Intelowl
| Project Name | Stars | Downloads | Repos Using This | Packages Using This | Most Recent Commit | Total Releases | Latest Release | Open Issues | License | Language |
|---|---|---|---|---|---|---|---|---|---|---|
| Threat Intel | 109 | 19 hours ago | mit | Python | ||||||
| Threat-Intel repository. API: https://github.com/davidonzo/apiosintDS | ||||||||||
| Intelowl Ng | 81 | a year ago | 20 | other | TypeScript | |||||
| IntelOwl's Web Interface. Built with Angular 10. | ||||||||||
| Go Hacking | 66 | a month ago | apache-2.0 | Go | ||||||
| A comprehensive and FREE Online Go hacking tutorial utilizing the x64, ARM64 and ARM32 architectures going step-by-step into the world of reverse engineering Golang from scratch. | ||||||||||
| The Dpdk Examples | 23 | 6 months ago | mit | C | ||||||
| Program examples utilizing the DPDK. The DPDK is a kernel-bypass network library that allows for very fast network packet processing. This is great for (D)DoS mitigation and low-latency packet inspection, manipulation, and forwarding. | ||||||||||
| The Dpdk Common | 18 | 5 months ago | mit | C | ||||||
| A repository that includes common helper functions for writing applications in the DPDK. I will be using this for my future projects in the DPDK. | ||||||||||
| Cybersecurity Threat Intelligence | 10 | 7 months ago | apache-2.0 | |||||||
| An ongoing & curated collection of awesome software best practices and remediation techniques, libraries and frameworks, E-books and videos, Technical guidelines and important resources about Threat Intelligence. | ||||||||||
| Spectre_meltdown | 6 | 5 years ago | ||||||||
| Meltdown and Spectre : CPU vulnerabilitiesāāāExplained and Exploited | ||||||||||
| Phintel | 2 | a year ago | mit | Python | ||||||
| Phintel (phishing intel) is a simple project intended to automatically combine multiple phishing intelligence feeds into a single set of actionable data. | ||||||||||
| Intel_apis | 1 | 6 years ago | mit | Python | ||||||
| a collection of APIs used to query different cyber threat intel resources | ||||||||||
| Zeek Otx | 1 | 2 years ago | bsd-3-clause | Python | ||||||
| Repository of scripts to add AlienVault's OTX intel feed to Zeek and Security Onion 2 | ||||||||||
Intel Owl
Do you want to get threat intelligence data about a malware, an IP or a domain? Do you want to get this kind of data from multiple sources at the same time using a single API request?
You are in the right place!
Intel Owl is an Open Source Intelligence, or OSINT solution to get threat intelligence data about a specific file, an IP or a domain from a single API at scale. It integrates a number of analyzers available online and a lot of cutting-edge malware analysis tools. It is for everyone who needs a single point to query for info about a specific file or observable.
Features
- Provides enrichment of Threat Intel for malware as well as observables (IP, Domain, URL, hash, etc).
- This application is built to scale out and to speed up the retrieval of threat info.
- Thanks to the official libraries pyintelowl and go-intelowl, it can be integrated easily in your stack of security tools to automate common jobs usually performed, for instance, by SOC analysts manually.
- Intel Owl is composed of:
- analyzers that can be run to either retrieve data from external sources (like VirusTotal or AbuseIPDB) or to generate intel from internally available tools (like Yara or Oletools)
- connectors that can be run to export data to external platforms (like MISP or OpenCTI)
- playbooks that are meant to make analysis easily repeatable
- API REST written in Django and Python 3.9.
- Built-in frontend client written in ReactJS, with certego-ui: provides features such as dashboard, visualizations of analysis data, easy to use forms for requesting new analysis, etc.
Documentation 
We try hard to keep our documentation well written, easy to understand and always updated. All info about installation, usage, configuration and contribution can be found here
Publications
To know more about the project and its growth over time, you may be interested in reading the following official blog posts and/or videos:
- Youtube demo
- Certego Blog: v.4.0.0 Announcement
- Honeynet Blog: v3.0.0 Announcement
- Intel Owl on Daily Swig
- Honeynet Blog: v1.0.0 Announcement
- Certego Blog: First announcement
Available services or analyzers
You can see the full list of all available analyzers in the documentation.
| Type | Analyzers Available |
|---|---|
| Inbuilt modules | - Static Office Document, RTF, PDF, PE File Analysis and metadata extraction - Strings Deobfuscation and analysis (FLOSS, Stringsifter, ...) - PE Emulation with Qiling and Speakeasy - PE Signature verification - PE Capabilities Extraction (CAPA) - Javascript Emulation (Box-js) - Android Malware Analysis (Quark-Engine, ...) - SPF and DMARC Validator - Yara (a lot of public rules are available. You can also add your own rules) - more... |
| External services | - Abuse.ch MalwareBazaar/URLhaus/Threatfox/YARAify - Dragonfly sandbox - GreyNoise v2 - Intezer - VirusTotal v3 - Crowdsec - URLscan - Shodan - AlienVault OTX - Intelligence_X - MISP - many more.. |
Partnerships and sponsors
As open source project maintainers, we strongly rely on external support to get the resources and time to work on keeping the project alive, with a constant release of new features, bug fixes and general improvements.
Because of this, we joined Open Collective to obtain non-profit equal level status which allows the organization to receive and manage donations transparently. Please support IntelOwl and all the community by choosing a plan (BRONZE, SILVER, etc).
š„ GOLD
Certego
Certego is a MDR (Managed Detection and Response) and Threat Intelligence Provider based in Italy.
IntelOwl was born out of Certego's Threat intelligence R&D division and is constantly maintained and updated thanks to them.
Dragonfly, an automated sandbox to emulate and analyze malware, is a new public service by Certego developed by the same team behind IntelOwl. It is now available as the
Dragonfly_Emulationanalyzer in IntelOwl. Sign up on Dragonfly today for free access!
The Honeynet Project
The Honeynet Project is a non-profit organization working on creating open source cyber security tools and sharing knowledge about cyber threats.
Thanks to Honeynet, we are hosting a public demo of the application here. If you are interested, please contact a member of Honeynet to get access to the public service.
Google Summer of Code
Since its birth this project has been participating in the Google Summer of Code (GSoC)!
If you are interested in participating in the next Google Summer of Code, check all the info available in the dedicated repository!
š„ SILVER
ThreatHunter.ai
ThreatHunter.aiĀ®, is a 100% Service-Disabled Veteran-Owned Small Business started in 2007 under the name Milton Security Group. ThreatHunter.ai is the global leader in Dynamic Threat Hunting. Operating a true 24x7x365 Security Operation Center with AI/ML-enhanced human Threat Hunters, ThreatHunter.ai has changed the industry in how threats are found, and mitigated in real time. For over 15 years, our teams of Threat Hunters have stopped hundreds of thousands of threats and assisted organizations in defending against threat actors around the clock.
š„ BRONZE
LimaCharlie
LimaCharlie gives security teams full control over how they manage their security infrastructure. Get full visibility into your coverage, build what you want, control your data, get the security capabilities you need, for however long you need them, and pay only for what you use.
Read everything about this partnership in the LimaCharlie's blog.
Docker
In 2021 IntelOwl joined the official Docker Open Source Program. This allows IntelOwl developers to easily manage Docker images and focus on writing the code. You may find the official IntelOwl Docker images here.
Other collaborations
About the author and maintainers
Feel free to contact the main developers at any time on Twitter:
- Matteo Lodi: Author and creator
- Eshaan Bansal: Principal maintainer
- Simone Berni: Key Contributor and Backend Maintainer
- Daniele Rosetti: Key Contributor and Frontend Maintainer
