An open API service indexing awesome lists of open source software.

https://github.com/threadlinee/ip-threat-analyzer

Ultimate IP Threat Analyzer - Enterprise Threat Intelligence Platform
https://github.com/threadlinee/ip-threat-analyzer

educational-purposes github hacking-tool hacking-tools internet-protocol ip ipaddress ipaddress-tracker lua networking python scanning

Last synced: 4 months ago
JSON representation

Ultimate IP Threat Analyzer - Enterprise Threat Intelligence Platform

Awesome Lists containing this project

README

          

# ⚑ Ultimate IP Threat Analyzer - Enterprise Threat Intelligence Platform

![Static Badges](https://img.shields.io/badge/SOC2%20Compliant-Yes-green)
![Static Badges](https://img.shields.io/badge/Python%20API-Beta-blueviolet)
![Static Badges](https://img.shields.io/badge/Threat%20Feeds-14%20Sources-critical)
![Static Badges](https://img.shields.io/badge/MITRE%20ATT%26CK-Mapped-ff69b4)

# HOW TO RUN!!

**git clone https://github.com/Threadlinee/IP-Threat-Analyzer**

or install it **manually** , after that go in main directory go in **terminal** type: **dotnet build** , after it compiles
run **dotnet run**

```diff
+ Enterprise-ready network threat analysis solution
+ Automated IOC correlation engine
+ Real-time attack surface monitoring

# πŸ“Š Feature Matrix

| Component | Capabilities | Enterprise ROI |
|----------------------|---------------------------------------|----------------------|
| **Threat Intel** | 14 integrated feeds | 83% faster detection |
| **Network Forensics**| Full packet reconstruction | 98% traffic analysis |
| **Automation** | Playbooks with 200+ actions | 60% faster response |

# οΏ½ Architecture Overview
β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆ
SYSTEM ARCHITECTURE
═══════════════════════════════════════════════════
β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚ COLLECTION β”‚ β”‚ CORRELATION β”‚ β”‚ RESPONSE β”‚
β”‚ LAYER β”‚ β”‚ ENGINE β”‚ β”‚ AUTOMATION β”‚
β””β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”˜ β””β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”˜ β””β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”˜
β”‚ β”‚ β”‚
β”Œβ”€β”€β”€β”€β”€β”€β–Όβ”€β”€β”€β”€β”€β”€β”€β” β”Œβ”€β”€β”€β”€β”€β”€β–Όβ”€β”€β”€β”€β”€β”€β” β”Œβ”€β”€β”€β”€β”€β”€β–Όβ”€β”€β”€β”€β”€β”€β”
β”‚ Threat Feeds β”‚ β”‚ AI Analysis β”‚ β”‚ Blocklists β”‚
β”‚ Packet Capturβ”‚ β”‚ TTP Mapping β”‚ β”‚ SIEM Sync β”‚
β”‚ Log Ingestionβ”‚ β”‚Risk Scoring β”‚ β”‚ Webhook Trigβ”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
# πŸš€ Deployment
πŸ‹ Containerized Deployment
# Pull latest enterprise image
docker pull registry.threatanalyzer.com/ipaas/core:v5.0

# Run with environment config
docker run -d \
-e "API_KEY=$SECRET_KEY" \
-p 8443:8443 \
-v ./config:/app/config \
ipaas-core
# 🏒 Enterprise Cluster

β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚ LOAD BALANCER β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
β”‚ β”‚
β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β–Όβ”€β”€β”€β”€β”€β”€β”€β” β”Œβ”€β”€β”€β”€β”€β–Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚ Analyzer Node β”‚ β”‚ Analyzer Node β”‚
β”‚ (16 vCPU) β”‚ β”‚ (16 vCPU) β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”¬β”˜ β””β”¬β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”˜
β”‚ β”‚ β”‚ β”‚
β”Œβ”€β”€β”€β”€β”€β”€β”€β–Όβ”€β”€β”€β”€β”€β”€β”€β–Όβ” β”Œβ–Όβ”€β”€β”€β”€β”€β”€β”€β–Όβ”€β”€β”€β”€β”€β”€β”€β”
β”‚ Redis Cluster β”‚ β”‚ Elasticsearch β”‚
β”‚ (HA) β”‚ β”‚ (8 nodes) β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
πŸ” Core Modules
1. Threat Intelligence Gateway

# STIX/TAXII 2.1 compliant
! 100,000+ pre-loaded IOCs
+ Custom feed JSON API
2. Network Analysis Engine
Protocol Support Matrix:
β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚ Protocol β”‚Deep Inspectionβ”‚ Vulnerability β”‚
β”œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€
β”‚ HTTP/HTTPS β”‚ Yes β”‚ OWASP Top 10 β”‚
β”‚ SSH β”‚ Yes β”‚ CVE-2019-6111 β”‚
β”‚ SMB β”‚ Yes β”‚ EternalBlue β”‚
β”‚ DNS β”‚ Partial β”‚ NXDOMAIN Attack β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜

Timeline Analysis:
β”œβ”€ 08:23:45 : Initial compromise
β”œβ”€ 08:42:12 : Lateral movement detected
└─ 09:15:33 : Data exfiltration attempt

Containment Actions:
βœ“ Network isolation completed (Policy NET-ISO-45)
βœ“ Credential rotation (3 service accounts)
βœ“ Malware signature deployed to all endpoints
# βš™οΈ Technical Specifications
API Reference
ENDPOINT | AUTH | RATE LIMIT
-----------------------------|---------|-----------
GET /v1/threat/{ip} | JWT | 1000/min
POST /v1/scans | API Key | 500/min
GET /v1/reports/{id}/pdf | JWT | No limit

# Contact:
β€’ GiThub: Threadlinee
β€’ Discord: 840sxr