Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/censys-workshop/threatfox-censys
Threatfox Censys is a tool to query Censys Search for IP addresses and domains and then parses the JSON and submits the results to Threatfox.
https://github.com/censys-workshop/threatfox-censys
c2 censys censys-search iocs threatfox
Last synced: about 1 month ago
JSON representation
Threatfox Censys is a tool to query Censys Search for IP addresses and domains and then parses the JSON and submits the results to Threatfox.
- Host: GitHub
- URL: https://github.com/censys-workshop/threatfox-censys
- Owner: censys-workshop
- License: mit
- Created: 2023-10-11T22:35:29.000Z (about 1 year ago)
- Default Branch: main
- Last Pushed: 2024-04-29T16:13:54.000Z (8 months ago)
- Last Synced: 2024-04-29T17:33:39.489Z (8 months ago)
- Topics: c2, censys, censys-search, iocs, threatfox
- Language: Python
- Homepage: http://workshop.censys.io/threatfox-censys/
- Size: 227 KB
- Stars: 19
- Watchers: 1
- Forks: 2
- Open Issues: 6
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-ip-search-engines - ThreatFox Censys
README
# Threatfox Censys
Threatfox Censys is a tool to query [Censys Search](https://search.censys.io/) for IP addresses and domains and then parses the JSON and submits the results to Threatfox.
## Features
- Create dynamic fingerprints for various IoCs
- Create a fingerprint using the `create-fingerprint` command
- Fingerprint file: [`fingerprints.yaml`](fingerprints.yaml)
- Uses the Censys Search API
- Submit IoCs to ThreatFox
- Submit IoCs using the `scan` command
- Links Censys Search in ThreatFox IoC reference
- Tags IoCs with `censys` and the autonomous system name
- Uses a PostgreSQL database to store the IoCs submitted to ThreatFox## Installation
### Prerequisites
- [Python 3.10](https://www.python.org/downloads/release/python-3100/)
- [A PostgreSQL 15+ Instance](https://www.postgresql.org/)You will need to install [poetry](https://python-poetry.org/) on Python 3.10.
```bash
curl -sSL https://install.python-poetry.org | python3 -
```Clone the repository.
```bash
git clone https://github.com/censys-workshop/threatfox-censys.git
```Then install the dependencies.
```bash
poetry install
```Then you will need to copy the `.env.example` file to `.env` and add your Censys API ID and Secret as well as your Threatfox API key. Also make sure to set the `DATABASE_URL` to your database.
```bash
cp .env.example .env
```Then you will need to run the database migrations.
```bash
poetry run threatfox-censys database-migrations
```## Usage
### Scan
Scan Censys Search for IoCs and submit them to ThreatFox.
```bash
poetry run threatfox-censys scan
```#### Mastodon Posts
You can also post the results to Mastodon. Make sure to set the `MASTODON_API_URL` and `MASTODON_ACCESS_TOKEN` environment variables. It will post a toot for each IoC found. Simply create a Mastodon app and get the access token.
### Create Fingerprint
Prompt the user to create a fingerprint for an IoC.
```bash
poetry run threatfox-censys create-fingerprint
```## Contributing
Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.
### Testing
```bash
poetry run pytest
```### Linting
```bash
poetry run flake8
```### Formatting
```bash
poetry run black .
poetry run isort .
poetry run pyupgrade --py310-plus threatfox_censys/*.py scripts/*.py
```## License
Threatfox Censys is licensed under the [MIT](https://choosealicense.com/licenses/mit/) license.
## Author
- [Aidan Holland](mailto:[email protected])
## Acknowledgements
- [Censys](https://censys.io/)
- [Threatfox](https://threatfox.abuse.ch/)## TODO
- [ ] Add more fingerprint.
- [ ] Add more documentation.