The GOSINT framework is a project used for collecting, processing, and exporting high quality indicators of compromise (IOCs). GOSINT allows a security analyst to collect and standardize structured and unstructured threat intelligence. Applying threat intelligence to security operations enriches alert data with additional confidence, context, and co-occurrence. This means that you apply research from third parties to security event data to identify similar, or identical, indicators of malicious behavior. The framework is written in Go with a JavaScript frontend. Installation: Please find the installation procedure at http://gosint.readthedocs.io/en/latest/installation.html. There are three ways to get up and running: Bash install script, Docker, Manual installation. Updates: Updating is simple and encouraged as bugs are reported and fixed or new features are added. To update your instance of GOSINT, pull the latest version of GOSINT from the repository and re-run the build command to compile the updated binary: godep go build -o gosint. Configuration: GOSINT needs some quick initial configuration to start making use of it.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
A community-driven public malware repository providing access to malware samples, tools, and resources for the cybersecurity community.
A collection of companies that disclose adversary TTPs after being breached, useful for analysis of intrusions.
A project sharing malicious URLs used for malware distribution to help protect networks.
ThreatMiner is a threat intelligence portal that aggregates data from various sources and provides contextual information related to indicators of compromise (IOCs).
A project that detects malicious SSL connections by identifying and blacklisting SSL certificates used by botnet C&C servers and identifying JA3 fingerprints to detect and block malware botnet C&C communication.
CRITs is an open source malware and threat repository for collaborative threat defense and analysis.
In-depth threat intelligence reports and services providing insights into real-world intrusions, malware analysis, and threat briefs.
The Trystero Project is a threat intelligence platform that measures email security efficacy and provides various tools and resources, while VMware Carbon Black offers endpoint protection and workload security solutions.
VirusTotal API v3 is a threat intelligence platform for scanning files, URLs, and IP addresses, and retrieving reports on threat reputation and context.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.