Intel Owl: Analyze files, domains, IP in many ways

The Intel Owl consists of outsiders analysts  that can perform operations to retrieve data from external sources (such as VirusTotal or AbuseIPDB) or to generate information from internal analysts (such as Yara or Oletools)

This solution is for anyone who needs a single program to request information about a specific file or something noteworthy (domain, IP, URL, hash).

Main characteristics:

• Full Django-python application
• Easily and fully customizable, both the API and its parsers
• Clone the project, adjust the configuration and you are ready to run it

Free indoor modules are available

• Static Document Analysis
• Static RTF Analysis
• Static PDF analysis
• Static PE Analysis
• Analysis of static general files
• PE signature verification

Free modules that require additional configuration

• Cuckoo (requires at least one Cuckoo presence to work)
• MISP (requires at least one working MISP presence)
• Yara (Neo23x0 and Intezer are already available. There is an opportunity to add your own rules)

Available external services

required api key or test api

• GreyNoise v2

required API key for paid or free

• VirusTotal v2 + v3
• Hybrid analysis
• Intezer
• Farsight DNSDB
• io - Hunting via email
• BRIDE
• io
• SecurityTrails

free api key required

• GoogleSafeBrowsing
• IPDB abuse
• Shodan
• HoneyDB
• AlienVault OTX
• MaxMind
• Auth0

required access request

• CIRCL PassiveDNS + PassiveSSL

without api key

• Fortiguard URL Analyzer
• GreyNoise Alpha API v1
• Talos Reputation
• Project Tor
• Robtex
• Threatminer
• ch MalwareBazaar
• ch URLhaus
• Active DNS

Application snapshots

Information on installing and using the program, you will find here.