GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → RandomRhythm → Vendor-Threat-Triage-Lookup

RandomRhythm / Vendor-Threat-Triage-Lookup

Licence: other
Lookup file hashes, domain names and IP addresses using various vendors to assist with triaging potential threats.

Programming Languages

VBScript
123 projects

Labels

apiintelligencequeryshodangeoipthreat-huntingmalware-researchhashesdomain-namethreatgridsinkholerblwhois-lookupthreatsvirustotalotxip-address-lookupdblemergingseclytics

Projects that are alternatives of or similar to Vendor-Threat-Triage-Lookup

Rpot
Real-time Packet Observation Tool
Stars: ✭ 38 (+123.53%)
Mutual labels:  intelligence, threat-hunting, malware-research
Virustotalapi
VirusTotal Full api
Stars: ✭ 230 (+1252.94%)
Mutual labels:  intelligence, malware-research, virustotal
Threatpinchlookup
Documentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension
Stars: ✭ 257 (+1411.76%)
Mutual labels:  shodan, threat-hunting, virustotal
Malware Feed
Bringing you the best of the worst files on the Internet.
Stars: ✭ 69 (+305.88%)
Mutual labels:  threat-hunting, malware-research, virustotal
YAFRA
YAFRA is a semi-automated framework for analyzing and representing reports about IT Security incidents.
Stars: ✭ 22 (+29.41%)
Mutual labels:  intelligence, threat-hunting, malware-research
Echoip
IP address lookup service
Stars: ✭ 3,274 (+19158.82%)
Mutual labels:  geoip, ip-address-lookup
Urlextractor
Information gathering & website reconnaissance | https://phishstats.info/
Stars: ✭ 341 (+1905.88%)
Mutual labels:  shodan, virustotal
Mihari
A helper to run OSINT queries & manage results continuously
Stars: ✭ 239 (+1305.88%)
Mutual labels:  shodan, threat-hunting
Threatingestor
Extract and aggregate threat intelligence.
Stars: ✭ 439 (+2482.35%)
Mutual labels:  threat-hunting, malware-research
Misp
MISP (core software) - Open Source Threat Intelligence and Sharing Platform
Stars: ✭ 3,485 (+20400%)
Mutual labels:  intelligence, threat-hunting
Shodansploit
🔎 shodansploit > v1.3.0
Stars: ✭ 342 (+1911.76%)
Mutual labels:  intelligence, shodan
Threat Hunting
Personal compilation of APT malware from whitepaper releases, documents and own research
Stars: ✭ 219 (+1188.24%)
Mutual labels:  threat-hunting, malware-research
Awesome Yara
A curated list of awesome YARA rules, tools, and people.
Stars: ✭ 1,394 (+8100%)
Mutual labels:  threat-hunting, malware-research
Xray
XRay is a tool for recon, mapping and OSINT gathering from public networks.
Stars: ✭ 1,666 (+9700%)
Mutual labels:  intelligence, shodan
pyeti
Python bindings for Yeti's API
Stars: ✭ 15 (-11.76%)
Mutual labels:  intelligence, threat-hunting
Owlyshield
Owlyshield is an EDR framework designed to safeguard vulnerable applications from potential exploitation (C&C, exfiltration and impact))..
Stars: ✭ 281 (+1552.94%)
Mutual labels:  threat-hunting, malware-research
Freki
🐺 Malware analysis platform
Stars: ✭ 285 (+1576.47%)
Mutual labels:  malware-research, virustotal
Malice
VirusTotal Wanna Be - Now with 100% more Hipster
Stars: ✭ 1,253 (+7270.59%)
Mutual labels:  malware-research, virustotal
Yeti
Your Everyday Threat Intelligence
Stars: ✭ 1,037 (+6000%)
Mutual labels:  intelligence, threat-hunting
Recon-X
Advanced Reconnaissance tool to enumerate attacking surface of the target.
Stars: ✭ 27 (+58.82%)
Mutual labels:  geoip, whois-lookup
View All Similar Projects ➔

Vendor Threat Triage Lookup (VTTL)

VTTL utilizes various vendors to lookup intelligence for threat triage.

VTTL Domain/IP Address mode

VTTL Performs lookups for file hashes, IP addresses and domain names. Results are output to a CSV file. Supported vendor lookups include the following:

  • VirusTotal
  • AlienVault OTX
  • ThreatGRID
  • Emerging Threats ET Intelligence
  • Malshare
  • Carbon Black EDR/Hosted EDR (formally Cb Response)
  • Carbon Black Enterprise EDR (formally ThreatHunter)
  • ThreatGRID
  • ThreatCrowd
  • ThreatIntelligenceAggregator (TIA)
  • RiskIQ
  • Collective Intelligence Framework (CIF)
  • Shodan InternetDB
  • SecLytics
  • Pulsedive
  • Quad9
  • ZEN RBL
  • cbl.abuseat.org
  • Zen DBL
  • SURBL
  • SORBS
  • Barracuda

Additional checks:

  • Over 40 preconfigured threat intel feeds
  • Reverse DNS
  • Reverse IP (lookup to document sample of associated domains)
  • Whois (often provided via APIs already listed)
    • ARIN Web API
    • RIPE Web API
    • Sysinternals Whois (external command line tool)
    • NirSoft WhosIP (external command line tool)
  • Website category (from web proxy vendors)
  • Dynamic DNS
  • Tranco List
    • Requires SQLite database (included in default.db)
  • Geolocation (often provided via APIs already listed)
  • Registration date of domains
  • Sinkhole checks

Combine hash lookups with tool output from:

  • Sysinternals Sigcheck
  • Sysinternals Autorunsc
  • Cisco AMP for Networks
  • EnCase
  • CrowdStrike Falcon
  • Rhythm-CB-Scripts Hash Dump (Cb Response scripts)

Additional features:

  • Attempts to find the common name and type from VirusTotal detections
  • Scores antimalware detections into categories
    • Malware Score
    • Generic Score
    • PUA Score
    • Hacker Tool Score
    • Adjusted Malicious Score
  • Cache results to SQLite and files on disk
  • Whitelist known hashes
  • Blacklist known hashes
  • Track digital signatures (signatures can be provided via combine input or the VirusTotal API)
  • Track file path/vendor combination (file paths and vendor/company provided via combine input)
  • Exclude domain/subdomain/IP lookups
  • Detection name watchlist
  • URL watchlist (supports regex)
  • Keyword watchlist
  • IP/Domain watchlist

Tests:

  • dbltest.com - spamhaus.org DBL
  • test.surbl.org
  • 127.0.0.2 - SORBS, CBL abuseat, Barrucda, Spamhaus, ZEN RBL

Check out the wiki for more information.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].