All Projects → intelowlproject → Intelowl

intelowlproject / Intelowl

Licence: agpl-3.0
Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scale

Programming Languages

python
139335 projects - #7 most used programming language
Dockerfile
14818 projects
shell
77523 projects

Projects that are alternatives of or similar to Intelowl

YAFRA
YAFRA is a semi-automated framework for analyzing and representing reports about IT Security incidents.
Stars: ✭ 22 (-98.96%)
Mutual labels:  ioc, incident-response, threat-hunting, threatintel, threat-intelligence, cyber-threat-intelligence
Threatingestor
Extract and aggregate threat intelligence.
Stars: ✭ 439 (-79.23%)
Mutual labels:  osint, security-tools, threat-hunting, threat-intelligence, threatintel, ioc
Patrowlengines
PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform
Stars: ✭ 162 (-92.34%)
Mutual labels:  incident-response, security-tools, threat-hunting, threat-intelligence, ioc
Patrowlmanager
PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform
Stars: ✭ 363 (-82.83%)
Mutual labels:  incident-response, security-tools, threat-hunting, threat-intelligence, ioc
Patrowldocs
PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform
Stars: ✭ 105 (-95.03%)
Mutual labels:  incident-response, security-tools, threat-hunting, threat-intelligence, ioc
Cortex Analyzers
Cortex Analyzers Repository
Stars: ✭ 246 (-88.36%)
Mutual labels:  observable, free-software, incident-response, ioc
censys-recon-ng
recon-ng modules for Censys
Stars: ✭ 29 (-98.63%)
Mutual labels:  osint, threat-hunting, threatintel, threat-intelligence
Spiderfoot
SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
Stars: ✭ 6,882 (+225.54%)
Mutual labels:  osint, threatintel, security-tools, threat-intelligence
OSINT-Brazuca
Repositório criado com intuito de reunir informações, fontes(websites/portais) e tricks de OSINT dentro do contexto Brasil.
Stars: ✭ 508 (-75.97%)
Mutual labels:  osint, threat-hunting, threatintel, threat-intelligence
Analyst Arsenal
A toolkit for Security Researchers
Stars: ✭ 112 (-94.7%)
Mutual labels:  osint, malware-analysis, threat-hunting, threat-intelligence
Python Iocextract
Defanged Indicator of Compromise (IOC) Extractor.
Stars: ✭ 300 (-85.81%)
Mutual labels:  osint, threat-intelligence, threatintel, ioc
Osweep
Don't Just Search OSINT. Sweep It.
Stars: ✭ 225 (-89.36%)
Mutual labels:  osint, malware-analysis, threat-hunting, threat-intelligence
Opensquat
Detection of phishing domains and domain squatting. Supports permutations such as homograph attack, typosquatting and bitsquatting.
Stars: ✭ 149 (-92.95%)
Mutual labels:  osint, security-tools, threat-hunting, threat-intelligence
Threatpinchlookup
Documentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension
Stars: ✭ 257 (-87.84%)
Mutual labels:  osint, incident-response, threat-hunting, threatintel
Ioc Explorer
Explore Indicators of Compromise Automatically
Stars: ✭ 73 (-96.55%)
Mutual labels:  incident-response, security-tools, threat-hunting, threat-intelligence
Stalkphish
StalkPhish - The Phishing kits stalker, harvesting phishing kits for investigations.
Stars: ✭ 256 (-87.89%)
Mutual labels:  osint, threat-hunting, threat-intelligence, threatintel
Misp
MISP (core software) - Open Source Threat Intelligence and Sharing Platform
Stars: ✭ 3,485 (+64.85%)
Mutual labels:  malware-analysis, threat-hunting, threat-intelligence, threatintel
Malware Feed
Bringing you the best of the worst files on the Internet.
Stars: ✭ 69 (-96.74%)
Mutual labels:  malware-analysis, threat-hunting, threat-intelligence, threatintel
Harpoon
CLI tool for open source and threat intelligence
Stars: ✭ 679 (-67.88%)
Mutual labels:  osint, threat-intelligence, threatintel
Cortex
Cortex: a Powerful Observable Analysis and Active Response Engine
Stars: ✭ 676 (-68.02%)
Mutual labels:  observable, free-software, incident-response

Intel Owl

GitHub release (latest by date) GitHub Repo stars Docker Twitter Follow Official Site

Language grade: Python CodeFactor Code style: black Imports: isort Build & Tests codecov

Intel Owl

Do you want to get threat intelligence data about a malware, an IP or a domain? Do you want to get this kind of data from multiple sources at the same time using a single API request?

You are in the right place!

Intel Owl is an Open Source Intelligence, or OSINT solution to get threat intelligence data about a specific file, an IP or a domain from a single API at scale. It integrates a number of analyzers available online and a lot of cutting-edge malware analysis tools. It is for everyone who needs a single point to query for info about a specific file or observable.

Features

  • Provides enrichment of threat intel for malware as well as observables (IP, Domain, URL and hash).
  • This application is built to scale out and to speed up the retrieval of threat info.
  • It can be integrated easily in your stack of security tools (pyintelowl) to automate common jobs usually performed, for instance, by SOC analysts manually.
  • Intel Owl is composed of:
    • analyzers that can be run to retrieve data from external sources (like VirusTotal or AbuseIPDB) or to generate intel from internal analyzers (like Yara or Oletools)
    • connectors that can be run to export data to external platforms
  • API written in Django and Python 3.9.
  • Inbuilt frontend client: IntelOwl-ng provides features such as dashboard, visualizations of analysis data, easy to use forms for requesting new analysis, etc. Live Demo.

Documentation Documentation Status

Documentation about IntelOwl installation, usage, configuration and contribution can be found at https://intelowl.readthedocs.io/.

Blog posts

To know more about the project and it's growth over time, you may be interested in reading the following:

Available services or analyzers

You can see the full list of all available analyzers in the documentation or live demo.

Type Analyzers Available
Inbuilt modules - Static Document, RTF, PDF, PE, Generic File Analysis
- Strings analysis with ML
- PE Emulation with Speakeasy
- PE Signature verification
- PE Capabilities Extraction
- Emulated Javascript Analysis
- Android Malware Analysis
- SPF and DMARC Validator
- more...
External services - Dragonfly malware sandbox
- GreyNoise v2
- Intezer
- VirusTotal v2+v3
- HybridAnalysis
- URLscan
- Shodan
- AlienVault OTX
- Intelligence_X
- Abuse.ch MalwareBazaar/Threatfox
- many more..
Free modules that require additional configuration - Cuckoo (requires at least one working Cuckoo instance)
- MISP (requires at least one working MISP instance)
- Yara (a lot of public rules area available. There's also the chance to add your own rules)

Partnerships and sponsors

We have an official sponsorship program for companies, organizations and individuals who support IntelOwl development. For more details on how to join the list below, read the page: Partnership and sponsors.

🥇 GOLD

Certego

Certego Logo

Certego is a MSSP and Threat Intelligence Provider based in Italy.

IntelOwl was born out of Certego's Threat intelligence R&D division and is constantly maintained and updated thanks to them.

Dragonfly, an automated sandbox to emulate and analyze malware, is a new public service by Certego developed by the same team behind IntelOwl. It is now available as the Dragonfly_Emulation analyzer in IntelOwl. Sign up on Dragonfly today for free access!

The Honeynet Project

Honeynet.org logo

The Honeynet Project is a non-profit organization working on creating open source cyber security tools and sharing knowledge about cyber threats.

Since its birth, thanks to this organization, this project has been participating in the Google Summer of Code (GSoC)!

Project Summaries and/or in-development projects:

If you are interested in being the next GSoC student for IntelOwl, join the Honeynet Slack chat for more info.

🥉 BRONZE

Tines

Tines logo

Tines is no-code automation for security teams. Build powerful, reliable workflows without a development team.

IntelOwl is officially integrated in Tines. Read everything about this partnership in the Tines' blog

Docker

Docker logo

In 2021 IntelOwl joined the official Docker Open Source Program. This allows IntelOwl developers to easily manage Docker images and focus on writing the code.

🤝 IRON

If you are an individual who likes this project and want to thank us with a little contribution, we would be happy to list you here in the README as a public acknowledgment.

About the author and maintainers

Feel free to contact the main developers at any time on twitter:

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].