{"id":37091236,"url":"https://github.com/opensourcesec/forager","last_synced_at":"2026-01-14T11:03:35.539Z","repository":{"id":14549295,"uuid":"17264589","full_name":"opensourcesec/Forager","owner":"opensourcesec","description":"Multithreaded threat Intelligence gathering built with Python3","archived":false,"fork":false,"pushed_at":"2018-01-23T17:50:23.000Z","size":190,"stargazers_count":176,"open_issues_count":3,"forks_count":31,"subscribers_count":22,"default_branch":"master","last_synced_at":"2025-11-15T10:04:46.961Z","etag":null,"topics":["carbonblack","python","threatintel"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/opensourcesec.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2014-02-27T21:09:17.000Z","updated_at":"2025-09-19T15:31:19.000Z","dependencies_parsed_at":"2022-06-27T12:03:02.840Z","dependency_job_id":null,"html_url":"https://github.com/opensourcesec/Forager","commit_stats":null,"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"purl":"pkg:github/opensourcesec/Forager","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/opensourcesec%2FForager","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/opensourcesec%2FForager/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/opensourcesec%2FForager/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/opensourcesec%2FForager/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/opensourcesec","download_url":"https://codeload.github.com/opensourcesec/Forager/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/opensourcesec%2FForager/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28417826,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T10:47:48.104Z","status":"ssl_error","status_checked_at":"2026-01-14T10:46:19.031Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["carbonblack","python","threatintel"],"created_at":"2026-01-14T11:03:34.896Z","updated_at":"2026-01-14T11:03:35.532Z","avatar_url":"https://github.com/opensourcesec.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"Forager  ![alt tag](img/Forager.png)\n=======\n\n[![Build Status](https://travis-ci.org/opensourcesec/Forager.svg?branch=master)](https://travis-ci.org/opensourcesec/Forager)\n\n##### Summary\n\n  Do you ever wonder if there is an easier way to retrieve, store, and maintain all your threat intelligence data? Random user, meet Forager. Not all threat intel implementations require a database that is \"correlating trillions of data points..\" and instead, you just need a simple interface, with simple TXT files, that can pull threat data from other feeds, PDF threat reports, or other data sources, with minimal effort. With 15 pre-configured threat feeds, you can get started with threat intelligence feed management today.. Right now.. Do it!\n\n##### Features At A Glance\n\n* Fetch intel from URL's using modular feed functions\n* Extract domain, md5, sha1, sha256, IPv4, and YARA indicators\n* Search through the current intel set by single IP or with an IOC file\n* Generate JSON feeds for consumption by CarbonBlack\n* Serves up a Simple HTTP JSON feed server for CarbonBlack\n\nRequirements:\n-------\n*Requires Python 3!*\n* argparse\n* xlrd\n* pdfminer3k\n* colorama (for pretty colored output)\n\nYou can install all requirements with the included requirements.txt file\n```\npip3 install -r requirements.txt\n```\n\nFeeds `--feeds`\n--------\n* `list` -- Lists all feeds and allows user to choose a single feed to update.\n* `update` -- Updates all feed modules listed in Forager\n\nHunting `--hunt`\n---------\n* `-f [file path]` Provides the capability to search through the intel directory results for a specific list of indicators\n* `-s [IPv4 address]` Searches through intel directory for a single IP address\n\nExtraction `--extract`\n----------\n* Reads in a file and extracts IP addresss, domains, MD5/SHA1/SHA256 hashes, and YARA rules\n* Places the extracted indicators into the intel directory\n* Currently supported filetypes:\n  * TXT\n  * PDF\n  * XLS/XLSX\n\nNote:\n\n* Prone to false positives when extracting indicators from PDF as whitepapers with indicators will normally also contain URL references\n\nCarbonBlack Feed Generator `--cbgen`\n-----------------\n* Generates JSON feeds of all of the IOCs in the intel dir\n* Utilizes an interactive CLI prompt to allow the user to provide feed metadata the first time CBgen is run\n\nCarbonBlack Feed Server `--srv`\n----------------\n* Runs the built-in feed server so that the CarbonBlack server can automatically ingest the JSON feeds that were generated by the CBgen command\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fopensourcesec%2Fforager","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fopensourcesec%2Fforager","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fopensourcesec%2Fforager/lists"}