General Blog

Open Source Intelligence (OSINT) Sites

Threrat Intelligence Platforms (T.I.P.)

All threat of these platforms are free, but not all of the functions are available for the free versions. They are still great to be able to look up IOCs (indicators of compromise) on threat actors. All of these platforms you will have to register for, but are worth it.

  1. ThreatConnect – Home – ThreatConnect
  2. RiskIQ – RiskIQ | Digital Risk | Cyber Threat Intelligence | Incident Response
  3. Mandiant Advantage – Threat Intelligence Platform | Threat Intelligence Tools | Mandiant
  4. Recorded Future – Use Recorded Future for Free | Recorded Future (this link is not a platform but is a daily free threat intelligence email)
  5. AlienVault OTX – AlienVault – Open Threat Exchange

Sites to Check Indicators of Compromise (IOC)

  1. AbuseIPDB – AbuseIPDB – IP address abuse reports – Making the Internet safer, one IP at a time (gives a confidence report on if a particular IP is malicious or not and what the public has seen that IP doing such as SSH brute force)
  2. VirusTotal – VirusTotal (a site to check the reputation of URLs and IPs as well as upload files to and see if they are detected by the Anti-Virus programs; remember this is a public site so any files that are uploaded can be seen by anyone)
  3. ThreatCrowd – Threat Crowd | Threatcrowd.org Open Source Threat Intelligence (a search engine for threats, can look up domains, IPs, Emails or Organizations)
  4. Cybercrime Tracker – CyberCrime (can search for a particular URL to see if it is connected with malicious activity)
  5. Maltiverse – Maltiverse (can search for IPs and URLs and will indicate if it is malicious or not)
  6. Malbeacon – MalBeacon (site where you can check if an IP or URL is associated with C2 servers)
  7. URLhaus – URLhaus – Malware URL exchange (site to check URLs and see what malware is associated with them)
  8. Abuse – abuse.ch – Figthing malware and botnets (project that tracks cyber threats and botnets)

Public Sandboxes to Detonate Files/URLs

  1. Any.run – Interactive Online Malware Analysis Sandbox – ANY.RUN
  2. TriageSandbox for High-Volume Automated Malware Analysis
  3. Hybrid Analysis – Free Automated Malware Analysis Service – powered by Falcon Sandbox
  4. Joe Sandbox – Deep Malware Analysis – Joe Sandbox Cloud
  5. Intezer Analyze – https://analyze.intezer.com/

Miscellaneous

  1. URL.ioURL and website scanner – urlscan.io (a sandbox to scan URLs in which will then show the webpage)
  2. nmapper – Online Platform for network pentesting and mapping tool for penetration testers and System administrators (tool to find subdomains)
  3. Shodan – Shodan (search engine for internet connected devices, can search IPs and domains)
  4. Screenshotmachine – Reliable Screenshot API | Screenshot Machine (can enter in a URL and it will give you a screenshot of it)
  5. ipStack – ipstack – Free IP Geolocation API (geo-location of IP addresses)
  6. DNSdumpster- https://dnsdumpster.com/ (domain research tool)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s