It’s 4:55 PM. You’re done for the day. Then — *ping* — “Possible compromise.”
Meet **FivePM**: the open-source DFIR triage tool that turns chaos into clarity before you leave the office.
– **Scans** files or folders for 100+ IOCs (IPs, URLs, hashes, Mimikatz, Cobalt Strike, etc.)
– **Enriches** IPs with ASN + GeoIP (auto-downloads GeoLite2)
– **Maps** attacker locations on an interactive Plotly world map
– **Delivers** results in a Streamlit dashboard — no setup, no cloud.
100% local. Zero telemetry. Built for blue team speed.
https://github.com/dfirvault/FivePM
Drop your logs, hit *Scan*, and see threats visualized in seconds.
Fork it. Use it. Save your evening.
