The intel Owl consists of external analysts that can perform operations to retrieve data from external sources (such as VirusTotal or AbuseIPDB) or to generate information from internal analysts (such as Yara or Oletools)
This solution is for everyone who needs just one program to request information about a specific file or something worth noting (domain, IP, URL, hash).
Lady characteristics:
- Full Django-python application
- Easily and fully customizable, both the API and its parsers
- Clone the project, adjust the configuration and you are ready to run it
Free indoor modules are available
- Static Document Analysis
- Static RTF Analysis
- Static PDF analysis
- Static PE Analysis
- Analysis of static general files
- PE signature verification
Free modules that require additional configuration
- Cuckoo (requires at least one Cuckoo presence to work)
- misp (requires at least one working instance of MISP)
- Yara (Neo23x0 and Intezer are already availablej. There is an opportunity to add your own rules)
Available external services
required api key or test api
- GreyNoise v2
required API key for paid or free
- VirusTotal v2 + v3
- Hybrid analysis
- Intezer
- Farsight DNS DB
- io - Hunting via email
- BRIDE
- io
- security trails
free api key required
- GoogleSafeBrowsing
- IPDB abuse
- Shodan
- HoneyDB
- AlienVault OTX
- MaxMind
- Auth0
required access request
- CIRCL PassiveDNS + PassiveSSL
without api key
- Fortiguard URL Analyzer
- GreyNoise Alpha API v1
- Talos Reputation
- Project Tor
- Robex
- Threatminer
- ch MalwareBazaar
- ch URLhaus
- Active DNS
Application snapshots
Information about installation and the use of the program, you will find here.