osquery-extension
Here are 8 public repositories matching this topic...
A tool PoC that demonstrate how to leverage Osquery interactive shell named pipe implementation to enumerate windows machines.
-
Updated
Jun 29, 2023 - Go
Linux and Windows laptop geolocation tables for osquery
-
Updated
May 3, 2025 - Go
Natural Language Interface for Osquery - Ask questions about your Mac in plain English
-
Updated
Jan 25, 2026 - Swift
An osquery extension built with osquery-python with a few tables that were converted from Go.
-
Updated
Dec 2, 2021 - Python
osquery_hunter is a lightweight, Python-based triage helper for Windows systems. It uses osquery to enumerate running processes, network sockets, and signatures — helping analysts quickly spot unsigned or suspicious binaries. Ideal for DFIR, incident response, and blue-team investigations in environments without full EDR coverage.
-
Updated
Oct 18, 2025 - Python
Raven: A suite of advanced osquery extensions for Digital Forensics and Incident Response (DFIR). Features high-performance Windows artifact parsing (Syscache, Amcache, Registry hives), LightGrep-integrated Event Log searching, fast file hashing, and cross-platform memory forensics support.
-
Updated
May 18, 2026 - C++
Improve this page
Add a description, image, and links to the osquery-extension topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the osquery-extension topic, visit your repo's landing page and select "manage topics."