IOC Navigator is a Web Browser Extension that simplifies the process of gathering information about Indicators of Compromise (IOCs), providing time efficiency, streamlined analysis, and customizable threat intelligence sources.
The IOC Navigator offers a simplified approach to gathering information about Indicators of Compromise (IOCs). It allows users to input various types of IOCs, such as domains, IP addresses, URLs, or file hashes, and conveniently select trusted threat intelligence sources through checkbox selection. With a single click, the tool opens all selected websites that are required to analyze IOCs in separate tabs, eliminating the need for manual searches and website navigation. This efficient approach saves valuable time and effort while providing users with quick access to the relevant information needed during the IOC analysis process.
- Time Efficiency and Streamlined Analysis: By automating the process of opening the required websites to analyze IOCs in one click, this solution significantly reduces the time and effort needed for manual searches and website navigation. Users can quickly access relevant information, saving valuable time and enabling more efficient decision-making and response to potential threats.
- Customizable Threat Intelligence Sources: The checkbox selection feature provides users with the flexibility to choose the websites they prefer for IOC analysis. This enables users to customize the tool according to their specific requirements and utilize the threat intelligence sources they trust the most.
- Visit the IOC Navigator Chrome Extension page: https://chrome.google.com/webstore/detail/ioc-navigator/gkofaakijioggbajokijdiokaodggjma
- Click "Add to Chrome".
- Confirm the installation by clicking "Add extension".
- Access the IOC Navigator by clicking its icon in the Chrome toolbar.
- Input the IOCs (Domains, IP addresses, URLs, or file hashes).
- Select the appropriate checkboxes for the preferred threat intelligence sources.
- Click the "Execute" button to automatically open the selected websites in separate tabs.
- Explore the opened tabs to gather the relevant information about the IOCs efficiently.
IOC.Navigator.mp4
I have implemented Regex to validate different types of indicators of compromise (IOCs) before embedding them into a threat intelligence platform. These regex patterns include checks for domains, IP addresses, and file hashes, ensuring that the IOCs adhere to the specified formats. This validation process helps ensure the integrity and accuracy of the IOCs being processed by the threat intelligence platform.
The specified input format mentioned below is designed to work seamlessly with the corresponding platforms.
| Name | Input Type | Description |
|---|---|---|
| URL/Base64 Decoding | Text String | Decodes URL or Base64 encoded text to its original format. (Implemented using JS) |
| Unshorten[.]me API | Shortened URL | Expands shortened URLs to their original, full-length form. (Used Unshorten[.]me API - The API is limited to 10 requests per hour for new short URLs ) |
| Check/Uncheck All | Check or uncheck all checkboxes at once. | |
| Fang/Defang IOC | IOC | Converts IOCs to their fanged or defanged representation, respectively. (Implemented using JS) |
| Name | Input Type | Description |
|---|---|---|
| VirusTotal | Domain, IP or File Hash | Platform for analyzing and detecting malicious files, URLs, IPs and domains. It aggregates data from various sources and leverages multiple antivirus engines to provide insights into potential threats |
| Cisco Talos | Domain or IP | Threat intelligence platform providing insights into known threats. |
| ThreatMiner | Domain, IP or File Hash | Aggregates and analyzes threat data from various sources. |
| AlienVault OTX | Domain, IP or File Hash | Open Threat Intelligence platform for sharing and analyzing IOCs. |
| Name | Input Type | Description |
|---|---|---|
| AbuseIPDB | IP or Domain | Check if an IP address or domain is reported as abusive or malicious. |
| BlacklistAlert | IP or Domain | Identify if an IP address or domain is blacklisted in various databases. |
| Spamhaus | IP or Domain | Query the Spamhaus database to check if an IP or domain is listed. |
| Name | Input Type | Description |
|---|---|---|
| SecurityTrails | Domain | Investigate historical DNS data and track changes in DNS records. |
| ViewDNS | Domain | Perform DNS lookups, domain research, and gather various DNS information. |
| dnslytics | Domain | Obtain DNS, Domain, and Ranking Information for Investigations |
| Name | Input Type | Description |
|---|---|---|
| Whois | Domain or IP | Retrieve WHOIS information for a domain or IP address. |
| DomainTools WHOIS | Domain or IP | Perform WHOIS lookups and gather detailed domain information. |
| ViewDNS | Domain or IP | Retrieve WHOIS information and other domain-related details. |
| Name | Input Type | Description |
|---|---|---|
| Ipinfo | IP | Retrieve geolocation, network, and other information for an IP address. |
| ViewDNS (Reverse IP Lookup) | IP | Perform reverse IP lookup to identify domains sharing the same IP. |
| Name | Input Type | Description |
|---|---|---|
| URLQuery | Domain, IP or URL | Search for existing reports. |
| URLScan | Domain, IP or File Hash | Search for existing reports. |
Contributions are welcome! If you find any issues or have suggestions for improvements, please feel free to open an issue or submit a pull request.