[go: up one dir, main page]

Skip to content

Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scale

License

Notifications You must be signed in to change notification settings

ekmixon/IntelOwl

Β 
Β 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 

Repository files navigation

Intel Owl

GitHub release (latest by date) GitHub Repo stars Docker Twitter Follow Official Site

Language grade: Python CodeFactor Code style: black Imports: isort Build & Tests codecov

Intel Owl

Do you want to get threat intelligence data about a malware, an IP or a domain? Do you want to get this kind of data from multiple sources at the same time using a single API request?

You are in the right place!

Intel Owl is an Open Source Intelligence, or OSINT solution to get threat intelligence data about a specific file, an IP or a domain from a single API at scale. It integrates a number of analyzers available online and a lot of cutting-edge malware analysis tools. It is for everyone who needs a single point to query for info about a specific file or observable.

Features

  • Provides enrichment of threat intel for malware as well as observables (IP, Domain, URL and hash).
  • This application is built to scale out and to speed up the retrieval of threat info.
  • It can be integrated easily in your stack of security tools (pyintelowl) to automate common jobs usually performed, for instance, by SOC analysts manually.
  • Intel Owl is composed of:
    • analyzers that can be run to retrieve data from external sources (like VirusTotal or AbuseIPDB) or to generate intel from internal analyzers (like Yara or Oletools)
    • connectors that can be run to export data to external platforms
  • API written in Django and Python 3.9.
  • Inbuilt frontend client: IntelOwl-ng provides features such as dashboard, visualizations of analysis data, easy to use forms for requesting new analysis, etc. Live Demo.

Documentation Documentation Status

Documentation about IntelOwl installation, usage, configuration and contribution can be found at https://intelowl.readthedocs.io/.

Blog posts

To know more about the project and it's growth over time, you may be interested in reading the following:

Available services or analyzers

You can see the full list of all available analyzers in the documentation or live demo.

Type Analyzers Available
Inbuilt modules - Static Document, RTF, PDF, PE, Generic File Analysis
- Strings analysis with ML
- PE Emulation with Speakeasy
- PE Signature verification
- PE Capabilities Extraction
- Emulated Javascript Analysis
- Android Malware Analysis
- SPF and DMARC Validator
- more...
External services - Dragonfly malware sandbox
- GreyNoise v2
- Intezer
- VirusTotal v2+v3
- HybridAnalysis
- URLscan
- Shodan
- AlienVault OTX
- Intelligence_X
- Abuse.ch MalwareBazaar/Threatfox
- many more..
Free modules that require additional configuration - Cuckoo (requires at least one working Cuckoo instance)
- MISP (requires at least one working MISP instance)
- Yara (a lot of public rules area available. There's also the chance to add your own rules)

Partnerships and sponsors

We have an official sponsorship program for companies, organizations and individuals who support IntelOwl development. For more details on how to join the list below, read the page: Partnership and sponsors.

πŸ₯‡ GOLD

Certego

Certego Logo

Certego is a MSSP and Threat Intelligence Provider based in Italy.

IntelOwl was born out of Certego's Threat intelligence R&D division and is constantly maintained and updated thanks to them.

Dragonfly, an automated sandbox to emulate and analyze malware, is a new public service by Certego developed by the same team behind IntelOwl. It is now available as the Dragonfly_Emulation analyzer in IntelOwl. Sign up on Dragonfly today for free access!

The Honeynet Project

Honeynet.org logo

The Honeynet Project is a non-profit organization working on creating open source cyber security tools and sharing knowledge about cyber threats.

Since its birth, thanks to this organization, this project has been participating in the Google Summer of Code (GSoC)!

Project Summaries and/or in-development projects:

If you are interested in being the next GSoC developer for IntelOwl, join the Honeynet Slack chat for more info.

(Plus we have just started a new project called GreedyBear that will be proposed to the GSoC too.)

πŸ₯‰ BRONZE

Tines

Tines logo

Tines is no-code automation for security teams. Build powerful, reliable workflows without a development team.

IntelOwl is officially integrated in Tines. Read everything about this partnership in the Tines' blog

Docker

Docker logo

In 2021 IntelOwl joined the official Docker Open Source Program. This allows IntelOwl developers to easily manage Docker images and focus on writing the code.

🀝 IRON

If you are an individual who likes this project and want to thank us with a little contribution, we would be happy to list you here in the README as a public acknowledgment.

About the author and maintainers

Feel free to contact the main developers at any time on twitter:

About

Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scale

Resources

License

Code of conduct

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Python 95.8%
  • Dockerfile 2.2%
  • Shell 2.0%