GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → opensourcesec → Forager

opensourcesec / Forager

Licence: mit
Multithreaded threat Intelligence gathering built with Python3

Programming Languages

python
139335 projects - #7 most used programming language

Labels

threatintel

Projects that are alternatives of or similar to Forager

Cowrie
Cowrie SSH/Telnet Honeypot https://cowrie.readthedocs.io
Stars: ✭ 3,810 (+2621.43%)
Mutual labels:  threatintel
Yeti
Your Everyday Threat Intelligence
Stars: ✭ 1,037 (+640.71%)
Mutual labels:  threatintel
Patrowlhears
PatrowlHears - Vulnerability Intelligence Center / Exploits
Stars: ✭ 89 (-36.43%)
Mutual labels:  threatintel
Powerful Plugins
Powerful plugins and add-ons for hackers
Stars: ✭ 621 (+343.57%)
Mutual labels:  threatintel
Sysmontools
Utilities for Sysmon
Stars: ✭ 903 (+545%)
Mutual labels:  threatintel
Cabby
TAXII client implementation from EclecticIQ
Stars: ✭ 69 (-50.71%)
Mutual labels:  threatintel
Python Iocextract
Defanged Indicator of Compromise (IOC) Extractor.
Stars: ✭ 300 (+114.29%)
Mutual labels:  threatintel
Graylog Plugin Threatintel
Graylog Processing Pipeline functions to enrich log messages with IoC information from threat intelligence databases
Stars: ✭ 132 (-5.71%)
Mutual labels:  threatintel
Otx misp
Imports Alienvault OTX pulses to a MISP instance
Stars: ✭ 45 (-67.86%)
Mutual labels:  threatintel
Phishing catcher
Phishing catcher using Certstream
Stars: ✭ 1,232 (+780%)
Mutual labels:  threatintel
Spiderfoot
SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
Stars: ✭ 6,882 (+4815.71%)
Mutual labels:  threatintel
Vfeed
The Correlated CVE Vulnerability And Threat Intelligence Database API
Stars: ✭ 826 (+490%)
Mutual labels:  threatintel
Malware Feed
Bringing you the best of the worst files on the Internet.
Stars: ✭ 69 (-50.71%)
Mutual labels:  threatintel
Threatingestor
Extract and aggregate threat intelligence.
Stars: ✭ 439 (+213.57%)
Mutual labels:  threatintel
Opentaxii
TAXII server implementation in Python from EclecticIQ
Stars: ✭ 112 (-20%)
Mutual labels:  threatintel
Misp
MISP (core software) - Open Source Threat Intelligence and Sharing Platform
Stars: ✭ 3,485 (+2389.29%)
Mutual labels:  threatintel
Vulnerability Data Archive
With the hope that someone finds the data useful, we periodically publish an archive of almost all of the non-sensitive vulnerability information in our vulnerability reports database. See also https://github.com/CERTCC/Vulnerability-Data-Archive-Tools
Stars: ✭ 63 (-55%)
Mutual labels:  threatintel
Threatbus
🚌 The missing link to connect open-source threat intelligence tools.
Stars: ✭ 139 (-0.71%)
Mutual labels:  threatintel
Chatter
internet monitoring osint telegram bot for windows
Stars: ✭ 123 (-12.14%)
Mutual labels:  threatintel
Awesome Cybersecurity
Curated list of awesome cybersecurity companies and solutions.
Stars: ✭ 77 (-45%)
Mutual labels:  threatintel
View All Similar Projects ➔

Forager alt tag

Build Status

Summary

Do you ever wonder if there is an easier way to retrieve, store, and maintain all your threat intelligence data? Random user, meet Forager. Not all threat intel implementations require a database that is "correlating trillions of data points.." and instead, you just need a simple interface, with simple TXT files, that can pull threat data from other feeds, PDF threat reports, or other data sources, with minimal effort. With 15 pre-configured threat feeds, you can get started with threat intelligence feed management today.. Right now.. Do it!

Features At A Glance
  • Fetch intel from URL's using modular feed functions
  • Extract domain, md5, sha1, sha256, IPv4, and YARA indicators
  • Search through the current intel set by single IP or with an IOC file
  • Generate JSON feeds for consumption by CarbonBlack
  • Serves up a Simple HTTP JSON feed server for CarbonBlack

Requirements:

Requires Python 3!

  • argparse
  • xlrd
  • pdfminer3k
  • colorama (for pretty colored output)

You can install all requirements with the included requirements.txt file

pip3 install -r requirements.txt

Feeds --feeds

  • list -- Lists all feeds and allows user to choose a single feed to update.
  • update -- Updates all feed modules listed in Forager

Hunting --hunt

  • -f [file path] Provides the capability to search through the intel directory results for a specific list of indicators
  • -s [IPv4 address] Searches through intel directory for a single IP address

Extraction --extract

  • Reads in a file and extracts IP addresss, domains, MD5/SHA1/SHA256 hashes, and YARA rules
  • Places the extracted indicators into the intel directory
  • Currently supported filetypes:
    • TXT
    • PDF
    • XLS/XLSX

Note:

  • Prone to false positives when extracting indicators from PDF as whitepapers with indicators will normally also contain URL references

CarbonBlack Feed Generator --cbgen

  • Generates JSON feeds of all of the IOCs in the intel dir
  • Utilizes an interactive CLI prompt to allow the user to provide feed metadata the first time CBgen is run

CarbonBlack Feed Server --srv

  • Runs the built-in feed server so that the CarbonBlack server can automatically ingest the JSON feeds that were generated by the CBgen command
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].