In today’s digital age, cybersecurity threats are increasingly complex and sophisticated and a member of a Blue Team has to know analyze them rapidly. For this reason I wanted to write a list of best online tools for Threat Intelligence and Analysis and post it to my blog to have a rapid access.
The following online tools are used mostly for Threat Intelligence activities and to collect information about different threats.
File, IP and Domain Reputation Tools
- Virus Total: A popular tool that uses over 70 antivirus scanners and URL/domain blacklisting services to analyze suspicious files and URLs.
- Talos Intelligence (Cisco): Offers reputation and threat intelligence. You can check the reputation of IP addresses, domains, and file hashes.
- IBM X-Force Exchange: IBM X-Force Exchange is a cloud-based threat intelligence sharing platform that enables users to research security threats, aggregate intelligence, and collaborate with peers. It is part of IBM Security’s suite of products and is designed to help security teams proactively understand and mitigate potential threats.
- Metadefender: MetaDefender by OPSWAT is a well-known cybersecurity platform that provides multiple security features to protect organizations against cyber threats. It’s particularly noted for its multi-scanning technology, which uses over 30 different antivirus engines to scan files for threats, significantly increasing the detection rates of malware and other malicious content.
- OTX AlienVault: AlienVault OSSIM® Open Threat Exchange®(OTX™) is a threat data platform that allows security researchers and threat data producers to share research and investigate new threats. OTX provides open access for all, allowing you to collaborate with a worldwide community of threat researchers and security professionals.
- MXToolbox: Provides a comprehensive check against blacklists and offers various network diagnostic tools.
- DNSBL (DNS Blacklists): Various DNSBL services allow you to check if an IP address is listed on specific blacklists, which is often indicative of a compromised or malicious IP.
Malware Sandboxing
- Hybrid Analysis: Provides free malware analysis service, leveraging various sandboxing technologies to analyze suspicious files in a safe, isolated environment.
- Any.Run: An interactive sandbox that allows users to observe malware behavior in real time, offering valuable insights into malware tactics and communication.
URL Scanner
- URLScan: Website scanner for suspicious and malicious URLs.
- URL2PNG: Capture snapshots of any website, right in your app, quickly and reliably.
- Browseling: An online browser sandbox, also known as an online URL sandbox, lets you securely and safely open a website that you don’t trust in a browser that runs in an isolated environment outside of your network.
Phishing Search
- PhishTank: PhishTank is a collaborative clearing house for data and information about phishing on the Internet. Also, PhishTank provides an open API for developers and researchers to integrate anti-phishing data into their applications at no charge.
- Phish.ly: Phish.ly combines the world’s leading security automation platform, Tines, and the world’s most popular url intelligence tool, urlscan.io, to automatically analyse suspicious emails for free.
OSINT
- abuse.ch: Abuse.ch is providing community driven threat intelligence on cyber threats; sharing malware samples, IOCs, blocklist for malicious SSL with the community, AV vendors and threat intelligence providers.
- Shodan: A search engine for internet-connected devices, helping security analysts discover devices that are publicly accessible on the internet.
- OSINT Framework: OSINT framework focused on gathering information from free tools or resources.
- CentralOps: Tool for domain and email check, ping, traceroute and more.
- IPVOID: Tools for network OSINT.
- ViewDNS.info: Tool suite for network OSINT.
- IPLocation: Geolocation for IP address.
- TinEye: Reverse image search - find where images appear online.
- ’;–have i been pwned?: Check if your email address is in a data breach.
- Intelligence X: Search engine and data archive specialized in searching various data sources, including the darknet, document sharing platforms, whois data, public data leaks, and more.
CVE Databases
- ExploitDB: Exploit-DB is a widely recognized online public database and platform that provides information about security vulnerabilities, exploits, and their corresponding proof-of-concept code.
- NIST CVE Database: The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP).
- CVE MITRE: The mission of the CVE MITRE Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities.
Some start.me OSINT pages
I will update this list.