GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → ecstatic-nobel → Analyst Arsenal

ecstatic-nobel / Analyst Arsenal

Licence: gpl-3.0
A toolkit for Security Researchers

Programming Languages

python
139335 projects - #7 most used programming language

Labels

scannerosintinfoseccybersecuritymalware-analysisthreat-huntingthreat-intelligencewebshellcertificate-transparency

Projects that are alternatives of or similar to Analyst Arsenal

Osweep
Don't Just Search OSINT. Sweep It.
Stars: ✭ 225 (+100.89%)
Mutual labels:  osint, cybersecurity, malware-analysis, threat-hunting, threat-intelligence, certificate-transparency
Malware-Sample-Sources
Malware Sample Sources
Stars: ✭ 214 (+91.07%)
Mutual labels:  cybersecurity, infosec, threat-hunting, malware-analysis, threat-intelligence
Malware Feed
Bringing you the best of the worst files on the Internet.
Stars: ✭ 69 (-38.39%)
Mutual labels:  infosec, cybersecurity, malware-analysis, threat-hunting, threat-intelligence
pyc2bytecode
A Python Bytecode Disassembler helping reverse engineers in dissecting Python binaries by disassembling and analyzing the compiled python byte-code(.pyc) files across all python versions (including Python 3.10.*)
Stars: ✭ 70 (-37.5%)
Mutual labels:  cybersecurity, infosec, malware-analysis, threat-intelligence
Dnstwist
Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation
Stars: ✭ 3,124 (+2689.29%)
Mutual labels:  osint, scanner, threat-hunting, threat-intelligence
Stalkphish
StalkPhish - The Phishing kits stalker, harvesting phishing kits for investigations.
Stars: ✭ 256 (+128.57%)
Mutual labels:  osint, infosec, threat-hunting, threat-intelligence
Intelowl
Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scale
Stars: ✭ 2,114 (+1787.5%)
Mutual labels:  osint, malware-analysis, threat-hunting, threat-intelligence
Chatter
internet monitoring osint telegram bot for windows
Stars: ✭ 123 (+9.82%)
Mutual labels:  osint, infosec, cybersecurity, threat-intelligence
Misp
MISP (core software) - Open Source Threat Intelligence and Sharing Platform
Stars: ✭ 3,485 (+3011.61%)
Mutual labels:  cybersecurity, malware-analysis, threat-hunting, threat-intelligence
Spiderfoot
SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
Stars: ✭ 6,882 (+6044.64%)
Mutual labels:  osint, infosec, cybersecurity, threat-intelligence
Besafe
BeSafe is robust threat analyzer which help to protect your desktop environment and know what's happening around you
Stars: ✭ 21 (-81.25%)
Mutual labels:  cybersecurity, malware-analysis, threat-hunting, threat-intelligence
censys-recon-ng
recon-ng modules for Censys
Stars: ✭ 29 (-74.11%)
Mutual labels:  osint, cybersecurity, threat-hunting, threat-intelligence
AutonomousThreatSweep
Threat Hunting queries for various attacks
Stars: ✭ 70 (-37.5%)
Mutual labels:  cybersecurity, infosec, threat-hunting, threat-intelligence
Open-source-tools-for-CTI
Public Repository of Open Source Tools for Cyber Threat Intelligence Analysts and Researchers
Stars: ✭ 91 (-18.75%)
Mutual labels:  osint, cybersecurity, infosec
Malice
VirusTotal Wanna Be - Now with 100% more Hipster
Stars: ✭ 1,253 (+1018.75%)
Mutual labels:  infosec, cybersecurity, malware-analysis
Patrowlhears
PatrowlHears - Vulnerability Intelligence Center / Exploits
Stars: ✭ 89 (-20.54%)
Mutual labels:  cybersecurity, threat-hunting, threat-intelligence
Phishing catcher
Phishing catcher using Certstream
Stars: ✭ 1,232 (+1000%)
Mutual labels:  osint, threat-intelligence, certificate-transparency
OSINT-Brazuca
Repositório criado com intuito de reunir informações, fontes(websites/portais) e tricks de OSINT dentro do contexto Brasil.
Stars: ✭ 508 (+353.57%)
Mutual labels:  osint, threat-hunting, threat-intelligence
Watcher
Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.
Stars: ✭ 324 (+189.29%)
Mutual labels:  cybersecurity, threat-hunting, threat-intelligence
Buster
An advanced tool for email reconnaissance
Stars: ✭ 387 (+245.54%)
Mutual labels:  osint, infosec, cybersecurity
View All Similar Projects ➔

[Analyst Arsenal (A²)™]

A toolkit for Security Researchers

Description

With aa_adhoc, run through a list of URLs and check sites for malicious files based on predefined file extensions.

With aa_certstream, find out when a phishing kit has been staged on a domain. With this information, you can be amongst the first to:

  • Know
  • Block
  • Report
  • Analyze

aa_certstream

With aa_urlscan, easily search urlscan.io and check sites for malicious files based on predefined file extensions.

With aa_whoisds, download a list of newly registered domains from WHOIS Domain Search, score the domains, and search for signs of malicious activity.

Prerequisites

  • Ubuntu 18.04+ (should work on other Linux distros)
  • Python 2.7.14
  • DEB Packages:
    • gcc
    • Git (optional)
    • Torsocks (optional: used with flag --tor)

Setup

  1. Open a terminal and run the following command: 
    git clone https://github.com/ecstatic-nobel/Analyst-Arsenal.git  
cd Analyst-Arsenal  
bash py_pkg_update.sh

Usage

aa_adhoc
The following command will:

  • Make requests to the domains retrieved from a file
  • Download files from the site when an open directory is found hosting a file with the desired file extension

1 positional arguments needed:

  • Input File : Path to the file containing URLs

Optional arguments:

  • --directory : Download data to CAP_DIR (default: ./Captures)
  • --level : Recursion depth (default=1, infinite=0)
  • --max-redirect : Maximum redirects (default=0)
  • --quiet : Don't show wget output
  • --threads : Numbers of threads to spawn
  • --timeout : Set the connection timeout to TIMEOUT
  • --tor : Download files via the Tor network
  • --very-verbose : Show error messages
python aa_adhoc.py <INPUT_FILE> [--directory] [--level] [--max-redirect] [--quiet] [--threads] [--timeout] [--tor] [--very-verbose]

aa_certstream
The following command will:

  • Stream CT logs via Certstream
  • Score and add suspicious domains to a queue while other domains continue to be scored
  • Simultaneously make requests to the domains in the queue to search for predefined file extensions
  • Recursively download the site when an open directory is found hosting a file with a particular extension

Optional arguments:

  • --ctl-server : Certstream server URL to connect to
  • --dns-twist : Check the twisted keywords found in dns_twisted.yaml
  • --directory : Download data to CAP_DIR (default: ./Captures)
  • --level : Recursion depth (default=1, infinite=0)
  • --log-nc : File to store domains that have not been checked
  • --quiet : Don't show wget output
  • --score : Minimum score to trigger a session (Default: 75)
  • --threads : Numbers of threads to spawn
  • --timeout : Set the connection timeout to TIMEOUT
  • --tor : Download files via the Tor network
  • --verbose : Show domains being scored
  • --very-verbose : Show error messages
python aa_certstream.py [--ctl-server] [--dns-twist] [--directory] [--level] [--log-nc] [--quiet] [--score] [--threads] [--timeout] [--tor] [--verbose] [--very-verbose]

aa_urlscan
The following command will:

  • Make requests to the domains retrieved from urlscan.io
  • Recursively download the site when an open directory hosting a file with the desired file extension

3 positional arguments needed:

  • Query Type : automatic, manual, certstream, openphish, phishtank, twitter, urlhaus
  • Delta : Number of days back to search (GMT)
  • Query String : String to search (and does not include spaces)

Optional arguments:

  • --directory : Download data to CAP_DIR (default: ./Captures)
  • --level : Recursion depth (default=1, infinite=0)
  • --max-redirect : Maximum redirects (default=0)
  • --quiet : Don't show wget output
  • --threads : Numbers of threads to spawn
  • --timeout : Set the connection timeout to TIMEOUT
  • --tor : Download files via the Tor network
  • --very-verbose : Show error messages
python aa_urlscan.py <QUERY_TYPE> <DELTA> <QUERY_STRING> [--directory] [--level] [--max-redirect] [--quiet] [--threads] [--timeout] [--tor] [--very-verbose]

Note: If the path is a file, it will be automatically downloaded.

aa_whoisds

  • Download a list of newly registered domains from WHOIS Domain Search (whoisds.com)
  • Score and add suspicious domains to a queue while other domains continue to be scored
  • Simultaneously make requests to the domains in the queue to search for predefined file extensions
  • Recursively download the site when an open directory is found hosting a file with a particular extension

1 positional argument needed:

  • Delta : Number of days back to search (GMT)

Optional arguments:

  • --dns-twist : Check the twisted keywords found in dns_twisted.yaml
  • --directory : Download data to CAP_DIR (default: ./Captures)
  • --level : Recursion depth (default=1, infinite=0)
  • --log-nc : File to store domains that have not been checked
  • --quiet : Don't show wget output
  • --score : Minimum score to trigger a session (Default: 75)
  • --threads : Numbers of threads to spawn
  • --timeout : Set the connection timeout to TIMEOUT
  • --tor : Download files via the Tor network
  • --verbose : Show domains being scored
  • --very-verbose : Show error messages
python aa_whoisds.py <DELTA> [--dns-twist] [--directory] [--level] [--log-nc] [--quiet] [--score] [--threads] [--timeout] [--tor] [--verbose] [--very-verbose]

Things to know

  • Be responsible!!!
  • Output messages:
    • Complete: download complete or the site canceled it prematurely
    • Critical: a domain was found with a score above 120
    • Directory: the output directory is unavailable
    • Download: checks passed and a download was started
    • Empty: the output directory was empty and removed
    • Failed: a connection to the site couldn't be made
    • Session: checking the site for data included in external.yaml
    • Suspicious: a domain was found with a score above 90
    • Triggered: a domain was found with the minimum score specified
  • Check the queue_file.txt file to get a better understanding of how large the queue is. If it's too large, either increase the threads, raise the score, or decrease the level.
  • If the keywords in config.yaml have been modified and --dns-twist is going to be used, regenerate dns_twisted.yaml by running the following command: 
    bash dnstwist.sh PATH_TO_DNSTWIST_SCRIPT
  • Using the --dns-twist flag will default to a minimum of 20 threads
  • Downloads via Tor happen over 127.0.0.1:9050
  • These scripts will not check Torsocks settings

Please fork, create merge requests, and help make this better.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].