GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → ninoseki → iocingestor

ninoseki / iocingestor

Licence: GPL-2.0 License
An extendable tool to extract and aggregate IoCs from threat feeds

Programming Languages

python
139335 projects - #7 most used programming language
HTML
75241 projects

Labels

osintmispthreatintel

Projects that are alternatives of or similar to iocingestor

Chatter
internet monitoring osint telegram bot for windows
Stars: ✭ 123 (+392%)
Mutual labels:  osint, threatintel
misp-osint-collection
Collection of best practices to add OSINT into MISP and/or MISP communities
Stars: ✭ 54 (+116%)
Mutual labels:  osint, misp
Intelowl
Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scale
Stars: ✭ 2,114 (+8356%)
Mutual labels:  osint, threatintel
Spiderfoot
SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
Stars: ✭ 6,882 (+27428%)
Mutual labels:  osint, threatintel
Mimir
OSINT Threat Intel Interface - CLI for HoneyDB
Stars: ✭ 104 (+316%)
Mutual labels:  osint, threatintel
Harpoon
CLI tool for open source and threat intelligence
Stars: ✭ 679 (+2616%)
Mutual labels:  osint, threatintel
Misp Training
MISP trainings, threat intel and information sharing training materials with source code
Stars: ✭ 185 (+640%)
Mutual labels:  osint, threatintel
Threatpinchlookup
Documentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension
Stars: ✭ 257 (+928%)
Mutual labels:  osint, threatintel
Argos
This script will automatically set up an OSINT workstation starting from a Ubuntu OS.
Stars: ✭ 73 (+192%)
Mutual labels:  osint, threatintel
censys-recon-ng
recon-ng modules for Censys
Stars: ✭ 29 (+16%)
Mutual labels:  osint, threatintel
Powerful Plugins
Powerful plugins and add-ons for hackers
Stars: ✭ 621 (+2384%)
Mutual labels:  osint, threatintel
OSINT-Brazuca
Repositório criado com intuito de reunir informações, fontes(websites/portais) e tricks de OSINT dentro do contexto Brasil.
Stars: ✭ 508 (+1932%)
Mutual labels:  osint, threatintel
Threatingestor
Extract and aggregate threat intelligence.
Stars: ✭ 439 (+1656%)
Mutual labels:  osint, threatintel
Phishing catcher
Phishing catcher using Certstream
Stars: ✭ 1,232 (+4828%)
Mutual labels:  osint, threatintel
Python Iocextract
Defanged Indicator of Compromise (IOC) Extractor.
Stars: ✭ 300 (+1100%)
Mutual labels:  osint, threatintel
Intrec Pack
Intelligence and Reconnaissance Package/Bundle installer.
Stars: ✭ 177 (+608%)
Mutual labels:  osint, threatintel
Open-source-tools-for-CTI
Public Repository of Open Source Tools for Cyber Threat Intelligence Analysts and Researchers
Stars: ✭ 91 (+264%)
Mutual labels:  osint, threatintel
Stalkphish
StalkPhish - The Phishing kits stalker, harvesting phishing kits for investigations.
Stars: ✭ 256 (+924%)
Mutual labels:  osint, threatintel
mail to misp
Connect your mail client/infrastructure to MISP in order to create events based on the information contained within mails.
Stars: ✭ 61 (+144%)
Mutual labels:  misp, threatintel
YAFRA
YAFRA is a semi-automated framework for analyzing and representing reports about IT Security incidents.
Stars: ✭ 22 (-12%)
Mutual labels:  misp, threatintel
View All Similar Projects ➔

iocingestor

PyPI version Python CI Coverage Status CodeFactor

An extendable tool to extract and aggregate IoCs from threat feeds.

This tool is a forked version of InQuest's ThreatIngestor focuses on MISP integration.

Key differences

  • Better MISP integration.
    • Working with the latest version of MISP.
    • Smart event management based on reference_link.
  • MISP warninglist compatible whitelisting.
  • Using ioc-finder instead of iocextract for IoC extraction.
    • YARA rule extraction is dropped.

Installation

iocingestor requires Python 3.6+.

Install iocingestor from PyPI:

pip install iocingestor

Usage

Create a new config.yml file, and configure each source and operator module you want to use. (See config.example.yml as a reference.)

iocingestor config.yml

By default, it will run forever, polling each configured source every 15 minutes.

Plugins

iocingestor uses a plugin architecture with "source" (input) and "operator" (output) plugins. The currently supported integrations are:

Sources

  • GitHub repository search
  • RSS feeds
  • Twitter
  • Generic web pages

Operators

  • CSV files
  • MISP
  • SQLite database
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].