Indicator-Intelligence – Finds Related Domains And IPv4 Addresses

Description

Finds related domains and IPv4 addresses to do threat intelligence after Indicator-Intelligence collects static files.

In today’s digital age, businesses and organizations are increasingly relying on technology to store and manage data. However, with the growing sophistication of cyber threats, it’s become crucial for companies to have an effective threat intelligence strategy in place. One such strategy is to use static file analysis tools that can help identify potential threats from known indicators.

However, once static files have been analyzed for malicious indicators, the next step is to find related domains and IPv4 addresses associated with them. This can be a daunting task as cybercriminals often use multiple domains and IP addresses to carry out their attacks. Fortunately, there are tools available that can automate this process and provide valuable insight into potential threats.

By using these tools, businesses can gain a better understanding of the scope of a potential cyber attack and take proactive measures to protect themselves against it.

Screenshot

Indicator-Intelligence

Done

  •  Related domains, IPs collect

Installation

  • From Source Code

You can use virtualenv for package dependencies before installation.

git clone https://github.com/OsmanKandemir/indicator-intelligence.git
cd indicator-intelligence
python setup.py build
python setup.py install
  • From Pypi

The script is available on PyPI. To install with pip:

pip install indicatorintelligence
  • From Dockerfile

You can run this application on a container after build a Dockerfile.

docker build -t indicator .
docker run indicator --domains target-web.com --json
  • From DockerHub
docker pull osmankandemir/indicator
docker run osmankandemir/indicator --domains target-web.com --json
  • From Poetry
pip install poetry
poetry install

Usage

-d DOMAINS [DOMAINS], --domains DOMAINS [DOMAINS] Input Targets. --domains target-web1.com target-web2.com
-p PROXY, --proxy PROXY Use HTTP proxy. --proxy 0.0.0.0:8080
-a AGENT, --agent AGENT Use agent. --agent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64)'
-o JSON, --json JSON  JSON output. --json

Function Usage

from indicator.indicator import Indicator

#SCAN
Indicator(["target-web.com"])

#OUTPUT
Indicator(["target-web.com"],json=True)

Development and Contribution

See; CONTRIBUTING.md

License

Copyright (c) 2023 Osman Kandemir
Licensed under the GPL-3.0 License.

For more Scripts click HERE