{"id":13453783,"url":"https://github.com/intelowlproject/IntelOwl","last_synced_at":"2025-03-24T01:32:03.739Z","repository":{"id":37749355,"uuid":"231109256","full_name":"intelowlproject/IntelOwl","owner":"intelowlproject","description":"IntelOwl: manage your Threat Intelligence at scale","archived":false,"fork":false,"pushed_at":"2024-10-29T12:02:36.000Z","size":138140,"stargazers_count":3823,"open_issues_count":74,"forks_count":437,"subscribers_count":81,"default_branch":"master","last_synced_at":"2024-10-29T13:20:09.207Z","etag":null,"topics":["cyber-security","cyber-threat-intelligence","cybersecurity","dfir","enrichment","hacktoberfest","honeynet","incident-response","intel-owl","ioc","malware-analysis","malware-analyzer","osint","osint-python","python","security-tools","threat-hunting","threat-intelligence","threathunting","threatintel"],"latest_commit_sha":null,"homepage":"https://intelowlproject.github.io","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/intelowlproject.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":".github/CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":".github/CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":".github/SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"open_collective":"intelowl-project","github":"intelowlproject"}},"created_at":"2019-12-31T15:18:52.000Z","updated_at":"2024-10-26T20:04:54.000Z","dependencies_parsed_at":"2023-09-23T05:12:46.039Z","dependency_job_id":"2d66a6f8-6fca-4ede-9dea-a654ceff788c","html_url":"https://github.com/intelowlproject/IntelOwl","commit_stats":{"total_commits":2351,"total_committers":67,"mean_commits":35.08955223880597,"dds":0.7311782220331774,"last_synced_commit":"1f5992887e0e49aa8d37a68414df6ae1e34f9d9f"},"previous_names":[],"tags_count":67,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/intelowlproject%2FIntelOwl","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/intelowlproject%2FIntelOwl/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/intelowlproject%2FIntelOwl/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/intelowlproject%2FIntelOwl/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/intelowlproject","download_url":"https://codeload.github.com/intelowlproject/IntelOwl/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245194318,"owners_count":20575740,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cyber-security","cyber-threat-intelligence","cybersecurity","dfir","enrichment","hacktoberfest","honeynet","incident-response","intel-owl","ioc","malware-analysis","malware-analyzer","osint","osint-python","python","security-tools","threat-hunting","threat-intelligence","threathunting","threatintel"],"created_at":"2024-07-31T08:00:47.215Z","updated_at":"2025-03-24T01:31:58.720Z","avatar_url":"https://github.com/intelowlproject.png","language":"Python","readme":"\u003cimg src=\"docs/static/intel_owl_positive.png\" width=547 height=150 alt=\"Intel Owl\"/\u003e\n\n[![GitHub release (latest by date)](https://img.shields.io/github/v/release/intelowlproject/IntelOwl)](https://github.com/intelowlproject/IntelOwl/releases)\n[![GitHub Repo stars](https://img.shields.io/github/stars/intelowlproject/IntelOwl?style=social)](https://github.com/intelowlproject/IntelOwl/stargazers)\n[![Docker](https://img.shields.io/docker/pulls/intelowlproject/intelowl)](https://hub.docker.com/repository/docker/intelowlproject/intelowl)\n[![Twitter Follow](https://img.shields.io/twitter/follow/intel_owl?style=social)](https://twitter.com/intel_owl)\n[![Linkedin](https://img.shields.io/badge/LinkedIn-0077B5?style=flat\u0026logo=linkedin\u0026logoColor=white)](https://www.linkedin.com/company/intelowl/)\n[![Official Site](https://img.shields.io/badge/official-site-blue)](https://intelowlproject.github.io)\n[![Live Instance](https://img.shields.io/badge/live-demo-blue)](https://intelowl.honeynet.org)\n\n[![CodeFactor](https://www.codefactor.io/repository/github/intelowlproject/intelowl/badge)](https://www.codefactor.io/repository/github/intelowlproject/intelowl)\n[![Code style: black](https://img.shields.io/badge/code%20style-black-000000.svg)](https://github.com/psf/black)\n[![Imports: isort](https://img.shields.io/badge/%20imports-isort-%231674b1?style=flat\u0026labelColor=ef8336)](https://pycqa.github.io/isort/)\n[![CodeQL](https://github.com/intelowlproject/IntelOwl/actions/workflows/codeql-analysis.yml/badge.svg)](https://github.com/intelowlproject/IntelOwl/actions/workflows/codeql-analysis.yml)\n[![Dependency Review](https://github.com/intelowlproject/IntelOwl/actions/workflows/dependency_review.yml/badge.svg)](https://github.com/intelowlproject/IntelOwl/actions/workflows/dependency_review.yml)\n[![Build \u0026 Tests](https://github.com/intelowlproject/IntelOwl/workflows/Build%20\u0026%20Tests/badge.svg)](https://github.com/intelowlproject/IntelOwl/actions)\n[![DeepSource](https://app.deepsource.com/gh/intelowlproject/IntelOwl.svg/?label=resolved+issues\u0026token=BSvKHrnk875Y0Bykb79GNo8w)](https://app.deepsource.com/gh/intelowlproject/IntelOwl/?ref=repository-badge)\n[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/intelowlproject/IntelOwl/badge)](https://api.securityscorecards.dev/projects/github.com/intelowlproject/IntelOwl)\n[![OpenSSF Best Practices](https://bestpractices.coreinfrastructure.org/projects/7120/badge)](https://bestpractices.coreinfrastructure.org/projects/7120)\n# Intel Owl\n\nDo you want to get **threat intelligence data** about a malware, an IP address or a domain? Do you want to get this kind of data from multiple sources at the same time using **a single API request**?\n\nYou are in the right place!\n\nIntelOwl is an Open Source solution for management of Threat Intelligence at scale. It integrates a number of analyzers available online and a lot of cutting-edge malware analysis tools.\n\n### Features\nThis application is built to **scale out** and to **speed up the retrieval of threat info**.\n\nIt provides:\n- **Enrichment of Threat Intel** for files as well as observables (IP, Domain, URL, hash, etc).\n- A Fully-fledged REST APIs written in Django and Python.\n- An easy way to be integrated in your stack of security tools to automate common jobs usually performed, for instance, by SOC analysts manually. (Thanks to the official libraries [pyintelowl](https://github.com/intelowlproject/pyintelowl) and [go-intelowl](https://github.com/intelowlproject/go-intelowl))\n- A **built-in GUI**: provides features such as dashboard, visualizations of analysis data, easy to use forms for requesting new analysis, etc.\n- A **framework** composed of modular components called **Plugins**:\n - *analyzers* that can be run to either retrieve data from external sources (like VirusTotal or AbuseIPDB) or to generate intel from internally available tools (like Yara or Oletools)\n - *connectors* that can be run to export data to external platforms (like MISP or OpenCTI)\n - *pivots* that are designed to trigger the execution of a chain of analysis and connect them to each other\n - *visualizers* that are designed to create custom visualizations of analyzers results\n - *ingestors* that allows to automatically ingest stream of observables or files to IntelOwl itself\n - *playbooks* that are meant to make analysis easily repeatable\n\n\n### Documentation [![Documentation Status](https://readthedocs.org/projects/intelowl/badge/?version=latest)](https://intelowl.readthedocs.io/en/latest/?badge=latest)\nWe try hard to keep our documentation well written, easy to understand and always updated.\nAll info about installation, usage, configuration and contribution can be found [here](https://intelowl.readthedocs.io/)\n\n### Publications and Media\n\nTo know more about the project and its growth over time, you may be interested in reading [the official blog posts and/or videos about the project by clicking on this link](https://intelowl.readthedocs.io/en/latest/Introduction.html#publications-and-media)\n\n### Available services or analyzers\n\nYou can see the full list of all available analyzers in the [documentation](https://intelowl.readthedocs.io/en/latest/Usage.html#available-analyzers).\n\n| Type | Analyzers Available |\n| -------------------------------------------------- |-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| Inbuilt modules | - Static Office Document, RTF, PDF, PE File Analysis and metadata extraction\u003cbr/\u003e - Strings Deobfuscation and analysis ([FLOSS](https://github.com/mandiant/flare-floss), [Stringsifter](https://github.com/mandiant/stringsifter), ...)\u003cbr/\u003e - PE Emulation with [Qiling](https://github.com/qilingframework/qiling) and [Speakeasy](https://github.com/mandiant/speakeasy)\u003cbr/\u003e - PE Signature verification\u003cbr/\u003e - PE Capabilities Extraction ([CAPA](https://github.com/mandiant/capa))\u003cbr/\u003e - Javascript Emulation ([Box-js](https://github.com/CapacitorSet/box-js))\u003cbr/\u003e - Android Malware Analysis ([Quark-Engine](https://github.com/quark-engine/quark-engine), ...)\u003cbr/\u003e - SPF and DMARC Validator\u003cbr/\u003e - Yara (a lot of public rules are available. You can also add your own rules)\u003cbr/\u003e - more... |\n| External services | - Abuse.ch \u003ca href=\"https://bazaar.abuse.ch/about/\" target=\"_blank\"\u003eMalwareBazaar\u003c/a\u003e/\u003ca href=\"https://urlhaus.abuse.ch/\" target=\"_blank\"\u003eURLhaus\u003c/a\u003e/\u003ca href=\"https://threatfox.abuse.ch/about/\" target=\"_blank\"\u003eThreatfox\u003c/a\u003e/\u003ca href=\"https://yaraify.abuse.ch/about/\" target=\"_blank\"\u003eYARAify\u003c/a\u003e\u003c/br\u003e - \u003ca href=\"https://docs.greynoise.io/docs/3rd-party-integrations\" target=\"_blank\"\u003e GreyNoise v2\u003c/a\u003e\u003cbr/\u003e - \u003ca href=\"https://analyze.intezer.com/?utm_source=IntelOwl\" target=\"_blank\"\u003e Intezer\u003c/a\u003e\u003cbr/\u003e - VirusTotal v3\u003cbr/\u003e - \u003ca href=\"https://doc.crowdsec.net/docs/next/cti_api/integration_intelowl/?utm_source=IntelOwl\" target=\"_blank\"\u003e Crowdsec\u003c/a\u003e\u003cbr/\u003e - \u003ca href=\"https://urlscan.io/docs/integrations/\" target=\"_blank\"\u003eURLscan\u003c/a\u003e\u003cbr/\u003e - Shodan\u003cbr/\u003e - AlienVault OTX\u003cbr/\u003e - \u003ca href=\"https://intelx.io/integrations\" target=\"_blank\"\u003eIntelligence_X\u003c/a\u003e\u003cbr/\u003e - \u003ca href=\"https://www.misp-project.org/\" target=\"_blank\"\u003eMISP\u003c/a\u003e\u003cbr/\u003e - many more.. |\n\n## Partnerships and sponsors\n\nAs open source project maintainers, we strongly rely on external support to get the resources and time to work on keeping the project alive, with a constant release of new features, bug fixes and general improvements.\n\nBecause of this, we joined [Open Collective](https://opencollective.com/intelowl-project) to obtain non-profit equal level status which allows the organization to receive and manage donations transparently. Please support IntelOwl and all the community by choosing a plan (BRONZE, SILVER, etc).\n\n\u003ca href=\"https://opencollective.com/intelowl-project/donate\" target=\"_blank\"\u003e\n \u003cimg src=\"https://opencollective.com/intelowl-project/donate/button@2x.png?color=blue\" width=200 /\u003e\n\u003c/a\u003e\n\n### 🥇 GOLD\n\n#### Certego\n\n\u003ca href=\"https://certego.net/?utm_source=intelowl\"\u003e \u003cimg style=\"margin-right: 2px\" width=250 height=71 src=\"docs/static/Certego.png\" alt=\"Certego Logo\"/\u003e\u003c/a\u003e\n\n[Certego](https://certego.net/?utm_source=intelowl) is a MDR (Managed Detection and Response) and Threat Intelligence Provider based in Italy.\n\nIntelOwl was born out of Certego's Threat intelligence R\u0026D division and is constantly maintained and updated thanks to them.\n\n#### The Honeynet Project\n\n\u003ca href=\"https://www.honeynet.org\"\u003e \u003cimg style=\"border: 0.2px solid black\" width=125 height=125 src=\"docs/static/honeynet_logo.png\" alt=\"Honeynet.org logo\"\u003e \u003c/a\u003e\n\n[The Honeynet Project](https://www.honeynet.org) is a non-profit organization working on creating open source cyber security tools and sharing knowledge about cyber threats.\n\nThanks to Honeynet, we are hosting a public demo of the application [here](https://intelowl.honeynet.org). If you are interested, please contact a member of Honeynet to get access to the public service.\n\n#### Google Summer of Code\n\u003ca href=\"https://summerofcode.withgoogle.com/\"\u003e \u003cimg style=\"border: 0.2px solid black\" width=150 height=89 src=\"docs/static/gsoc_logo.png\" alt=\"GSoC logo\"\u003e \u003c/a\u003e\n\nSince its birth this project has been participating in the [Google Summer of Code](https://summerofcode.withgoogle.com/) (GSoC)!\n\nIf you are interested in participating in the next Google Summer of Code, check all the info available in the [dedicated repository](https://github.com/intelowlproject/gsoc)!\n\n\n### 🥈 SILVER\n\n#### ThreatHunter.ai\n\n\u003ca href=\"https://threathunter.ai?utm_source=intelowl\"\u003e \u003cimg style=\"border: 0.2px solid black\" width=194 height=80 src=\"docs/static/threathunter_logo.png\" alt=\"ThreatHunter.ai logo\"\u003e \u003c/a\u003e\n\n[ThreatHunter.ai®](https://threathunter.ai?utm_source=intelowl), is a 100% Service-Disabled Veteran-Owned Small Business started in 2007 under the name Milton Security Group. ThreatHunter.ai is the global leader in Dynamic Threat Hunting. Operating a true 24x7x365 Security Operation Center with AI/ML-enhanced human Threat Hunters, ThreatHunter.ai has changed the industry in how threats are found, and mitigated in real time. For over 15 years, our teams of Threat Hunters have stopped hundreds of thousands of threats and assisted organizations in defending against threat actors around the clock.\n\n### 🥉 BRONZE\n\n#### Docker\n\nIn 2021 IntelOwl joined the official [Docker Open Source Program](https://www.docker.com/blog/expanded-support-for-open-source-software-projects/). This allows IntelOwl developers to easily manage Docker images and focus on writing the code. You may find the official IntelOwl Docker images [here](https://hub.docker.com/search?q=intelowlproject).\n\n#### DigitalOcean\n\nIn 2022 IntelOwl joined the official [DigitalOcean Open Source Program](https://www.digitalocean.com/open-source?utm_medium=opensource\u0026utm_source=IntelOwl).\n\n\n### Other collaborations\n * [LimaCharlie](https://limacharlie.io/blog/limacharlie-sponsors-intel-owl/?utm_source=intelowl\u0026utm_medium=banner)\n * [Tines](https://www.tines.com/blog/announcing-our-sponsorship-of-intel-owl?utm_source=oss\u0026utm_medium=sponsorship\u0026utm_campaign=intelowl)\n\n\n## About the author and maintainers\n\nFeel free to contact the main developers at any time on Twitter:\n\n- [Matteo Lodi](https://twitter.com/matte_lodi): Author and principal maintainer\n- [Simone Berni](https://twitter.com/0ssig3no): Backend Maintainer\n- [Daniele Rosetti](https://github.com/drosetti): Frontend Maintainer\n- [Eshaan Bansal](https://twitter.com/eshaan7_): Key Contributor","funding_links":["https://opencollective.com/intelowl-project","https://github.com/sponsors/intelowlproject","https://opencollective.com/intelowl-project/donate"],"categories":["Threat Detection and Hunting","Python","Python (1887)","扫描器_资产收集_子域名","THREAT INTEL","Uncategorized","threat-hunting","security-tools","Repos","Synopsis"],"sub_categories":["Tools","资源传输下载","Uncategorized","Table of Contents"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fintelowlproject%2FIntelOwl","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fintelowlproject%2FIntelOwl","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fintelowlproject%2FIntelOwl/lists"}