The Intel Owl consists of external analysts that can perform operations to retrieve data from external sources (such as VirusTotal or AbuseIPDB) or to generate information from internal analysts (such as Yara or Oletools)
This solution is for everyone who needs a single program to request information about a specific file or something noteworthy (domain, IP, URL, hash).
Main characteristics:
- Full Django-python application
- Easily and fully customizable, both the API and its parsers
- Clone the project, configure the configuration and you are ready to run it
Free indoor modules are available
- Static Document Analysis
- Static RTF Analysis
- Static PDF analysis
- Static Analysis PE
- Analysis of static general files
- PE signature verification
Free modules that require additional configuration
- Cuckoo (requires at least one Cuckoo presence to work)
- MISP (requires at least one working MISP presence)
- Yara (Neo23x0 and Intezer are already available. There is an opportunity to add your own rules)
External services available
required api key or test api
- GreyNoise v2
required API key for paid or free
- VirusTotal v2 + v3
- Hybrid analysis
- Intezer
- Farsight DNSDB
- io - Hunting via email
- BRIDE
- io
- SecurityTrails
free api key required
- GoogleSafeBrowsing
- IPDB abuse
- Shodan
- HoneyDB
- AlienVault OTX
- MaxMind
- Auth0
required access request
- CIRCL PassiveDNS + PassiveSSL
without api key
- Fortiguard URL Analyzer
- GreyNoise Alpha API v1
- Talos Reputation
- Project Tor
- Robtex
- Threatminer
- ch MalwareBazaar
- ch URLhaus
- Active DNS
Application snapshots
Information on installing and using the program, you will find here.
Spread the news
Cybercrime Fraud Business Email Compromise
Comment Policy:
IGuRu.gr does not post comments directly. Malicious comments, comments that include ads, or comments with insults are deleted without any notice. We do not adopt the views expressed by our readers.
Your comments will be displayed after approval by the administrators