Intel Owl: Analyze files, domains, IP in many ways

The Owl consists of external analysts  that can perform operations to retrieve data from external sources (such as VirusTotal or AbuseIPDB) or to generate information from internal analysts (such as Yara or Oletools)

This solution is for everyone who needs just one to request information about a specific file or something worth noting (domain, IP, URL, hash).

Lady :

  • Full Django-python application
  • Easily and fully customizable, both the API and its parsers
  • Clone the project, adjust the configuration and you are ready to run it

Free indoor modules are available

  • Static Document Analysis
  • Static RTF Analysis
  • Static PDF analysis
  • Static PE Analysis
  • Analysis of static general files
  • PE signature verification

Free modules that require additional configuration

  • Cuckoo (requires at least one Cuckoo presence to work)
  • (requires at least one working instance of MISP)
  • Yara (Neo23x0 and Intezer are already j. There is an opportunity to add your own rules)

Available external services

required api key or test api

  • GreyNoise v2

required API key for paid or free

  • VirusTotal v2 + v3
  • Hybrid analysis
  • Intezer
  • Farsight DNS DB
  • io - Hunting via email
  • BRIDE
  • io
  • security trails

free api key required

  • GoogleSafeBrowsing
  • IPDB abuse
  • Shodan
  • HoneyDB
  • AlienVault OTX
  • MaxMind
  • Auth0

required access request

  • CIRCL PassiveDNS + PassiveSSL

without api key

  • Fortiguard URL Analyzer
  • GreyNoise Alpha API v1
  • Talos Reputation
  • Tor
  • Robex
  • Threatminer
  • ch MalwareBazaar
  • ch URLhaus
  • Active DNS

Application snapshots

Information about and the use of the program, you will find here.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by Anastasis Vasileiadis

Translations are like women. When they are beautiful they are not faithful and when they are faithful they are not beautiful.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).