Home

Awesome

<img src="static/intel_owl_positive.png" width=547 height=150 alt="Intel Owl"/>

GitHub release (latest by date) GitHub Repo stars Docker Twitter Follow Linkedin Official Site Live Instance

CodeFactor Code style: black Imports: isort CodeQL Dependency Review Build & Tests DeepSource OpenSSF Scorecard OpenSSF Best Practices

Intel Owl

Do you want to get threat intelligence data about a malware, an IP address or a domain? Do you want to get this kind of data from multiple sources at the same time using a single API request?

You are in the right place!

IntelOwl is an Open Source solution for management of Threat Intelligence at scale. It integrates a number of analyzers available online and a lot of cutting-edge malware analysis tools.

Features

This application is built to scale out and to speed up the retrieval of threat info.

It provides:

Documentation

We try hard to keep our documentation well written, easy to understand and always updated. All info about installation, usage, configuration and contribution can be found here

Publications and Media

To know more about the project and its growth over time, you may be interested in reading the official blog posts and/or videos about the project by clicking on this link

Available services or analyzers

You can see the full list of all available analyzers in the documentation.

TypeAnalyzers Available
Inbuilt modules- Static Office Document, RTF, PDF, PE File Analysis and metadata extraction<br/> - Strings Deobfuscation and analysis (FLOSS, Stringsifter, ...)<br/> - PE Emulation with Qiling and Speakeasy<br/> - PE Signature verification<br/> - PE Capabilities Extraction (CAPA)<br/> - Javascript Emulation (Box-js)<br/> - Android Malware Analysis (Quark-Engine, ...)<br/> - SPF and DMARC Validator<br/> - Yara (a lot of public rules are available. You can also add your own rules)<br/> - more...
External services- Abuse.ch <a href="https://bazaar.abuse.ch/about/" target="_blank">MalwareBazaar</a>/<a href="https://urlhaus.abuse.ch/" target="_blank">URLhaus</a>/<a href="https://threatfox.abuse.ch/about/" target="_blank">Threatfox</a>/<a href="https://yaraify.abuse.ch/about/" target="_blank">YARAify</a></br> - <a href="https://docs.greynoise.io/docs/3rd-party-integrations" target="_blank"> GreyNoise v2</a><br/> - <a href="https://analyze.intezer.com/?utm_source=IntelOwl" target="_blank"> Intezer</a><br/> - VirusTotal v3<br/> - <a href="https://doc.crowdsec.net/docs/next/cti_api/integration_intelowl/?utm_source=IntelOwl" target="_blank"> Crowdsec</a><br/> - <a href="https://urlscan.io/docs/integrations/" target="_blank">URLscan</a><br/> - Shodan<br/> - AlienVault OTX<br/> - <a href="https://intelx.io/integrations" target="_blank">Intelligence_X</a><br/> - <a href="https://www.misp-project.org/" target="_blank">MISP</a><br/> - many more..

Partnerships and sponsors

As open source project maintainers, we strongly rely on external support to get the resources and time to work on keeping the project alive, with a constant release of new features, bug fixes and general improvements.

Because of this, we joined Open Collective to obtain non-profit equal level status which allows the organization to receive and manage donations transparently. Please support IntelOwl and all the community by choosing a plan (BRONZE, SILVER, etc).

<a href="https://opencollective.com/intelowl-project/donate" target="_blank"> <img src="https://opencollective.com/intelowl-project/donate/button@2x.png?color=blue" width=200 /> </a>

🥇 GOLD

Certego

<a href="https://certego.net/?utm_source=intelowl"> <img style="margin-right: 2px" width=250 height=71 src="static/Certego.png" alt="Certego Logo"/></a>

Certego is a MDR (Managed Detection and Response) and Threat Intelligence Provider based in Italy.

IntelOwl was born out of Certego's Threat intelligence R&D division and is constantly maintained and updated thanks to them.

The Honeynet Project

<a href="https://www.honeynet.org"> <img style="border: 0.2px solid black" width=125 height=125 src="static/honeynet_logo.png" alt="Honeynet.org logo"> </a>

The Honeynet Project is a non-profit organization working on creating open source cyber security tools and sharing knowledge about cyber threats.

Thanks to Honeynet, we are hosting a public demo of the application here. If you are interested, please contact a member of Honeynet to get access to the public service.

Google Summer of Code

<a href="https://summerofcode.withgoogle.com/"> <img style="border: 0.2px solid black" width=150 height=89 src="static/gsoc_logo.png" alt="GSoC logo"> </a>

Since its birth this project has been participating in the Google Summer of Code (GSoC)!

If you are interested in participating in the next Google Summer of Code, check all the info available in the dedicated repository!

🥈 SILVER

ThreatHunter.ai

<a href="https://threathunter.ai?utm_source=intelowl"> <img style="border: 0.2px solid black" width=194 height=80 src="static/threathunter_logo.png" alt="ThreatHunter.ai logo"> </a>

ThreatHunter.ai®, is a 100% Service-Disabled Veteran-Owned Small Business started in 2007 under the name Milton Security Group. ThreatHunter.ai is the global leader in Dynamic Threat Hunting. Operating a true 24x7x365 Security Operation Center with AI/ML-enhanced human Threat Hunters, ThreatHunter.ai has changed the industry in how threats are found, and mitigated in real time. For over 15 years, our teams of Threat Hunters have stopped hundreds of thousands of threats and assisted organizations in defending against threat actors around the clock.

🥉 BRONZE

Docker

In 2021 IntelOwl joined the official Docker Open Source Program. This allows IntelOwl developers to easily manage Docker images and focus on writing the code. You may find the official IntelOwl Docker images here.

DigitalOcean

In 2022 IntelOwl joined the official DigitalOcean Open Source Program.

About the author and maintainers

Feel free to contact the main developers at any time on Twitter:

Consultancy

IntelOwl's maintainers are available to offer paid consultancy and mentorship.