Threat Intel Feeds Tools
Threat intelligence data, feeds, and finished-intelligence reporting consumed by security teams.
Browse 97 threat intel feeds tools
FEATURED
USE CASES
A publicly available dataset of security incidents designed to support cybersecurity research and threat analysis.
Repository containing IoCs related to Volexity's threat intelligence blog posts and tools.
Aggregator of FireHOL IP lists with HTTP-based API service and Python client package.
Public access to Indicators of Compromise (IoCs) and other data for readers of Security Scorecard's technical blog posts and reports.
Gathers Threat Intelligence Feeds from publicly available sources and provides detailed output in CSV format.
Repository containing MITRE ATT&CK and CAPEC threat intelligence datasets formatted in STIX 2.0 standard for cybersecurity analysis and threat intelligence sharing.
A collection of disposable and temporary email address domains used for spamming or abusing services.
CyberOwl aggregates and summarizes daily security advisories from multiple CERT organizations and threat intelligence sources into consolidated reports.
A daily collection of IOCs from various sources, including articles and tweets.
A collection of APT and cybercriminals campaigns with various resources and references.
AbuseIPDB offers tools and APIs to report and check abusive IPs, enhancing network security.
Daily feed of bad IPs with blacklist hit scores for cybersecurity professionals to stay informed about malicious IP addresses.
A database of Tor exit nodes with their corresponding IP addresses and timestamps.
The Cybersecurity and Infrastructure Security Agency (CISA) is a government agency that provides alerts, advisories, and resources to help protect the United States' critical infrastructure from cyber threats.
A comprehensive list of APT groups and operations for tracking and mapping different names and naming schemes used by cybersecurity companies and antivirus vendors.
Dataplane.org is a nonprofit organization providing free data, tools, and analysis to increase awareness of Internet trends, anomalies, threats, and misconfigurations.
OpenPhish provides real-time phishing trends, detecting new phishing URLs and targeting various brands.
Maldatabase is a threat intelligence platform providing malware datasets and threat intelligence feeds for malware data science and threat intelligence.
A project sharing malicious URLs used for malware distribution to help protect networks.
FraudGuard is a service that provides real-time internet traffic analysis and IP tracking to help validate usage and prevent fraud.
A project that detects malicious SSL connections by identifying and blacklisting SSL certificates used by botnet C&C servers and identifying JA3 fingerprints to detect and block malware botnet C&C communication.
WiGLE.net is a platform that collects and provides data on WiFi networks and cell towers, with over 1.3 billion networks collected.
