文档章节

Harpoon: an OSINT / Threat Intelligence tool

BaiyuanLab
 BaiyuanLab
发布于 2018/03/06 13:10
字数 634
阅读 12
收藏 0

Harpoon is a tool to automate threat intelligence and open source intelligence tasks. It is written in Python 3 and organised in plugins so the idea is to have one plugin per platform or task. The code is on Github, feel free to open issues and propose Pull Requests.

Harpoon ?

For the past year and a half I have been pretty busy doing threat intelligence and open source intelligence on several malware operations. Threat Intelligence mainly relies on passive DNS/malware databases on one side, and databases on malicious activity on the other side. The objective is to map an attack’s infrastructure and if possible link it with other malicious activities. Some threat intelligence platforms are accessible to everyone (like OTX or RobTex) while others are commercial with or without free access (like VirusTotal or PassiveTotal). In the end, a large part of this activity is about looking for information in different platforms. Many people have tried to create a platform centralizing information from other platforms, but we always end up having yet another platform to consider during the research.

 

New standards problem totally applies to Threat Intelligence (xkcd 927)

 

Open Source Intelligence (aka OSINT) on the other side is way more diverse. The objective is to get as much information as possible on someone or a group of people using any data source openly accessible on Internet. Of course there are some interesting platforms (like SpyOnWeb) but you may also have to do research in social media, cache platforms and many other random tasks depending where your investigation leads you.

In all that, a large number of tasks are completely manual and it sucks. At first, I tried to create random python scripts to automate some of these tasks but it became quickly a mess : too many scripts, some in python 2 some in python 3, some using config files and some getting API key in parameters… After a while, I started to organize these scripts as modules for a tool called Harpoon and after some months of using it, I think it is time to make it open source to see if it can help other people.

Some notes on the principles behind this tool :

  • Python 3 only, python 2 is dead, I am not even trying to support it
  • Many OSINT tools try to gather as much information as possible from an indicator (domain or email) without really any interest on where it comes from. Harpoon does not follow this philosophy. It mostly allows you to realise a single task per command (with a couple of more general commmands using several tools). I think it is really important during an investigation to understand where an information comes from and how reliable it is.
  • In many cases, I also wanted to explore APIs to see what was possible with them, and I ended up rewriting some libraries (like SpyOnWeb) just because I wanted to understand exactly what it did and how. So I reinvented the wheel many times and I am totally fine with it.
  • Harpoon is organized into subcommands that are easy to implement, these commands rely on internal or external libraries. These commands also use a single configuration file that you need to complete manually when an API key is needed.
  • This tool is not perfect, it only does what I needed to automate, it is likely buggy and has a long list of things I would like to implement one day (but it may never happen). Feel free to open issues or propose Pull Requests.

This post will be boring, mainly because I try to be as exhaustive as I can to complete the limited existing documentation about the tool. Feel free to jump to the sections you are interested to read

 

本文转载自:https://www.randhome.io/blog/2018/02/23/harpoon-an-osint-/-threat-intelligence-tool/

共有 人打赏支持
BaiyuanLab
粉丝 4
博文 13
码字总数 1888
作品 0
台北
私信 提问
OSINT + Python = 自定义黑客

去年5月10号和11号,计算机取证专家(Computer Forensic Expert)课程在Reus(西班牙)由专业司法软件鉴定协会(ANTPJI)主持举行,我是其中一个成员,也是一个讲师,在那次课程中我有幸做了我...

renwofei423
2013/07/09
3.3K
2
2018 Security Predictions (Part 5)

Given how fast technology is changing, we thought it would be interesting to ask IT executives to share their thoughts on the biggest surprises in 2017 and their predictions for......

Tom Smith
2017/12/20
0
0
Technology Predictions for 2018 and Beyond

Every year about this time, we gaze into crystal balls to divine the future of our industry – or at least where it’s headed over the next 365 days. The result is often a triu......

Otto Berkes
2017/12/22
0
0
恶意Chrome扩展:最近3年内至少有5900万个用户浏览器受到感染

     之前我阅读过一篇关于AdBlock的文章,这篇文章对我的启发很大。由此,我发现了一种基于利用此活动在.txt中进行域比较的独特哈希用法的广告检测方法。具体来说,就是在我最初通过Chr...

嘶吼RoarTalk
2018/05/29
0
0
公共资源情报(OSINT)工具Automater

公共资源情报(OSINT)工具Automater 公共资源情报(OSINT)就是从公共信息中提取有用情报。它是美国中央情报局(CIA)的一种情报搜集手段,各国都在广泛利用这种方式。Kali Linux提供的Aut...

大学霸
2016/12/19
34
0

没有更多内容

加载失败,请刷新页面

加载更多

EMAS,一部淘宝十年移动互联网技术的演进史

导读 本文根据2018云栖大会深圳峰会·EMAS专场—移动互联的进化论,阿里巴巴高级技术专家泠茗《 EMAS全景介绍》的演讲整理而成,文中就EMAS的起源史及EMAS的五大移动研发场景解决方案进行了分...

迷你芊宝宝
20分钟前
1
0
C# 图片人脸识别

此程序基于 虹软人脸识别进行的开发 前提条件从虹软官网下载获取ArcFace引擎应用开发包,及其对应的激活码(App_id, SDK_key)将获取到的开发包导入到您的应用中 App_id与SDK_key是在初始化...

是哇兴哥棒棒哒
22分钟前
2
0
spring boot web项目连接池配置分析

两篇文档,请读者自行分析: Druid: https://www.cnblogs.com/niejunlei/p/5977895.html HikariCP: http://blog.csdn.net/clementad/article/details/46928621...

sunranhou
24分钟前
1
0
TypeError: Object of type int64 is not JSON serializable

问题 在使用json.dumps(param)将python对象转成json的过程中出现了,如下问题: TypeError: Object of type int64 is not JSON serializable 代码如下: param = { 'remoteId': 'rem......

亚林瓜子
27分钟前
1
0
Android MediaPlayer

1.通过静态方法构造 MediaPlayer.create(Context context,int resid); 2.构造方法: MediaPlayer(); 设置媒体源: setDataSource(String path); 3.设置是否循环: setLooping(boolean) 4.播放......

Coding缘
29分钟前
1
0

没有更多内容

加载失败,请刷新页面

加载更多

返回顶部
顶部