Skip to content
/ IntelOwl Public
forked from intelowlproject/IntelOwl

Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scale

www.certego.net/en/news/new-year-new-tool-intel-owl/

License

AGPL-3.0 license
0 stars 445 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

amanjiofficial/IntelOwl

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

71 Commits
api_app
api_app
 
 
configuration
configuration
 
 
docs
docs
 
 
intel_owl
intel_owl
 
 
static_intel
static_intel
 
 
templates
templates
 
 
tests
tests
 
 
.dockerignore
.dockerignore
 
 
.gitignore
.gitignore
 
 
.lgtm.yml
.lgtm.yml
 
 
.travis.yml
.travis.yml
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
docker-compose-for-tests.yml
docker-compose-for-tests.yml
 
 
docker-compose-for-travis.yml
docker-compose-for-travis.yml
 
 
docker-compose.yml
docker-compose.yml
 
 
docker_entrypoint.sh
docker_entrypoint.sh
 
 
env_file_app_template
env_file_app_template
 
 
env_file_app_travis
env_file_app_travis
 
 
env_file_postgres_template
env_file_postgres_template
 
 
manage.py
manage.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

Intel Owl

Language grade: Python Build Status

Intel Owl

Do you want to get threat intelligence data about a file, an IP or a domain?

Do you want to get this kind of data from multiple sources at the same time using a single API request?

You are in the right place!

This application is built to scale out and to speed up the retrieval of threat info.

It can be integrated easily in your stack of security tools to automate common jobs usually performed, for instance, by SOC analysts manually.

Intel Owl is composed of analyzers that can be run to retrieve data from external sources (like VirusTotal or AbuseIPDB) or to generate intel from internal analyzers (like Yara or Oletools)

This solution is for everyone who needs a single point to query for info about a specific file or observable (domain, IP, URL, hash).

Main features:

  • full django-python application
  • easily and completely customizable, both the APIs and the analyzers
  • clone the project, set up the configuration and you are ready to run

Free internal modules available

  • Static Doc Analysis
  • Static RTF Analysis
  • Static PDF Analysis
  • Static PE Analysis
  • Static Generic File Analysis
  • Strings analysis
  • PE Signature verification

Free modules that require additional configuration

  • Cuckoo (requires at least one working Cuckoo instance)
  • MISP (requires at least one working MISP instance)
  • Yara (Community, Neo23x0 and Intezer rules are already available. There's the chance to add your own rules)

External services available

required paid or free api key

  • VirusTotal v2 + v3
  • HybridAnalysis
  • Intezer
  • Farsight DNSDB
  • Hunter.io - Email Hunting
  • ONYPHE
  • Censys.io

required free api key

  • GoogleSafeBrowsing
  • AbuseIPDB
  • Shodan
  • HoneyDB
  • AlienVault OTX
  • MaxMind

needed access request

  • CIRCL PassiveDNS + PassiveSSL

without api key

  • Fortiguard URL Analyzer
  • GreyNoise Alpha API
  • Talos Reputation
  • Tor Project
  • Robtex
  • Threatminer
  • Abuse.ch MalwareBazaar

Documentation

Documentation Status

Documentation about IntelOwl installation and usage can be found at https://intelowl.readthedocs.io/.

Legal notice

You as a user of this project must review, accept and comply with the license terms of each downloaded/installed package listed below. By proceeding with the installation, you are accepting the license terms of each package, and acknowledging that your use of each package will be subject to its respective license terms.

osslsigncode: https://github.com/develar/osslsigncode

stringsifter: https://github.com/fireeye/stringsifter

peepdf: https://github.com/jesparza/peepdf

oletools: https://github.com/decalage2/oletools

MaxMind-DB-Reader-python: https://github.com/maxmind/MaxMind-DB-Reader-python

pysafebrowsing: https://github.com/Te-k/pysafebrowsing

PyMISP: https://github.com/MISP/PyMISP

OTX-Python-SDK: https://github.com/AlienVault-OTX/OTX-Python-SDK

yara-python: https://github.com/VirusTotal/yara-python

GitPython: https://github.com/gitpython-developers/GitPython

Yara community rules: https://github.com/Yara-Rules

Neo23x0 Yara sigs: https://github.com/Neo23x0/signature-base

Intezer Yara sigs: https://github.com/intezer/yara-rules

About the author

Feel free to contact the author at any time: Matteo Lodi Twitter

About

Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scale

www.certego.net/en/news/new-year-new-tool-intel-owl/

Resources

Readme

License

AGPL-3.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

3 tags

Packages

No packages published

Languages

  • Python 94.6%
  • HTML 3.1%
  • Other 2.3%