Jager Logo

Jager

0
Free
Visit Website

Jager is a tool for pulling useful IOCs (indicators of compromise) out of various input sources (PDFs for now, plain text really soon, webpages eventually) and putting them into an easy to manipulate JSON format. Short Comings: - Doesn't do OCR, so CrowdStrike's 'Images only' PDFs don't work well. - Text analysis feature is planned for OCR by hand. - Regex's need improvement for better performance. - Some manual work needed for group names or attribution. Use: To analyze a PDF: python jager.py -i foo.pdf -o bar.json To analyze a directory of PDFs: python jager.py -d ~/foo -o ~/bar Features for the Future: - New Analysis Modes - Webpages - Plain Text - New Indicator Types: URLs, File Paths, Registry Keys - More Useful Output

FEATURES

ALTERNATIVES

Repository containing IoCs related to Volexity's threat intelligence blog posts and tools.

C# wrapper around Yara pattern matching library with Loki and Yara signature support.

A free threat intelligence feed and banlist feed of known malicious IP addresses for public use only.

VirusTotal API v3 is a threat intelligence platform for scanning files, URLs, and IP addresses, and retrieving reports on threat reputation and context.

A StalkPhish Project YARA repository for Phishing Kits zip files.

A minimalistic Java library for representing threat model data in a normalized way and automating threat intelligence extraction.

Check the reputation of an IP address to identify potential threats.

Threat intelligence platform providing real-time threat data and insights.