Giter Club home page Giter Club logo

osmankandemir / associated-threat-analyzer Goto Github PK

View Code? Open in Web Editor NEW
36.0 2.0 5.0 1.58 MB

Associated-Threat-Analyzer detects malicious IPv4 addresses and domain names associated with your web application using local malicious domain and IPv4 lists.

License: GNU General Public License v3.0

Python 98.44% Dockerfile 1.56%
cti cyber-analyst cyber-intelligence cyber-security cyber-threat-hunting cyber-threat-intelligence ioc malicious-domains malicious-ips malicious-link malicious-url malicious-url-detection security-tools threat-intelligence asset-discovery ethical-hacking-tools

associated-threat-analyzer's Introduction

Logo

Threat-Analyzer Version License Python Version Docker

Associated-Threat-Analyzer

NOTE : What do privacy laws say about sharing malicious domains and IPs ? Please See; USAGE_POLICY.md LICENSE

Description

Associated-Threat-Analyzer detects malicious IPv4 addresses and domain names associated with your web application using local malicious domain and IPv4 lists.

ScreenShot

Screenshot

Installation

From Git

git clone https://github.com/OsmanKandemir/associated-threat-analyzer.git
cd associated-threat-analyzer && pip3 install -r requirements.txt
python3 analyzer.py -d target-web.com

From Dockerfile

You can run this application on a container after build a Dockerfile.

Warning : If you want to run a Docker container, associated threat analyzer recommends to use your malicious IPs and domains lists, because maintainer may not be update a default malicious IP and domain lists on docker image.
docker build -t osmankandemir/threatanalyzer .
docker run osmankandemir/threatanalyzer -d target-web.com

From DockerHub

docker pull osmankandemir/threatanalyzer
docker run osmankandemir/threatanalyzer -d target-web.com

Usage

-d DOMAIN , --domain DOMAIN Input Target. --domain target-web1.com
-t DOMAINSFILE, --DomainsFile Malicious Domains List to Compare. -t SampleMaliciousDomains.txt
-i IPSFILE, --IPsFile Malicious IPs List to Compare. -i SampleMaliciousIPs.txt
-o JSON, --json JSON  JSON output. --json

DONE

  • First-level depth scan your domain address.

TODO list

  • Third-level or the more depth static files scanning for target web application.
Other linked github project. You can take a look.
Finds related domains and IPv4 addresses to do threat intelligence after Indicator-Intelligence v1.1.1 collects static files

https://github.com/OsmanKandemir/indicator-intelligence

Default Malicious IPs and Domains Sources

https://github.com/stamparm/blackbook

https://github.com/stamparm/ipsum

Development and Contribution

See; CONTRIBUTING.md

License

Copyright (c) 2023 Osman Kandemir
Licensed under the GPL-3.0 License.

Donations

If you like Associated Threat Analyzer and would like to show support, you can use Buy A Coffee or Github Sponsors feature for the developer using the button below.

Or

Sponsor me : https://github.com/sponsors/OsmanKandemir 😊

Buy Me A Coffee

Your support will be much appreciated😊

associated-threat-analyzer's People

Contributors

osmankandemir avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar

Forkers

mlynchcogent teutades 5l1v3r1 stnert arvind-india

associated-threat-analyzer's Issues

Unable to locate the sources of the malicious IP addresses

Hi @OsmanKandemir !

  1. I've been examining one of my domains and the Docker-based analyzer detects a set of "Malicious Association" IPs
  2. I went to examine deeper and check a couple of CNAME references of my domain and identified that domains of the CRM tools we used had overlapped with these "Malicious Association" IPs
  3. I then removed the DNS records pointing to the CRM domains
  4. After 3 days the tool still reports "FOUND -> Malicious Association"

I wonder, where those are coming from? After briefly looking at the code I did not understand how the list is determined. Would you mind helping me understand how to better use the tool to find the source of this association?

Thanks a lot for the analyzer and for the answer, in advance.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.