ThreatTracker
ThreatTracker is an IOC tracker written in Python that periodically queries 4 Google Custom Search Engines to identify new AV definitions, malware sample submissions, malicious URLs and domains, and performs Reverse WHOIS lookup. It also monitors domain status using the Google Safe Browsing Lookup API and Google Safebrowsing Diagnosis Page. Requirements include Google APIs Client Library for Python, 1 Gmail account (to act as sender), and Google API key(s). To use the script, rules must be created in the /rules directory. Note: A sample rule (for tracking Dridex) is provided to highlight the required format. This project is still in beta, so bug reports are welcome. For questions, new data sources, or ideas, feel free to email the developer.
FEATURES
SIMILAR TOOLS
Utilize Jupyter Notebooks to enhance threat hunting capabilities by focusing on different threat categories or stages.
VirusTotal API v3 is a threat intelligence platform for scanning files, URLs, and IP addresses, and retrieving reports on threat reputation and context.
Advanced threat prevention and detection platform leveraging Deep CDR, Multiscanning, and Sandbox technologies to protect against data breaches and ransom attacks.
Globally-accessible knowledge base of adversary tactics and techniques for cybersecurity.
Tool for dataviz and statistical analysis of threat intelligence feeds, presented in cybersecurity conferences for measuring IQ of threat intelligence feeds.
Daily feed of bad IPs with blacklist hit scores for cybersecurity professionals to stay informed about malicious IP addresses.
A command-line tool that fetches known URLs from various sources to identify potential security threats and vulnerabilities.
Bearded Avenger is a cybersecurity tool with various integrations and deployment instructions available.
Tools to export data from MISP MySQL database for post-incident analysis and correlation.
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.