Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/opensourcesec/Forager
Multithreaded threat Intelligence gathering built with Python3
https://github.com/opensourcesec/Forager
carbonblack python threatintel
Last synced: 2 months ago
JSON representation
Multithreaded threat Intelligence gathering built with Python3
- Host: GitHub
- URL: https://github.com/opensourcesec/Forager
- Owner: opensourcesec
- License: mit
- Created: 2014-02-27T21:09:17.000Z (over 10 years ago)
- Default Branch: master
- Last Pushed: 2018-01-23T17:50:23.000Z (over 6 years ago)
- Last Synced: 2024-03-14T20:21:13.203Z (3 months ago)
- Topics: carbonblack, python, threatintel
- Language: Python
- Homepage:
- Size: 186 KB
- Stars: 165
- Watchers: 23
- Forks: 31
- Open Issues: 3
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Lists
- awesome-cybersecurity-blueteam - Forager - Multi-threaded threat intelligence gathering built with Python3 featuring simple text-based configuration and data storage for ease of use and data portability. (Threat intelligence / Threat hunting)
- awesome-cybersecurity-blueteam - Forager - Multi-threaded threat intelligence gathering built with Python3 featuring simple text-based configuration and data storage for ease of use and data portability. (Threat intelligence / Threat hunting)
- awesome-blueteam - Forager - Multi-threaded threat intelligence gathering built with Python3 featuring simple text-based configuration and data storage for ease of use and data portability. (Threat intelligence / Threat hunting)
- awesome-cybersecurity-blueteam-cn - Forager - 使用Python3构建的多线程威胁情报收集工具。基于文本进行了简单配置和数据存储,以简化使用和数据可移植性。 (威胁情报 / 威胁狩猎)
README
Forager 
=======
[](https://travis-ci.org/opensourcesec/Forager)
##### Summary
Do you ever wonder if there is an easier way to retrieve, store, and maintain all your threat intelligence data? Random user, meet Forager. Not all threat intel implementations require a database that is "correlating trillions of data points.." and instead, you just need a simple interface, with simple TXT files, that can pull threat data from other feeds, PDF threat reports, or other data sources, with minimal effort. With 15 pre-configured threat feeds, you can get started with threat intelligence feed management today.. Right now.. Do it!
##### Features At A Glance
* Fetch intel from URL's using modular feed functions
* Extract domain, md5, sha1, sha256, IPv4, and YARA indicators
* Search through the current intel set by single IP or with an IOC file
* Generate JSON feeds for consumption by CarbonBlack
* Serves up a Simple HTTP JSON feed server for CarbonBlack
Requirements:
-------
*Requires Python 3!*
* argparse
* xlrd
* pdfminer3k
* colorama (for pretty colored output)
You can install all requirements with the included requirements.txt file
```
pip3 install -r requirements.txt
```
Feeds `--feeds`
--------
* `list` -- Lists all feeds and allows user to choose a single feed to update.
* `update` -- Updates all feed modules listed in Forager
Hunting `--hunt`
---------
* `-f [file path]` Provides the capability to search through the intel directory results for a specific list of indicators
* `-s [IPv4 address]` Searches through intel directory for a single IP address
Extraction `--extract`
----------
* Reads in a file and extracts IP addresss, domains, MD5/SHA1/SHA256 hashes, and YARA rules
* Places the extracted indicators into the intel directory
* Currently supported filetypes:
* TXT
* PDF
* XLS/XLSX
Note:
* Prone to false positives when extracting indicators from PDF as whitepapers with indicators will normally also contain URL references
CarbonBlack Feed Generator `--cbgen`
-----------------
* Generates JSON feeds of all of the IOCs in the intel dir
* Utilizes an interactive CLI prompt to allow the user to provide feed metadata the first time CBgen is run
CarbonBlack Feed Server `--srv`
----------------
* Runs the built-in feed server so that the CarbonBlack server can automatically ingest the JSON feeds that were generated by the CBgen command