Open-Source Threat Intelligence

Threat intelligence
for the rest of us

A lightweight, self-hosted platform that aggregates threat feeds, filters by your stack, and surfaces what actually matters — without the six-figure price tag.

View on GitHub →

Threat intel shouldn't require
a six-figure budget

Small teams are stuck choosing between enterprise platforms they can't afford, open-source tools they can't staff, or spreadsheets that don't scale.

$100K+

per year for commercial CTI

Recorded Future, Mandiant, Intel471

Days

to set up MISP or OpenCTI

Requires dedicated analyst staff

1000s

of unfiltered alerts

No relevance to your actual stack

Everything you need, nothing you don't

Purpose-built for small teams who need actionable intelligence, not another platform to babysit.

📡

Feed Aggregation

CISA KEV, AlienVault OTX, Abuse.ch, NVD, and EPSS — normalized and unified in a single dashboard.

🎯

Tech-Stack Filtering

Declare what you run. OpFor surfaces only the threats, CVEs, and IOCs relevant to your infrastructure.

Vulnerability Prioritization

EPSS scores, CISA KEV status, and exploit availability — not just CVSS. Fix what matters first.

coming soon
🗺️

ATT&CK Mapping

Map threat activity to MITRE ATT&CK techniques. Identify detection gaps in your coverage.

Up and running in 30 minutes

One docker compose up and you're in business.

01

Define your stack

Tell OpFor what you run — operating systems, services, frameworks, cloud providers. Takes 2 minutes.

02

Connect feeds

Out-of-the-box integrations with CISA KEV, OTX, Abuse.ch, NVD, and EPSS. Toggle on what you need.

03

Get actionable intel

Filtered, prioritized threat data relevant to your environment. IOCs to block, CVEs to patch, TTPs to watch.

100% Open Source

Built for practitioners, by practitioners

OpFor is free, self-hosted, and community-driven. No vendor lock-in, no telemetry, no surprise pricing. Your data stays yours.

Star on GitHubJoin the Community

The Team

The humans behind the platform.

Nisanth

Nisanth

Founder & Lead Developer

Offensive security practitioner and security engineer. Building the threat intel platform he wished existed.

Fueled by CVEs and cold brew

GitHub