This tool is designed to point SOC Analysts and Threat Hunters in the right direction when looking to enrich an indicator for analysis. Many defenders do not have the level of automation that they would like for this task. Use these tools to check for the presence of your target threat object, on various blacklists, and look up points of enrichment data. For more details on the tools and others, check out the Threat Data page of my Gitbook:
S0cm0nkey's Security Reference Guide: Threat Data**Note: You must allow popups from this page for this tool to work correctly**
Blue: Single Tools, Green: Launches Multiple Tools, Red: Requires Manual Input, Yellow: Manual Input Multiple Objects
Multi-Blacklist Checkers: These are tools that take a domain or IP adddress and search accross multiple blacklists. These will often have more data than just reputation. Read the details for more information.
IP Address Only Reputation Checkers: These are tools that will look for the presence of an IP address on different blacklists.
Proxy/VPN/TOR Checkers: These are tools will veryify if an IP is used as a form of proxy such as TOR or VPN Exit Node.
Domain Only Reputation Checkers: These are tools that will look for the presence of a Domain on different blacklists.
Threat Intelligence Platforms: These are platforms with vast intelligence on various indicators. Some have a portal for accessing some intelligence for free.
Threat Enrichment Tools: These are tools can be used to return contextual data for the target Threat Object.
Cyber Search Engines and Internet Scanners: These are tools can be used to return miscellaneous data for the target Threat Object.