Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/digitalarche/OnlineToolsForBlueTeam

By Categories all online tools for blueteam
https://github.com/digitalarche/OnlineToolsForBlueTeam

Last synced: about 1 month ago
JSON representation

By Categories all online tools for blueteam

Awesome Lists containing this project

README 

        
# Online tools for Blue Team



**This page will include online tools for information gatherings and analysis from a blue team perspective.**



**Exchange Platform**

1. [Secuirty StackExchange](https://security.stackexchange.com/) - Plateform to exchange on security issues



**Malware analysis:**



*All the following online tools are public. **All sample submitted might be accessible by anyone.*** ***Please make sure to consider this before submitting samples\****.*



1. [VirusTotal](https://www.virustotal.com/#/home/upload) - Compare sample analysis from multiple AV vendors. Note that the analysis are base on signature detection for most AV vendors. Also perform sample download from URL.

2. [Malwr.com](https://malwr.com/) - Cuckoo sandbox

3. [Hybrid-analysis](https://www.hybrid-analysis.com/) - CrowdStrike sandbox. Also perform sample download from URL.

4. [Any Run](https://app.any.run/) - Interactive online sandbox. Also perform sample download from URL.

5. [PDF Examiner](https://www.pdfexaminer.com/) - Automate malware PDF analysis

6. [Quicksand.io](https://www.quicksand.io/) - Office document malware analysis

7. [Valkyrie comodo](https://valkyrie.comodo.com/) - File verdict system

8. [IntezerAnalyze Community Edition](https://analyze.intezer.com/) - Malware analysis and classification by code DNA mapping

9. [Detux Linux Sandbox](https://detux.org/) - Multiplatform Linux Sandbox for malware on x86, x86-64, ARM, MIPS and MIPSEL cpu architecture

10. [Joe Sandbox Cloud Community Edition](https://www.joesandbox.com/) - Sandbox for Windows, Android, Mac OS, and iOS for suspicious activities.Also perform sample download from URL.

11. [Pikker](https://sandbox.pikker.ee/) - Cuckoo sandbox. Also perform sample download from URL.

12. [MalwareConfig](https://malwareconfig.com/) - Extract config information from RAT

13. [YaraRules Analyzer](https://analysis.yararules.com/) - Cloud base analysis of file base on Yara rules

14. [IRIS-H](https://iris-h.malwageddon.com/) - automated static analysis of Object Linking and Embedding Compound Files

15. [CERT.ee](http://cuckoo.cert.ee/) - Cuckoo sandbox. Also perform sample download from URL.



 

**URL/IP/Domain analysis:**



1. [VirusTotal](https://www.virustotal.com/#/home/upload) - Compare URL categorization from multiple URL filtering solutions vendors.

2. [URLquery](https://urlquery.net/) - Detecting and analyzing web-based malware. It provides detailed information about the activities a browser does while visiting a site and presents the information for further analysis.

3. [DomainBigData](https://domainbigdata.com/) - Big database of domains and whois records.

4. [MultiRBL](http://multirbl.valli.org/) - IP check for sending Mailservers

5. [Robtex](https://www.robtex.com/) - Gather public information about IP numbers, domain names, host names, Autonomous systems, routes, etc.

6. [SSL Blacklist](https://sslbl.abuse.ch/) - List of "bad" SSL certificates identified by [abuse.ch](http://abuse.ch/) to be associated with malware or botnet activities.

7. [URLscan.io](https://urlscan.io/) - Analyses websites and the resources they request. It will let you take a look at the individual resources that are requested when a site is loaded.

8. [DNStrails](https://dnstrails.com/#/) - World's Largest Repository of historical DNS data.

9. [URLVoid](http://www.urlvoid.com/) - Analyzes a website through multiple blacklist engines and online reputation tools.

10. [IPVoid](http://www.ipvoid.com/) - IP address tools to discover details about IP addresses.

11. [Google Safe Browsing](https://transparencyreport.google.com/safe-browsing/search) - Check site status in Google Safe browsing database.

12. [Shodan.io](https://www.shodan.io/) - The world's first search engine for Internet-connected devices.

13. [ThreatCrowd](https://www.threatcrowd.org/) - Domain, IP, Email or Organization search engine for threats.

14. [ThreatMiner](https://www.threatminer.org/index.php) - Free analysts from data collection and provide intelligence analysts

15. [Centralops.net](https://centralops.net/co/) - Investigate domains and IP addresses. Get registrant information, DNS records, and more—all in one report.

16. [RegistryDB](https://registrydb.com/) - Database to find domain information from domain name, IP address, owner name or email address.

17. [DNSDumpster](https://dnsdumpster.com/) - Domain research tool that can discover hosts related to a domain.

18. [Hackertarget.com](https://hackertarget.com/find-dns-host-records/) - Domain research tool that find all Forward DNS (A) records for a domain and all subdomains associated with that domain.

19. [DNSlytics](https://dnslytics.com/) - Find out everything about a domain name, IP address or provider.

20. [[1\]](https://www.mcafee.com/threat-intelligence/domain/popular.aspx#nodata) - McAfee domain reputation



**Threat Intelligence:**



1. [Cymon.io](https://www.cymon.io/) - largest open tracker of malware, phishing, botnets, spam, and more.

2. [C1fApp](https://www.c1fapp.com/) - Open Source Cyber intelligence threat feeds.

3. [RiskIQ Community Edition](https://community.riskiq.com/login) - Free access to comprehensive internet data to hunt digital threats against their organization, defend their digital footprint, and reduce their attack surface across web, mobile, and social channels.

4. [Open Threat Exchange](https://otx.alienvault.com/) - World’s First Truly Open Threat Intelligence Community.

5. [CriticalStack Intel Feed](https://intel.criticalstack.com/) - Free threat intelligence, parsed for the Bro network security monitoring platform.

6. [IBM X-Force Exchange](https://exchange.xforce.ibmcloud.com/) - Threat intelligence sharing platform enabling research on security threats, aggregation of intelligence, and collaboration with peers



**Phishing:**



1. [MXToolBox](https://mxtoolbox.com/EmailHeaders.aspx) - Headers parser

2. [Google G Suite Toolbox](https://toolbox.googleapps.com/apps/messageheader/)- Headers parser

3. [HTML Viewer](https://htmledit.squarefree.com/) - Real-time HTML Editor

4. [UnPHP](https://www.unphp.net/) - Free service for analyzing obfuscated and malicious PHP code

5. [Code Beautify](https://codebeautify.org/htmlviewer/) - HTML viewer



 **Vulnerabilities:**



1. [VulDB](https://vuldb.com/) - Vulnerability database worldwide with more than 111000 entries available

2. [Exploit Database](https://www.exploit-db.com/) - Archive of Exploits, Shellcode, and Security Papers



 **Reconnaissance:**



1. [Paste Site Search](http://netbootcamp.org/pastesearch.html#gsc.tab=0) - Search 90+ paste sites. Filter by source & keyword.



 **Data/Conversion:**



1. [CyberChef](https://gchq.github.io/CyberChef/) - A web app for encryption, encoding, compression and data analysis



 **In-Browser Cryptomining detection:**



1. [URLscan.io](https://urlscan.io/) - Analyses websites and the resources they request. It will let you take a look at the individual resources that are requested when a site is loaded.

2. [NotMining](https://notmining.org/) - Detecting and listing websites performing in-browser cryptomining.



**Malware directly from following:



1. [Malc0de](http://malc0de.com/rss)

2. [Malware Domain List](http://www.malwaredomainlist.com/hostslist/mdl.xml)

3. [Malware URLs](http://malwareurls.joxeankoret.com/normal.txt)

4. [VX Vault](http://vxvault.siri-urz.net/URL_List.php)

5. [URLquery](http://urlquery.net/)

6. [CleanMX](http://support.clean-mx.de/clean-mx/xmlviruses.php?)

7. [ZeusTracker](https://zeustracker.abuse.ch/monitor.php?urlfeed=binaries)

8. [Viper](https://github.com/botherder/viper)