bhavikmalhotra

bhavikmalhotra / ThreatPad

Public

Open-source collaborative note-taking platform for cybersecurity and CTI teams. IOC auto-extraction, STIX 2.1 export, real-time editing, RBAC, version history, and audit logging. Self-hosted with Docker.

threat-pad-web.vercel.app collaboration cti cybersecurity fastify ioc
11
0
100% credibility
Found Mar 29, 2026 at 11 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
TypeScript
AI Summary

ThreatPad is a collaborative real-time note-taking platform for cyber threat intelligence teams featuring automatic IOC extraction, STIX exports, templates, workspaces, and access controls.

How It Works

1
๐Ÿ” Discover ThreatPad

You find a helpful tool for security teams to take notes together and try the free online demo.

2
๐Ÿš€ Start your private copy

Download and launch your own secure version on your computer with a simple setup.

3
๐Ÿ‘ฅ Create your workspace

Set up a shared space for your team to organize threat reports and notes.

4
๐Ÿ“ Write your first note

Use ready-made templates to quickly document incidents or threats.

5
๐Ÿ” Spot security clues automatically

Scan your notes to instantly pull out IPs, domains, hashes, and other key details.

6
๐Ÿค Team up in real time

Invite colleagues to edit notes together live with full control over who sees what.

โœ… Export and stay organized

Share professional reports in standard formats while keeping everything safe and searchable.

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 11 to 11 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is ThreatPad?

ThreatPad is an open-source collaborative note-taking platform in TypeScript for cybersecurity and CTI teams, letting multiple users edit notes in real time like a collaborative markdown editor. It auto-extracts IOCs (IPs, domains, hashes, CVEs) from content, supports STIX 2.1 exports alongside JSON/CSV, and handles workspaces, nested folders, tags, and templates for threat reports. Self-hosted with Docker, it adds RBAC, version history with diffs, full-text search, and audit logsโ€”all keeping sensitive intel on your network.

Why is it gaining traction?

In a sea of generic collaborative open source tools, ThreatPad stands out with built-in CTI workflow: drop IOCs into notes, extract them instantly, and export to STIX 2.1 without extra plugins. Real-time editing via WebSockets feels snappy, and plugin hooks let you extend exports easily. Devs dig the Docker one-liner deploy and demo data for quick testing.

Who should use this?

CTI analysts building threat actor profiles or campaign trackers, SOC operators logging incidents with IOC dumps, and security teams needing a self-hosted collaborative wiki over GitHub alternatives. Ideal if you're tired of manual IOC hunting in shared docs or spreadsheets.

Verdict

Promising early project (11 stars, 1.0% credibility score) with strong docs, live demo, and prod-ready Dockerโ€”spin it up to evaluate. Maturity shows in features like RBAC and audits, but watch for edge cases before team rollout.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.