GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → deadbits → Mimir

deadbits / Mimir

Licence: mit
Smart OSINT collection of common IOC types

Programming Languages

python
139335 projects - #7 most used programming language

Labels

machine-learningosintdfir

Projects that are alternatives of or similar to Mimir

Python Iocextract
Defanged Indicator of Compromise (IOC) Extractor.
Stars: ✭ 300 (+376.19%)
Mutual labels:  osint, dfir
Threatpinchlookup
Documentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension
Stars: ✭ 257 (+307.94%)
Mutual labels:  osint, dfir
Pockint
A portable OSINT Swiss Army Knife for DFIR/OSINT professionals 🕵️ 🕵️ 🕵️
Stars: ✭ 196 (+211.11%)
Mutual labels:  osint, dfir
Threatingestor
Extract and aggregate threat intelligence.
Stars: ✭ 439 (+596.83%)
Mutual labels:  osint, dfir
Awesome Asset Discovery
List of Awesome Asset Discovery Resources
Stars: ✭ 1,017 (+1514.29%)
Mutual labels:  osint
Gitgot
Semi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets.
Stars: ✭ 964 (+1430.16%)
Mutual labels:  osint
Infoga
Infoga - Email OSINT
Stars: ✭ 947 (+1403.17%)
Mutual labels:  osint
Artifacts
📇 Digital Forensics Artifact Repository (forensicanalysis edition)
Stars: ✭ 21 (-66.67%)
Mutual labels:  dfir
Awesome Social Engineering
A curated list of awesome social engineering resources.
Stars: ✭ 1,110 (+1661.9%)
Mutual labels:  osint
Pentesting Bible
Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.
Stars: ✭ 8,981 (+14155.56%)
Mutual labels:  osint
Intrigue Core
Discover Your Attack Surface!
Stars: ✭ 1,013 (+1507.94%)
Mutual labels:  osint
Social Analyzer
API, CLI & Web App for analyzing & finding a person's profile across +1000 social media \ websites (Detections are updated regularly by automated systems)
Stars: ✭ 8,449 (+13311.11%)
Mutual labels:  osint
Historicprocesstree
An Incident Response tool that visualizes historic process execution evidence (based on Event ID 4688 - Process Creation Event) in a tree view.
Stars: ✭ 46 (-26.98%)
Mutual labels:  dfir
Stargather
A fast GitHub stargazers information gathering tool
Stars: ✭ 30 (-52.38%)
Mutual labels:  osint
Osint Resources
Data collected from publicly available sources to be used in an intelligence context
Stars: ✭ 51 (-19.05%)
Mutual labels:  osint
Forensic Tools
CIRCL system forensic tools or a jumble of tools to support forensic
Stars: ✭ 27 (-57.14%)
Mutual labels:  dfir
Twint Search
Explore tweets gathered with Twint with faceted search
Stars: ✭ 42 (-33.33%)
Mutual labels:  osint
Scripting
PS / Bash / Python / Other scripts For FUN!
Stars: ✭ 47 (-25.4%)
Mutual labels:  dfir
Awsomeosint
Awesome OSINT stuff
Stars: ✭ 38 (-39.68%)
Mutual labels:  osint
Malcom
Malcom - Malware Communications Analyzer
Stars: ✭ 988 (+1468.25%)
Mutual labels:  dfir
View All Similar Projects ➔

logo

  • Release
  • Version

Mimir

Smart OSINT collection of common IOC types.

Overview

This application is designed to assist security analysts and researchers with the collection and assessment of common IOC types. Accepted IOCs currently include IP addresses, domain names, URLs, and file hashes.

The title of this project is named after Mimir, a figure in Norse mythology renowned for his knowledge and wisdom. This application aims to provide you knowledge into IOCs and then some added "wisdom" by calculating risk scores per IOC, assigning a common malware family name to hash lookups based off of reports from VirusTotal and OPSWAT, and leveraging machine learning tools to determine if an IP, URL, or domain is likely to be malicious.

Base Collection

For network based IOCs, Mimir gathers basic information including:

  • Whois
  • ASN
  • Geolocation
  • Reverse DNS
  • Passive DNS

Collection Sources

Some of these sources will require an API key, and occassionally only by getting a paid account. I've tried to limit reliance on paid services as much as possible.

  • PassiveTotal
  • VirusTotal
  • DomainTools
  • OPSWAT
  • Google SafeBrowsing
  • Shodan
  • PulseDive
  • CSIRTG
  • URLscan
  • HpHosts
  • Blacklist checks
  • Spam blacklist checks

Risk Scoring

The risk scoring works best when Mimir can gather a decent amount of data points for an IOC; pDNS, well populated url/domain results (communicating samples, associated samples, recent scan data, etc.) and also takes into account the ML malicious-ness prediction result.

Machine Learning Predictions

The machine learning prediction results come from the CSIRT Gadgets projects csirtg-domainsml-py, csirtg-ipsml-py, csirtg-urlsml-py.

Output

Mimir offers results output in various options including local file reports or exporting the results to an external service.

  • stdout (console output)
    • normalizes result data, printed with headers and subheaders per module
  • JSON file
    • beautified output to local file
  • Excel
    • uses multiple sheets per IOC type
  • MISP
    • commit new indicators
  • ThreatConnect
    • commit new indicators with confidence and threat ratings (optionally assign tags, a description, and a TLP setting)
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].