yan ResourceManager unauthorized RCE

Vuln Impact There was an unauthorized access vulnerability in Hadoop yarn ResourceManager. This vulnerability existed in Hadoop yarn, the core compone

Al1ex 25 Nov 24, 2022
Cve-2022-23131 - Cve-2022-23131 zabbix-saml-bypass-exp

cve-2022-23131 cve-2022-23131 zabbix-saml-bypass-exp replace [zbx_signed_session

东方有鱼名为咸 135 Dec 14, 2022