SecurityTrails
SecurityTrails API provides access to a vast repository of historical DNS lookups, WHOIS records, hostnames, and domains for cyber forensics and investigations.
Jager is a tool for pulling useful IOCs (indicators of compromise) out of various input sources (PDFs for now, plain text really soon, webpages eventually) and putting them into an easy to manipulate JSON format. Short Comings: - Doesn't do OCR, so CrowdStrike's 'Images only' PDFs don't work well. - Text analysis feature is planned for OCR by hand. - Regex's need improvement for better performance. - Some manual work needed for group names or attribution. Use: To analyze a PDF: python jager.py -i foo.pdf -o bar.json To analyze a directory of PDFs: python jager.py -d ~/foo -o ~/bar Features for the Future: - New Analysis Modes - Webpages - Plain Text - New Indicator Types: URLs, File Paths, Registry Keys - More Useful Output
SecurityTrails API provides access to a vast repository of historical DNS lookups, WHOIS records, hostnames, and domains for cyber forensics and investigations.
A platform providing an activity feed on exploited vulnerabilities.
A set of rules for detecting threats in various formats, including Snort, Yara, ClamAV, and HXIOC.
Parse IOCs from text
IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol, with a focus on incident handling automation and threat intelligence processing.
Create deceptive webpages to deceive and redirect attackers away from real websites by cloning them.