Tools – Threat Intelligence

Top Open Source List of Cyber Security Tools and APIs

Below find a list of my favourite online APIs and software tools that I use on a regular basis in my work

VirusTotal https://www.virustotal.com	Open Source intelligence to check suspicious file hashes or domains against numerous popular EDR/AV engines	On rare occasions malicious actors monitor for submissions of their tools so exercise caution if investigating IOCs relating to a breach
AbuseIPDB https://www.abuseipdb.com	Open Source intelligence to check IP Addresses for malicious activity	Good accuracy of detecting malicious IPs compared to other open source IOC databases
Google DNS API https://dns.google.com/resolve?name={domain}&type=A	Online API for DNS resolution	API lookup of various DNS record types, i.e. NS, MX, AAAA, CNAME
Subdomain Center https://api.subdomain.center/?domain=t.me	Online API to retrieve unknown DNS records for a domain	Very similar to securitytrails.com Use this to see information malicious actors can find out about your organisation
MISP https://www.misp-project.org/	Open source IOC collection, correlation and sharing platform	For people who wish to self host an IOC sharing platform. Simple yet effective and can be configured to cater for complex architectures
NIST National Vulnerability Database https://nvd.nist.gov/vuln/search	U.S. government repository of vulnerability management data	Search for vulnerabilities for various application versions or operating systems.
Shodan.io https://www.shodan.io/?language=en	Open Source information on internet connected devices	A free tool that allows people to find specific types of devices and see how they are connected to the internet. .The website’s slogan is “Searching for devices connected to the Internet,” and the results of a shodan search include lots of information. Users can also use an address or IP to find computers on a network or devices with specific open ports
Any.Run https://app.any.run/	Free online malware, url analysis sandbox	Any.Run is a free service that allows you to run any application on any operating system. Exercise caution
Wazuh https://wazuh.com/	IDS/IPS platform progressing into an XDR/SIEM
Digital Cert check https://crt.sh/	List of digital certificates issued	Sectigo’s certificate log collector: scan most major public certificate authority logs like Digicert, and snapshots SSL certificates going back up to 10 years