Do you want to get threat intelligence data about a malware, an IP or a domain? Do you want to get this kind of data from multiple sources at the same time using a single API request?
You are in the right place!
Intel Owl is an Open Source Intelligence, or OSINT solution to get threat intelligence data about a specific file, an IP or a domain from a single API at scale. It integrates a number of analyzers available online and a lot of cutting-edge malware analysis tools. It is for everyone who needs a single point to query for info about a specific file or observable.
Documentation about IntelOwl installation, usage, configuration and contribution can be found at https://intelowl.readthedocs.io/.
To know more about the project and it's growth over time, you may be interested in reading the following:
|Inbuilt modules||- Static Document, RTF, PDF, PE, Generic File Analysis
- Strings analysis with ML
- PE Emulation with Speakeasy
- PE Signature verification
- PE Capabilities Extraction
- Android Malware Analysis
- SPF and DMARC Validator
|External services||- Dragonfly malware sandbox
- GreyNoise v2
- VirusTotal v2+v3
- AlienVault OTX
- Abuse.ch MalwareBazaar/Threatfox
- many more..
|Free modules that require additional configuration||- Cuckoo (requires at least one working Cuckoo instance)
- MISP (requires at least one working MISP instance)
- Yara (a lot of public rules area available. There's also the chance to add your own rules)
We have an official sponsorship program for companies, organizations and individuals who support IntelOwl development. For more details on how to join the list below, read the page: Partnership and sponsors.
Certego is a MSSP and Threat Intelligence Provider based in Italy.
IntelOwl was born out of Certego's Threat intelligence R&D division and is constantly maintained and updated thanks to them.
Dragonfly, an automated sandbox to emulate and analyze malware, is a new public service by Certego developed by the same team behind IntelOwl. It is now available as the
Dragonfly_Emulationanalyzer in IntelOwl. Sign up on Dragonfly today for free access!
The Honeynet Project is a non-profit organization working on creating open source cyber security tools and sharing knowledge about cyber threats.
Since its birth, thanks to this organization, this project has been participating in the Google Summer of Code (GSoC)!
Project Summaries and/or in-development projects:
If you are interested in being the next GSoC developer for IntelOwl, join the Honeynet Slack chat for more info.
(Plus we have just started a new project called GreedyBear that will be proposed to the GSoC too.)
Tines is no-code automation for security teams. Build powerful, reliable workflows without a development team.
IntelOwl is officially integrated in Tines. Read everything about this partnership in the Tines' blog
In 2021 IntelOwl joined the official Docker Open Source Program. This allows IntelOwl developers to easily manage Docker images and focus on writing the code.
If you are an individual who likes this project and want to thank us with a little contribution, we would be happy to list you here in the README as a public acknowledgment.
Feel free to contact the main developers at any time on twitter: