CINDRCINDR

Open-Source Security Tools

Operator-built tools.
Free community editions.

Every tool is forged from real-world engagements and real gaps in the defender's toolkit. Community editions are open-source and free. Pro editions add enterprise capability for teams that need it.

GitLab OrganizationBrowse tools
01

CINDR Triage Engine

Automated static & behavioral malware analysis pipeline

A cloud-native malware analysis pipeline built on Azure Functions. Submit files via REST API and receive structured JSON reports covering file triage, string extraction, YARA matching, PE analysis, archive unpacking, macro extraction, obfuscation scoring, and heavy-tool behavioral analysis — all fully automated.

Full Product Details →
Community Edition
Free & Open Source
$0
  • HTTP intake API with multipart upload & deduplication
  • Magic-byte triage across 25+ file types
  • String extraction with IOC parsing (URLs, IPs, registry keys, Win32 APIs)
  • YARA scanning with custom and community rulesets
  • PE/ELF/Mach-O parsing: sections, imports, entropy, packer detection
  • Archive unpacking with recursive analysis
  • PDF JavaScript & attachment extraction; Office VBA/XLM macro analysis
  • Obfuscation scoring for JS, PowerShell, Python, shell scripts
  • Azure-native serverless deployment
View on GitLab
Pro Edition
Licensed & Supported
Contact for pricing
  • Heavy tool integration: capa, speakeasy, pestudio, detect-it-easy
  • Managed cloud deployment with uptime SLA
  • VirusTotal API reputation enrichment
  • Custom YARA ruleset management & CI/CD pipeline
  • Webhook delivery for analysis results
  • Multi-tenant support with RBAC
  • Analyst portal with submission history & report viewer
  • Priority support & custom analysis module development
Request a License
02

TTP Mapper

MITRE ATT&CK TTP correlation and threat actor identification

Rapidly correlate observed MITRE ATT&CK T-codes against known threat actor and malware TTPs. Input T-codes from your incident response engagement and instantly identify which threat actors and software are most likely responsible — ranked by overlap confidence.

Full Product Details →
Community Edition
Free & Open Source
$0
  • MITRE ATT&CK T-code input and parsing
  • Threat actor and software TTP correlation
  • Overlap scoring and confidence ranking
  • Support for techniques, sub-techniques, and tactics
  • Real-time analysis with instant results
  • Export correlation results as JSON
Start Mapping
Pro Edition
Licensed & Supported
Contact for pricing
  • Historical campaign tracking and linkage
  • Custom threat actor library management
  • Confidence weighting customization
  • API integration for automation
  • Batch T-code processing
  • Team-wide correlation history & audit logs
  • Private intelligence feed integration
  • Priority support & custom actor profile development
Request a License

In Development

More tools in the pipeline.

Built from the same real-world gaps. Coming when they're ready.

Coming Soon
Ember
Host-based forensic triage & artifact collection
Coming Soon
Flare
Threat intelligence aggregation & IOC correlation
Coming Soon
Ashfall
Network traffic analysis & anomaly detection
Coming Soon
Slag
Malware static analysis & reverse engineering framework

Built by operators.
For operators.

Every CINDR tool is born from real engagements and real gaps. Have a capability need, a bug to report, or want to contribute? Get in touch.

GitLab OrganizationContact Us