IoC analyzer

Tool to analyze IoCs with various OSINT APIs. Prints a detailed report and a summary table on the cli. IoC type is detected automatically.

Supported IoC types and implemented services:

IP addresses

• AbuseIPDB
• IPQualityScore
• Virustotal
• Alienvault
• Blocklist.de
• THREATfox (abuse.ch)
• Maltiverse
• Shodan
• BGPView
• Pulsedive
• Twitter
• Reddit

Domains

• Virustotal
• Alienvault
• Google Safe Browsing
• Shodan
• Pulsedive
• Twitter
• Reddit

URLs

• Virustotal
• Google Safe Browsing
• URLhaus (abuse.ch)
• Pulsedive
• Twitter
• Reddit

MD5 hashes

• Virustotal
• Alienvault
• THREATfox (abuse.ch)
• MALWAREbazaar (abuse.ch)
• Pulsedive
• Twitter
• Reddit

SHA1 hashes

• Virustotal
• Alienvault
• THREATfox (abuse.ch)
• MALWAREbazaar (abuse.ch)
• Pulsedive
• Twitter
• Reddit

SHA256 hashes

• Virustotal
• Alienvault
• THREATfox (abuse.ch)
• MALWAREbazaar (abuse.ch)
• Pulsedive
• Twitter
• Reddit

Example output for an ip address:

Example output for hashes:

For this tool to work properly, you need to register on the following services and generate API keys:

• https://virustotal.com
• https://otx.alienvault.com
• https://www.abuseipdb.com
• https://threatfox.abuse.ch
• https://www.ipqualityscore.com
• https://maltiverse.com
• https://console.cloud.google.com/apis/credentials
• https://developer.shodan.io/api
• https://pulsedive.com/api
• https://developer.twitter.com
• https://www.reddit.com/prefs/apps