stanfrbd/cyberbro

GitHub: stanfrbd/cyberbro

一个从原始文本中自动提取IoC并通过多个威胁情报服务进行信誉检查的轻量级工具。

Stars: 619 | Forks: 58

Cyberbro


A simple application that extracts your IoCs from garbage input and checks their reputation using multiple services.
🌐 demo.cyberbro.net

GitHub stars Follow on X/Twitter Mastodon GitHub issues License build and test badge pre-commit validation badge Python

# 关于 本项目受 [Cybergordon](https://cybergordon.com/) 和 [IntelOwl](https://github.com/intelowlproject/IntelOwl) 启发。 本项目旨在提供一种简单高效的方式来检查您的可观测对象的信誉,使用多个服务, 无需部署**复杂**的解决方案。请参阅 https://docs.cyberbro.net/ 获取文档支持 # 演示 ![graph_demo](https://github.com/user-attachments/assets/9116b9d8-ae81-4ff7-a6c3-b613929490ca) # 功能 * **简单输入**:粘贴原始日志或 IoC - 自动解析和提取。 * **多服务检查**:对 IP、哈希值、域名、URL 和 Chrome 扩展程序 ID 进行跨多个威胁情报服务的信誉查询。 * **综合报告**:高级搜索、筛选,并支持导出为 CSV/Excel。 * **快速处理**:采用多线程以提高速度。 * **自动扩展**:通过反向 DNS 和 RDAP / Whois 发现相关域名、URL 和 IP。 * **准确的域名和滥用信息**:RDAP / Whois 和滥用联系人查询。 * **集成**:Microsoft Defender for Endpoint、CrowdStrike、OpenCTI、Grep.App、Hudson Rock 等。 * **代理和存储**:代理支持,结果存储在 SQLite 中。 * **历史和图表**:分析历史和实验性图表视图。 * **缓存**:为更快的重复查询启用缓存(在多引擎级别启用,而非每个引擎)。 # Cyberbro 的独特之处 * **适合初学者**:适合所有技能水平。 * **Chrome 扩展程序 ID 查询**:从 ID 获取扩展程序名称和 CTI 数据。 * **轻量级部署**:简单设置和使用。 * **高级 TLD 提取**:准确的根域名检测,以获得更好的查询结果。 * **实用的数据收集**:使用 GitHub 和 Google 查找被忽略的 IoC。 * **CTI 报告集成**:从 IOC.One 获取与 IoC 相关的报告。 * **EDR 集成**:针对您自己的安全工具(MDE、CrowdStrike)检查可观测对象。 # 快速入门 - 简明版 # 入门指南 * 首先,克隆仓库 ``` git clone https://github.com/stanfrbd/cyberbro cd cyberbro ``` ## 编辑配置文件(必需) ``` cp secrets-sample.json secrets.json ``` * 在 `secrets.json` 文件中填写值(包括代理,如需要)。 ``` { "abuseipdb": "token_here", "alienvault": "token_here", "criminalip_api_key": "token_here", "crowdstrike_client_id": "client_id_here", "crowdstrike_client_secret": "client_secret_here", "dfir_iris_api_key": "token_here", "dfir_iris_url": "https://dfir-iris.local", "google_cse_cx": "cx_here", "google_cse_key": "key_here", "google_safe_browsing": "token_here", "ipapi": "token_here", "ipinfo": "token_here", "mde_client_id": "client_id_here", "mde_client_secret": "client_secret_here", "mde_tenant_id": "tenant_here", "misp_api_key": "token_here", "misp_url": "https://misp.local", "opencti_api_key": "token_here", "opencti_url": "https://demo.opencti.io", "proxy_url": "", "rl_analyze_api_key": "token_here", "rl_analyze_url": "https://spectra_analyse_url_here", "rosti_api_key": "token_here", "shodan": "token_here", "spur_us": "token_here", "threatfox": "token_here", "virustotal": "token_here", "webscout": "token_here" } ``` * 从各服务的官方文档获取 API 密钥。 * Microsoft Defender for Endpoint (MDE) 是付费服务,如果您没有账户可以跳过(默认未选中)。 请参阅文档中的[高级部署选项](https://docs.cyberbro.net/quick-start/Advanced-options-for-deployment)以获取所有自定义选项 # 启动应用 ## 简单便捷 - 使用 docker ``` docker compose up # use -d to run in background and use --build to rebuild the image ``` * 访问 http://127.0.0.1:5000 并开始使用 请参阅文档中的[高级部署选项](https://docs.cyberbro.net/quick-start/Advanced-options-for-deployment)以获取所有 Docker 部署选项。 ## 传统方式 * 克隆仓库并安装依赖项。 在安装依赖项之前,您可能需要创建一个 [`venv`](https://docs.python.org/3/library/venv.html)。 ``` pip install -r requirements.txt ``` * 使用 `gunicorn` 运行应用(清洁模式)。 ``` gunicorn -c prod/gunicorn.conf.py app:app ``` * 以开发模式运行应用。 ``` python3 app.py ``` # 屏幕截图
查看所有屏幕截图 image image image
image image # Cyberbro 浏览器扩展

Get Cyberbro Analyzer for Firefox Get Cyberbro Analyzer for Chromium Get Cyberbro Analyzer for Microsoft Edge

# Cyberbro API * API 可通过 `/api/` 访问,可通过 GUI 或命令行使用。 **目前有 3 个端点:** * `/api/analyze` - 分析文本并返回分析 ID (JSON)。 * `/api/is_analysis_complete/` - 检查分析是否完成 (JSON)。 * `/api/results/` - 获取先前分析的结果 (JSON)。 ``` curl -X POST "http://localhost:5000/api/analyze" -H "Content-Type: application/json" -d '{"text": "cyberbro.net", "engines": ["reverse_dns", "rdap_whois"]}' ``` ``` { "analysis_id": "e88de647-b153-4904-91e5-8f5c79174854", "link": "/results/e88de647-b153-4904-91e5-8f5c79174854" } ``` ``` curl "http://localhost:5000/api/is_analysis_complete/e88de647-b153-4904-91e5-8f5c79174854" ``` ``` { "complete": true } ``` ``` curl "http://localhost:5000/api/results/e88de647-b153-4904-91e5-8f5c79174854" ``` ``` [ { "observable": "cyberbro.net", "rdap_whois": { "abuse_contact": "registrar-abuse@cloudflare.com", "creation_date": "2024-12-20", "data_source": "rdap", "emails": [ "registrar-abuse@cloudflare.com" ], "expiration_date": "2026-12-20", "link": "https://rdap.verisign.com/net/v1/domain/CYBERBRO.NET", "name_servers": [ "anderson.ns.cloudflare.com", "lisa.ns.cloudflare.com" ], "organization": null, "registrant": null, "registrant_country": null, "registrant_email": null, "registrar": "Cloudflare, Inc.", "update_date": "2025-11-20" }, "reverse_dns": { "reverse_dns": [ "172.67.197.226", "104.21.42.7" ] }, "reversed_success": true, "type": "FQDN" } ] ``` # API 和第三方服务 * [AbuseIPDB](https://docs.abuseipdb.com/) * [Abusix](https://abusix.com/) * [Alienvault](https://otx.alienvault.com/) * [CriminalIP](https://www.criminalip.io/) * [CrowdStrike](https://www.crowdstrike.com/) * [crt.sh](https://crt.sh/) * [DFIR Iris](https://www.dfir-iris.org/) * [Github](https://github.com/) * [Google Safe Browsing](https://developers.google.com/safe-browsing) * [Google](https://google.com/) * [Google DNS](https://dns.google/) * [Grep.App](https://grep.app/) * [Hudson Rock](https://hudsonrock.com/) * [ICANN](https://lookup.icann.org/) * [IPapi](https://ipapi.is/) * [IPinfo](https://ipinfo.io/developers) * [IPquery](https://ipquery.gitbook.io/ipquery-docs) * [Ioc.One](https://ioc.one/) * [Microsoft Defender for Endpoint](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-for-endpoint-api) * [MISP](https://www.misp-project.org/) * [OpenCTI](https://www.opencti.io/) * [OpenRDAP](https://www.openrdap.org/) * [Phishtank](https://www.phishtank.com/) * [ReversingLabs Spectra Analyze](https://www.reversinglabs.com/products/spectra-analyze) * [Rösti](https://rosti.bin.re/) - 重新打包的开源威胁情报 * [Shodan](https://developer.shodan.io/) * [Spur.us](https://spur.us/) * [ThreatFox](https://threatfox.abuse.ch/api/) * [URLscan](https://urlscan.io/) * [VirusTotal](https://developers.virustotal.com/v3.0/reference) * [WebScout](https://webscout.io/) # 许可证 ``` MIT License Copyright (c) 2025 stanfrbd Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ``` # 标志 本项目中使用的标志可供个人和商业免费使用,可在此处[找到](https://www.veryicon.com/icons/object/material_design_icons/web-39.html)。
标签:APT分析, CTI工具, DAST, IOC, IoC提取, IP地址信誉, masscan, Python, SOC工具, URL信誉, 哈希检查, 域名信誉, 威胁情报, 威胁情报平台, 安全运营, 开发者工具, 恶意指标检测, 恶意活动检测, 恶意软件分析, 扫描框架, 无后门, 漏洞发现, 请求拦截