Blue Team Opensource Online Tools

Source: https://gitlab.com/syntax-ir/playbooks

Free Tools

In this section you will find link to free tools sometimes with a short description of what the tool does and how to use it.

Domain and IP Threat Intel

Talos Intelligence

https://talosintelligence.com/

Search by IP, domain, or network owner for real-time threat data.

URLVoid

https://www.urlvoid.com/

Website Reputation Checker This service helps you detect potentially malicious websites. Check the online reputation/safety of a website.

IPVoid

https://www.urlvoid.com/

ThreatCrowd

https://www.threatcrowd.org/

Search by Domain, IP, Email or Organization ThreatCrowd is now powered by AlienVault®

Domain Dossier

https://centralops.net/co/DomainDossier.aspx

The Domain Dossier tool generates reports from public records about domain names and IP addresses to help solve problems, investigate cybercrime, or just better understand how things are set up. These reports may show you:

  • Owner’s contact information

  • Registrar and registry information

  • The company that is hosting a Web site

  • Where an IP address is geographically located

  • What type of server is at the address

  • The upstream networks of a site

  • and much more

PCAP Analyzer

APackets

https://apackets.com/

Analyze PCAP files to gain insights into HTTP headers, request and response data. Effortlessly extract transferred files, office documents, and images. Find passwords for various protocols.

Dynamite Lab

https://lab.dynamite.ai/pcaps

Analyze PCAP files to gain insights into HTTP headers, request and response data. Effortlessly extract transferred files, office documents, and images. Find passwords for various protocols.

Files & Hash Threat Intel and Sandbox

Virus Total

https://www.virustotal.com/gui/

Analyze suspicious files and URLs to detect types of malware, automatically share them with the security community

URL Scan

https://urlscan.io/

A sandbox for the web This site will give you an image of the the site. Very useful to investigate phishing without visiting the site from your machine.

Hybrid Analysis

https://www.hybrid-analysis.com/

A free malware analysis service for the community that detects and analyzes unknown threats using a unique Hybrid Analysis technology. Powered by CrowdStrike Falcon® Sandbox.

Any.run

https://app.any.run/

Note: You need to create an account. Innovative cloud-based sandbox with full interactive access

Malwr

https://malwr.com/

An online version of Cuckoo Sandbox (currently of line)

Joe Sandbox

https://www.joesandbox.com/

Joe Sandbox detects and analyzes potential malicious files and URLs on Windows, Android, Mac OS, Linux, and iOS for suspicious activities. It performs deep malware analysis and generates comprehensive and detailed analysis reports. This website gives you access to the Community Edition of Joe Sandbox Cloud. It allows you to run a maximum of 15 analyses / month, 5 analyses / day on Windows, Linux and Android with limited analysis output.

Analyzing Malicious Documents Cheat Sheet

https://zeltser.com/analyzing-malicious-documents/

This cheat sheet outlines tips and tools for analyzing malicious documents, such as Microsoft Office, RTF and Adobe Acrobat (PDF) files. To print it, use the one-page PDF version; you can also edit the Word version to customize it for you own needs.

Malwoverview

https://github.com/alexandreborges/malwoverview Malwoverview.py is a simple tool to perform an initial and quick triage of malware samples, URLs and hashes. Additionally, Malwoverview is able to show some threat intelligence information.

Encode / Decode

Cyberchef

https://gchq.github.io/CyberChef/ https://github.com/gchq/CyberChef

The Cyber Swiss Army Knife

CyberChef is a simple, intuitive web app for carrying out all manner of "cyber" operations within a web browser. These operations include simple encoding like XOR or Base64, more complex encryption like AES, DES and Blowfish, creating binary and hexdumps, compression and decompression of data, calculating hashes and checksums, IPv6 and X.509 parsing, changing character encodings, and much more.

The tool is designed to enable both technical and non-technical analysts to manipulate data in complex ways without having to deal with complex tools or algorithms. It was conceived, designed, built and incrementally improved by an analyst in their 10% innovation time over several years.

Uncoder

https://uncoder.io/

Uncoder.IO is the online translator for SIEM saved searches, filters, queries, API requests, correlation and Sigma rules to help SOC Analysts, Threat Hunters and SIEM Engineers. Serving as one common language for cyber security it allows blue teams to break the limits of being dependent on single tool for hunting and detecting threats and avoid technology lock-in. With easy, fast and private UI you can translate the queries from one tool to another without a need to access to SIEM environment and in a matter of just few seconds.

One Click Forensics Lab

https://0xbanana.com/blog/one-click-forensics-lab-in-the-cloud/

Deploy a DFIR forensics lab with one script on Google Cloud Platform!

Last updated