B0bTheSkull/threatpulse

GitHub: B0bTheSkull/threatpulse

多源威胁情报聚合查询工具，支持 CLI 和 Web 仪表板，一站式查询 IP、域名、URL 及文件哈希的恶意状态。

Stars: 0 | Forks: 0

# ThreatPulse ![Python](https://img.shields.io/badge/python-3.8%2B-blue?style=flat-square&logo=python) ![License](https://img.shields.io/badge/license-MIT-green?style=flat-square) ![Flask](https://img.shields.io/badge/dashboard-Flask-red?style=flat-square) ## 数据源 | Feed | Types | 需要认证 | |------|-------|--------------| | **abuse.ch URLhaus** | URL, Host/IP, Domain | No | | **abuse.ch MalwareBazaar** | File hashes (MD5/SHA1/SHA256) | No | | **Feodo Tracker** | IP (C2 blocklist) | No | | **AlienVault OTX** | IP, Domain, Hash | Free API key | ## 安装 ``` git clone https://github.com/B0bTheSkull/threatpulse.git cd threatpulse pip install -r requirements.txt ``` **可选 — AlienVault OTX (免费):** ``` # 在 https://otx.alienvault.com 注册并获取免费 API key export OTX_API_KEY="your_key_here" ``` ## 使用 ### CLI 查询 ``` # 查询可疑 IP python threatpulse.py lookup --ioc 185.220.101.45 --type ip # 查询域名 python threatpulse.py lookup --ioc malware-host.example.com --type domain # 查询 URL python threatpulse.py lookup --ioc "https://malicious.example.com/payload.exe" --type url # 查询文件 hash python threatpulse.py lookup --ioc d41d8cd98f00b204e9800998ecf8427e --type hash # 将结果保存为 JSON python threatpulse.py lookup --ioc 185.220.101.45 --type ip --output result.json ``` ### Feed 管理 ``` # 刷新缓存的 Feodo Tracker blocklist python threatpulse.py feed --update # 显示 blocklist 统计信息 python threatpulse.py feed --stats ``` ### Web Dashboard ``` python threatpulse.py serve # 打开 http://localhost:5000 ``` ## 示例输出 ``` ╔══════════════════════════════════════════╗ ║ ThreatPulse v1.0 ║ ║ Threat Intelligence Aggregator ║ ╚══════════════════════════════════════════╝ IOC: 185.220.101.45 Type: ip Threat Level: MALICIOUS Sources: 3 queried [URLhaus] ⚠ FOUND — listed as malicious Host: 185.220.101.45 Url count: 12 Blacklists: {'spamhaus_dbl': 'not listed', 'surbl': 'listed'} Recent urls: https://185.220.101.45/payload.exe, ... [Feodo Tracker] ⚠ FOUND — listed as malicious Ip: 185.220.101.45 Port: 443 Malware: Emotet Status: online Country: DE [OTX] ⚠ FOUND — listed as malicious Pulse count: 47 Country: Germany Pulses: Emotet Campaign Q1, Tor Exit Nodes, ... ``` ## Web Dashboard 运行 `python threatpulse.py serve` 并访问 `http://localhost:5000`，即可使用包含以下功能的深色主题仪表板： - **IOC 查询** — 输入任意指标并选择类型 - **最近查询** 表格（带威胁等级标签） - 根据来源用颜色区分的结果 ## 路线图 - [ ] Shodan 集成 - [ ] VirusTotal API 支持 - [ ] 从文件批量查询 IOC - [ ] 发现恶意结果时通过 Slack/webhook 报警 - [ ] MISP 集成 ## 许可证 MIT

标签：C2服务器追踪, DAST, ESC4, Feodo Tracker, Flask, IOC查询, IP黑名单, MalwareBazaar, OSINT, Python安全工具, SOC辅助工具, URLhaus, Web仪表板, 域名信誉, 威胁情报聚合, 安全运营, 恶意软件分析, 扫描框架, 指标查询, 文件哈希检测, 逆向工具