Cyber Threat Intelligence

Multi-engine malware scanner and threat intelligence platform for files, URLs, IPs, and domains

A malware triage tool that quickly tells analysts what an executable is capable of doing and where those behaviors appear.

A modular enrichment engine that lets TheHive analysts analyze observables in place instead of pivoting across dozens of external CTI tools.

An enrichment and response engine that lets TheHive analysts analyze observables and trigger actions without leaving the case workflow.

A continuously updated phishing and scam domain feed that helps defenders block fraud infrastructure through DNS, hosts files, or API lookups.

The fastest way to confirm whether an email address appears in known data breaches — free, accurate, and maintained by a single researcher who vets every dataset.

A high-speed HTTP probing tool that turns raw host lists into triaged, fingerprinted web targets ready for investigation.

A structured cluster library that gives threat intelligence events actor, malware, and technique context instead of leaving them as unlabeled IOC collections.

An open source threat intelligence platform built for structured IOC management, community sharing, and fast operational distribution.

Fast passive subdomain enumeration that gives pentesters a clean starting point for external recon.

Map an organization's full external attack surface — ASNs, domains, subdomains, and infrastructure relationships — through 50+ integrated data sources and a persistent graph database.

A structured open skill library that gives AI agents concrete cybersecurity workflows mapped to ATT&CK, D3FEND, ATLAS, and NIST frameworks.

A live C2 infrastructure feed that helps defenders hunt, block, and correlate active command-and-control servers by framework type.

Passive certificate transparency searches uncover subdomains and related infrastructure before you ever touch the target.

889,000+ pre-built Google dorks with an AI dork builder for instant recon

A blue-team-first security directory that helps SOC and CTI teams find relevant feeds, rule sources, and detection references without wading through offensive tooling.

Store, correlate, and visualize structured threat intelligence using STIX2 as the native data model — with a 150+ connector ecosystem and graph-based investigation workflows designed for serious TI programs.

Paste a URL and get DNS records, SSL details, security headers, tech stack, WHOIS, and 100+ more domain intelligence checks in a single browser view — in under thirty seconds.

Correlated multi-domain intelligence across conflicts, maritime, aviation, infrastructure, finance, and climate on a single open source map surface.

Technology intelligence — find what any website is built with and who else uses it

Orchestrate IOC enrichment across 100+ threat intelligence sources through a single API — with automated multi-hop correlation and direct output to MISP, OpenCTI, or DFIR-IRIS.

Swiss-based VPN with open-source client and strong jurisdiction for journalists and investigators

Map a target's full digital footprint automatically — domains, IPs, emails, names, and ASNs across 500+ sources.

Website security platform used by investigators to analyze site integrity, malware, and CDN infrastructure

A categorized DFIR directory that helps responders discover forensic, malware, and case-management tools with added adoption signals from GitHub metadata.

Internet-wide scanner with certificate transparency coverage no other tool matches.

A paste-and-submit IOC triage tool that extracts indicators from messy text and checks their reputation across multiple CTI services.

A web-focused internet asset search engine that helps analysts pivot from one exposed fingerprint to broader infrastructure quickly.

Find exposed cloud storage faster by searching indexed public S3 buckets and blob containers tied to real targets.

Infostealer intelligence platform exposing compromised credentials from malware-infected machines worldwide

Internet-wide scanner for exposed services and data leaks, with a focus on misconfigured databases and sensitive data exposure

A fast 403 bypass automation tool that turns forbidden content discovery results into systematically tested access-control edge cases.

Encrypted tunnel and threat protection for OSINT investigators working in hostile environments

An open source monitoring tool that helps defenders catch brand lookalike domains before phishing campaigns go live.

A group-centric ransomware reference that helps defenders translate gang attribution into concrete tools, hunt leads, and detection priorities.

A full-scope domain recon framework that chains proven CLI tools into one repeatable workflow for broad attack surface discovery.

The leading threat intelligence platform for enterprise security teams

VPN with built-in identity monitoring and anonymous browsing identity tools

Crowdsourced wireless network database mapping billions of Wi-Fi, Bluetooth, and cell networks globally

Sub-1 GHz wireless transceiver for 433/868 MHz IoT, key fob, and industrial protocol analysis — the dedicated tool for the RF bands that run smart devices.

A curated DFIR resource directory that helps investigators find relevant forensic tools quickly when unfamiliar evidence types appear.

A fast Go web crawler that plugs cleanly into recon pipelines to uncover endpoints, JavaScript URLs, and exposed secrets at scale.

A focused incident response tracking app that helps teams manage systems, artifacts, tasks, and timelines without relying on spreadsheets.

A Kali-native bash automation wrapper that speeds up standard recon, scanning, and payload generation without forcing you into a heavyweight framework.

Turn your Nmap and Masscan output into a persistent, queryable network intelligence database with Shodan-style query capabilities against your own infrastructure.

A rule-driven OSINT hunting engine that automates recurring infrastructure queries and alerts only on what is newly discovered.

Password manager with breach monitoring built for secure credential hygiene

A practical reference directory for finding, comparing, and operationalizing free IOC feeds across MISP, SIEM, and enrichment pipelines.

Community-driven threat intelligence platform with enriched IOC data and free analyst-grade lookups

Competitive intelligence and web footprint analysis for digital investigators

A centralized exploit search engine that helps analysts check public exploit availability across multiple sources in one place.

A single-binary Active Directory graph tool that helps operators find ACL-driven escalation paths without standing up a separate graph database.

A free Android forensic utility that simplifies ADB-based extraction and app analysis for investigators without a commercial mobile suite.

A multi-language security tool collection that helps researchers study how offensive and analysis utilities are built across different ecosystems.

IP and domain scanner that scores addresses by malicious activity and maps CVEs to exposed service banners.

A structured reference of dark web and deep web CTI sources — ransomware tracking sites, IOC feeds, paste monitors, and threat actor Telegram channels — organized for feed coverage auditing.

A fast passive subdomain enumerator that adds built-in monitoring, history, and alerting for newly exposed assets.

Internet scanning platform with 8 billion+ indexed IP addresses for attack surface and infrastructure analysis

Endpoint protection and threat detection for small OSINT teams and security firms

CLI-based web reconnaissance framework modeled after Metasploit

Passively harvest emails, subdomains, and hostnames from public sources before you touch a single target system.

A zero-configuration ASN and network scope discovery tool that helps hunters map organizational IP space without API setup.

A browser extension that turns highlighted indicators into instant OSINT and threat intelligence lookups without breaking analyst flow.

Historical DNS and domain intelligence database covering 10+ years of infrastructure changes

A Tor-routed OSINT crawler that helps analysts map .onion infrastructure, collect contact details, and preserve volatile dark web content.

Internet noise classifier that separates mass-scanning background traffic from targeted activity so you can stop chasing ghosts in your SIEM.

Cyber defense search engine indexing internet-wide scan data, threat intelligence feeds, and passive DNS

Run the same dork across multiple search engines and target site collections without rebuilding every query by hand.

The gold standard for visual link analysis and OSINT pivoting

Chinese-operated internet search engine for cyberspace — maps exposed services and devices globally