Threat Intelligence Python Packages

pycti

Open Cyber Threat Intelligence Platform

bbot

The recursive internet scanner for hackers. 🧡

dnstwist

Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation

iocextract

Defanged Indicator of Compromise (IOC) Extractor.

flare-capa

The FLARE team's open-source tool to identify capabilities in executable files.

ioc-finder

Simple, effective, and modular package for parsing observables (indicators of compromise (IOCs), network data, and other, security related information) from text. It uses grammars rather than regexes which makes it more readable, maintainable, and hackable. Explore our interactive documentation here: https://hightower.space/ioc-finder/

stix-shifter-modules-synchronous-template

This project consists of an open source library allowing software to connect to data repositories using STIX Patterning, and return results as STIX Observations.

anyrun-sdk

Simplify integration with ANY.RUN REST API services

is-crawler

Crawler detection from User-Agent strings in 50 ns. Issues and pull requests welcome!

stix-shifter

This project consists of an open source library allowing software to connect to data repositories using STIX Patterning, and return results as STIX Observations.

greynoise

Python3 library and command line for GreyNoise

user-scanner

🕵️‍♂️ (2-in-1) Email & Username OSINT suite. Analyzes 205+ scan vectors (100+ email / 105+ username) for security research, investigations, and digital footprinting.

pysafebrowsing

Python 3 Google Safe Browsing library

ail-typo-squatting

Generate list of potential typo squatting domains with domain name permutation engine to feed AIL and other systems.

stix-shifter-utils

This project consists of an open source library allowing software to connect to data repositories using STIX Patterning, and return results as STIX Observations.

stix-shifter-modules-splunk

This project consists of an open source library allowing software to connect to data repositories using STIX Patterning, and return results as STIX Observations.

ftagent

Flowtriq DDoS Detection Agent — real-time L3/L4/L7 traffic monitoring, incident detection, PCAP capture, and auto-mitigation

stix-shifter-modules-trendmicro-vision-one

This project consists of an open source library allowing software to connect to data repositories using STIX Patterning, and return results as STIX Observations.

firepit

Firepit - STIX Columnar Storage

csirtg-indicator

The FASTEST way to create indicators!

stix-shifter-modules-qradar

This project consists of an open source library allowing software to connect to data repositories using STIX Patterning, and return results as STIX Observations.

stix-shifter-modules-stix-bundle

This project consists of an open source library allowing software to connect to data repositories using STIX Patterning, and return results as STIX Observations.

stix-shifter-modules-proxy

This project consists of an open source library allowing software to connect to data repositories using STIX Patterning, and return results as STIX Observations.

stix-shifter-modules-azure-sentinel

This project consists of an open source library allowing software to connect to data repositories using STIX Patterning, and return results as STIX Observations.