From 2adfc10205ad0a57cfb433beb6b0bbf2931e2971 Mon Sep 17 00:00:00 2001 From: Ayush Tomar Date: Mon, 11 Sep 2023 14:55:14 +0200 Subject: [PATCH 01/15] Add Ellio:Community feed --- README.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/README.md b/README.md index b318a5d..5fce4a0 100644 --- a/README.md +++ b/README.md @@ -19,6 +19,14 @@ Some consider these sources as threat intelligence, opinions differ however. A certain amount of (domain- or business-specific) analysis is necessary to create true threat intelligence. + + + + + + + +
+ ELLIO: IP Feed (community free version) + + A threat list of known malicious IP addresses anticipated to pose potential threats to your network in the near future, known benign scanners, and IP addresses of actors with unknown intent. It is provided with a 24-hour delay for personal, non-commercial use but still provides exceptional protection compared to other open IP threat lists/feeds.. +
AbuseIPDB From 502af80e0af8544ad3183335dc71d8dc84b93ef7 Mon Sep 17 00:00:00 2001 From: Kenneth Kinion Date: Fri, 27 Oct 2023 16:55:02 -0400 Subject: [PATCH 02/15] Add free Validin DNS database to the list of OSINT sources --- README.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/README.md b/README.md index b318a5d..cc04d6c 100644 --- a/README.md +++ b/README.md @@ -706,6 +706,14 @@ The primary goal of Malpedia is to provide a resource for rapid identification a Mrlooquer has created the first threat feed focused on systems with dual stack. Since IPv6 protocol has begun to be part of malware and fraud communications, It is necessary to detect and mitigate the threats in both protocols (IPv4 and IPv6).
+ Validin DNS Database + + Free intelligence source for current and historical DNS information, finding other websites associated with certain IPs, and subdomain knowledge There is a free API for IP and domain intelligence as well. +
## Formats From 9956d7ea5ec33e80a85b5a2fd5b9581fd5b7d225 Mon Sep 17 00:00:00 2001 From: Nathan Roberts Date: Thu, 24 Apr 2025 14:46:40 -0600 Subject: [PATCH 03/15] Remove Alexa top 1 million - no longer active and not coming back --- README.md | 8 -------- 1 file changed, 8 deletions(-) diff --git a/README.md b/README.md index 0c57d4c..0741be2 100644 --- a/README.md +++ b/README.md @@ -27,14 +27,6 @@ A certain amount of (domain- or business-specific) analysis is necessary to crea AbuseIPDB is a project dedicated to helping combat the spread of hackers, spammers, and abusive activity on the internet. It's mission is to help make Web safer by providing a central blacklist for webmasters, system administrators, and other interested parties to report and find IP addresses that have been associated with malicious activity online.. - - - Alexa Top 1 Million sites - - - The top 1 Million sites from Amazon(Alexa). Never use this as a whitelist. - - APT Groups and Operations From a49904ee7379295e84c1d5e45740a03ead87c388 Mon Sep 17 00:00:00 2001 From: Marc Ruef Date: Fri, 30 May 2025 18:07:09 +0200 Subject: [PATCH 04/15] Update README.md Added reference to VulDB CTI platform --- README.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/README.md b/README.md index 9fdb7d4..a5485e1 100644 --- a/README.md +++ b/README.md @@ -674,6 +674,14 @@ The primary goal of Malpedia is to provide a resource for rapid identification a VirusShare.com is a repository of malware samples to provide security researchers, incident responders, forensic analysts, and the morbidly curious access to samples of malicious code. Access to the site is granted via invitation only. + + + VulDB CTI + + + VulDB is a vulnerability database which associates actor activities and attack details with vulnerabilities. The predictive approach helps to determine emerging research and attack activities by malicious actors. + + Yara-Rules From ea05fbdcb6cd34fd55f78130460011fbb9d1cfb4 Mon Sep 17 00:00:00 2001 From: Q-Feeds Date: Fri, 1 Aug 2025 18:41:01 +0200 Subject: [PATCH 05/15] Add Q-Feeds Add Q-feeds as a source of Threat Intelligence. --- README.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/README.md b/README.md index 9fdb7d4..748ce66 100644 --- a/README.md +++ b/README.md @@ -19,6 +19,14 @@ Some consider these sources as threat intelligence, opinions differ however. A certain amount of (domain- or business-specific) analysis is necessary to create true threat intelligence. + + + +
+ Q-Feeds Threat Intelligence + + Q-Feeds is a cybersecurity company that brings together data from OSINT, proprietary research, and commercial threat intelligence feeds to offer a well-rounded and highly actionable solution. Their Threat Intelligence Portal (TIP) makes it easy for organizations to access and manage this data in real-time. By integrating with firewalls, SIEMs, and other security platforms, Q-Feeds helps businesses proactively block connections to known malicious IPs, domains, and URLs—before threats can do harm. They also have a community version available on request. +
ELLIO: IP Feed (community free version) From 91285477e3c1e2faa9d548f95fce57162bfee4cb Mon Sep 17 00:00:00 2001 From: Herman Slatman Date: Thu, 2 Oct 2025 13:02:41 +0200 Subject: [PATCH 06/15] Reorder Q-Feeds and ELLIO --- README.md | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/README.md b/README.md index acb3a2c..3bb0c09 100644 --- a/README.md +++ b/README.md @@ -19,22 +19,6 @@ Some consider these sources as threat intelligence, opinions differ however. A certain amount of (domain- or business-specific) analysis is necessary to create true threat intelligence. - - - - - - - - + + + + + + + + + + + + + + + + @@ -1001,14 +1001,6 @@ Frameworks, platforms and services for collecting, analyzing, creating and shari An open source plugin-oriented framework to collect and visualize Threat Intelligence information. - - - - - - - - + + + + From 798677a3f93e96d1eb5c7b27b7aeb76ec2a6a058 Mon Sep 17 00:00:00 2001 From: Herman Slatman Date: Fri, 10 Oct 2025 11:47:25 +0200 Subject: [PATCH 13/15] Update `lychee` action --- .github/workflows/links.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/links.yml b/.github/workflows/links.yml index 981b91b..21b0d58 100644 --- a/.github/workflows/links.yml +++ b/.github/workflows/links.yml @@ -20,7 +20,7 @@ jobs: - uses: actions/checkout@v2 - name: Link Checker id: lychee - uses: lycheeverse/lychee-action@v1.0.8 + uses: lycheeverse/lychee-action@885c65f3dc543b57c898c8099f4e08c8afd178a2 # v2.6.1 with: args: --verbose --no-progress **/*.md **/*.html env: From 62ffc8a806ec94d2bd17612c3ec9900424754bf6 Mon Sep 17 00:00:00 2001 From: HarmGriffioen Date: Mon, 27 Oct 2025 14:17:47 +1000 Subject: [PATCH 14/15] Add GriffinGuard description to README Added information about GriffinGuard cybersecurity platform. --- README.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/README.md b/README.md index 8f74f91..8eeff13 100644 --- a/README.md +++ b/README.md @@ -267,6 +267,14 @@ A certain amount of (domain- or business-specific) analysis is necessary to crea GreyNoise collects and analyzes data on Internet-wide scanning activity. It collects data on benign scanners such as Shodan.io, as well as malicious actors like SSH and telnet worms. + + + + + + + +
- Q-Feeds Threat Intelligence - - Q-Feeds is a cybersecurity company that brings together data from OSINT, proprietary research, and commercial threat intelligence feeds to offer a well-rounded and highly actionable solution. Their Threat Intelligence Portal (TIP) makes it easy for organizations to access and manage this data in real-time. By integrating with firewalls, SIEMs, and other security platforms, Q-Feeds helps businesses proactively block connections to known malicious IPs, domains, and URLs—before threats can do harm. They also have a community version available on request. -
- ELLIO: IP Feed (community free version) - - A threat list of known malicious IP addresses anticipated to pose potential threats to your network in the near future, known benign scanners, and IP addresses of actors with unknown intent. It is provided with a 24-hour delay for personal, non-commercial use but still provides exceptional protection compared to other open IP threat lists/feeds.. -
AbuseIPDB @@ -203,6 +187,14 @@ A certain amount of (domain- or business-specific) analysis is necessary to crea Free intelligence source for current and historical DNS information, WHOIS information, finding other websites associated with certain IPs, subdomain knowledge and technologies. There is a IP and domain intelligence API available as well.
+ ELLIO: IP Feed (community free version) + + A threat list of known malicious IP addresses anticipated to pose potential threats to your network in the near future, known benign scanners, and IP addresses of actors with unknown intent. It is provided with a 24-hour delay for personal, non-commercial use but still provides exceptional protection compared to other open IP threat lists/feeds. +
Emerging Threats Firewall Rules @@ -496,6 +488,14 @@ The primary goal of Malpedia is to provide a resource for rapid identification a PickupSTIX is a feed of free, open-source, and non-commercialized cyber threat intelligence. Currently, PickupSTIX uses three public feeds and distributes about 100 new pieces of intelligence each day. PickupSTIX translates the various feeds into STIX, which can communicate with any TAXII server. The data is free to use and is a great way to begin using cyber threat intelligence.
+ Q-Feeds Threat Intelligence + + Q-Feeds is a cybersecurity company that brings together data from OSINT, proprietary research, and commercial threat intelligence feeds to offer a well-rounded and highly actionable solution. Their Threat Intelligence Portal (TIP) makes it easy for organizations to access and manage this data in real-time. By integrating with firewalls, SIEMs, and other security platforms, Q-Feeds helps businesses proactively block connections to known malicious IPs, domains, and URLs—before threats can do harm. They also have a community version available on request. +
REScure Threat Intel Feed From 8be99ba3a6cf82ec0bcb0d24a846ea315dfb3602 Mon Sep 17 00:00:00 2001 From: Herman Slatman Date: Sat, 4 Oct 2025 00:52:16 +0200 Subject: [PATCH 07/15] Add the Open Cybersecurity Schema Framework (OCSF) Closes: #256 --- README.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/README.md b/README.md index 3bb0c09..dda4aeb 100644 --- a/README.md +++ b/README.md @@ -961,6 +961,14 @@ Frameworks, platforms and services for collecting, analyzing, creating and shari n6 (Network Security Incident eXchange) is a system to collect, manage and distribute security information on a large scale. Distribution is realized through a simple REST API and a web interface that authorized users can use to receive various types of data, in particular information on threats and incidents in their networks. It is developed by CERT Polska.
+ Open Cybersecurity Schema Framework (OCSF) + + The Open Cybersecurity Schema Framework is an open-source project, delivering an extensible framework for developing schemas, along with a vendor-agnostic core security schema. The goal is to provide an open standard, adopted in any environment, application, or solution, while complementing existing security standards and processes. +
OpenCTI From 74cd74006e2e1ea7d98ddb7f2fbba8d7ac82749a Mon Sep 17 00:00:00 2001 From: k4otix Date: Sun, 8 Jan 2023 00:36:11 -0500 Subject: [PATCH 08/15] add OCSF --- README.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/README.md b/README.md index dda4aeb..021fbcd 100644 --- a/README.md +++ b/README.md @@ -1001,6 +1001,14 @@ Frameworks, platforms and services for collecting, analyzing, creating and shari An open source plugin-oriented framework to collect and visualize Threat Intelligence information.
+ Open Cybersecurity Schema Framework + + The Open Cybersecurity Schema Framework is an open-source project, delivering an extensible framework for developing schemas, along with a vendor-agnostic core security schema. Vendors and other data producers can adopt and extend the schema for their specific domains. Data engineers can map differing schemas to help security teams simplify data ingestion and normalization, so that data scientists and analysts can work with a common language for threat detection and investigation. The goal is to provide an open standard, adopted in any environment, application, or solution, while complementing existing security standards and processes. +
OTX - Open Threat Exchange From b49df604f0d3c04440ad676f66fd1ad41ea0a189 Mon Sep 17 00:00:00 2001 From: Herman Slatman Date: Sat, 4 Oct 2025 01:58:18 +0200 Subject: [PATCH 09/15] Merge OCSF entries --- README.md | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/README.md b/README.md index 021fbcd..70ba9a4 100644 --- a/README.md +++ b/README.md @@ -966,7 +966,7 @@ Frameworks, platforms and services for collecting, analyzing, creating and shari Open Cybersecurity Schema Framework (OCSF) - The Open Cybersecurity Schema Framework is an open-source project, delivering an extensible framework for developing schemas, along with a vendor-agnostic core security schema. The goal is to provide an open standard, adopted in any environment, application, or solution, while complementing existing security standards and processes. + The Open Cybersecurity Schema Framework is an open-source project, delivering an extensible framework for developing schemas, along with a vendor-agnostic core security schema. Vendors and other data producers can adopt and extend the schema for their specific domains. Data engineers can map differing schemas to help security teams simplify data ingestion and normalization, so that data scientists and analysts can work with a common language for threat detection and investigation. The goal is to provide an open standard, adopted in any environment, application, or solution, while complementing existing security standards and processes.
- Open Cybersecurity Schema Framework - - The Open Cybersecurity Schema Framework is an open-source project, delivering an extensible framework for developing schemas, along with a vendor-agnostic core security schema. Vendors and other data producers can adopt and extend the schema for their specific domains. Data engineers can map differing schemas to help security teams simplify data ingestion and normalization, so that data scientists and analysts can work with a common language for threat detection and investigation. The goal is to provide an open standard, adopted in any environment, application, or solution, while complementing existing security standards and processes. -
OTX - Open Threat Exchange From a0e5fff0ff19082e1da0ae231662b8d30b241f69 Mon Sep 17 00:00:00 2001 From: Herman Slatman Date: Sat, 4 Oct 2025 02:00:15 +0200 Subject: [PATCH 10/15] Remove Netlab 360 Closes: #252 --- README.md | 7 ------- 1 file changed, 7 deletions(-) diff --git a/README.md b/README.md index 70ba9a4..0023ba9 100644 --- a/README.md +++ b/README.md @@ -419,13 +419,6 @@ The primary goal of Malpedia is to provide a resource for rapid identification a MetaDefender Cloud Threat Intelligence Feeds contains top new malware hash signatures, including MD5, SHA1, and SHA256. These new malicious hashes have been spotted by MetaDefender Cloud within the last 24 hours. The feeds are updated daily with newly detected and reported malware to provide actionable and timely threat intelligence.
Netlab OpenData Project - - The Netlab OpenData project was presented to the public first at ISC' 2016 on August 16, 2016. We currently provide multiple data feeds, including DGA, EK, MalCon, Mirai C2, Mirai-Scanner, Hajime-Scanner and DRDoS Reflector. -
NoThink! From 82bbbf89fd04f661d127b269889d15f5fc8b839f Mon Sep 17 00:00:00 2001 From: Herman Slatman Date: Fri, 10 Oct 2025 11:29:50 +0200 Subject: [PATCH 11/15] Add CTI-Transmute --- README.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/README.md b/README.md index 0023ba9..5f7e2e5 100644 --- a/README.md +++ b/README.md @@ -1250,6 +1250,14 @@ All kinds of tools for parsing, creating and editing Threat Intelligence. Mostly The framework automatically downloads recent samples, which triggered an alert on the users YARA notification feed.
+ CTI-Transmute + + CTI-Transmute is a tool for converting Cyber Threat Intelligence (CTI) data between MISP and STIX formats. It provides a set of API endpoints that allow automated conversion of data, making it easier to integrate different threat intelligence platforms and workflows. Source available on [GitHub](https://github.com/MISP/cti-transmute). +
CyberGordon From 300afedeae0e29be4c28c028e92da941982c4089 Mon Sep 17 00:00:00 2001 From: Herman Slatman Date: Fri, 10 Oct 2025 11:42:36 +0200 Subject: [PATCH 12/15] Reorder some tools alphabetically --- README.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 5f7e2e5..8f74f91 100644 --- a/README.md +++ b/README.md @@ -1255,31 +1255,31 @@ All kinds of tools for parsing, creating and editing Threat Intelligence. Mostly CTI-Transmute - CTI-Transmute is a tool for converting Cyber Threat Intelligence (CTI) data between MISP and STIX formats. It provides a set of API endpoints that allow automated conversion of data, making it easier to integrate different threat intelligence platforms and workflows. Source available on [GitHub](https://github.com/MISP/cti-transmute). + CTI-Transmute is a tool for converting Cyber Threat Intelligence (CTI) data between MISP and STIX formats. It provides a set of API endpoints that allow automated conversion of data, making it easier to integrate different threat intelligence platforms and workflows. Source available on GitHub.
- CyberGordon + Cuckoo Sandbox - CyberGordon is a threat intelligence search engine. It leverages 30+ sources. + Cuckoo Sandbox is an automated dynamic malware analysis system. It's the most well-known open source malware analysis sandbox around and is frequently deployed by researchers, CERT/SOC teams, and threat intelligence teams all around the globe. For many organizations Cuckoo Sandbox provides a first insight into potential malware samples.
- CyBot + CyberGordon - CyBot is a threat intelligence chat bot. It can perform several types of lookups offered by custom modules. + CyberGordon is a threat intelligence search engine. It leverages 30+ sources.
- Cuckoo Sandbox + CyBot - Cuckoo Sandbox is an automated dynamic malware analysis system. It's the most well-known open source malware analysis sandbox around and is frequently deployed by researchers, CERT/SOC teams, and threat intelligence teams all around the globe. For many organizations Cuckoo Sandbox provides a first insight into potential malware samples. + CyBot is a threat intelligence chat bot. It can perform several types of lookups offered by custom modules.
+ GriffinGuard + + GriffinGuard is a cybersecurity platform delivering real-time threat intelligence by continuously analyzing global internet traffic and exploitation patterns. It provides free data search, and some free IP blocklists. +
HoneyDB From bc47192dd1496fde81c9b3a0897e0d2e2c97f6e3 Mon Sep 17 00:00:00 2001 From: theadsguy <50166176+theadsguy@users.noreply.github.com> Date: Sat, 18 Apr 2026 18:23:47 +0530 Subject: [PATCH 15/15] Add IPASIS - real-time bot detection and IP reputation API --- README.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/README.md b/README.md index 8eeff13..f07c8b2 100644 --- a/README.md +++ b/README.md @@ -315,6 +315,14 @@ A certain amount of (domain- or business-specific) analysis is necessary to crea I-Blocklist maintains several types of lists containing IP addresses belonging to various categories. Some of these main categories include countries, ISPs and organizations. Other lists include web attacks, TOR, spyware and proxies. Many are free to use, and available in various formats.
+ IPASIS + + IPASIS is a real-time bot detection and fraud prevention API that combines IP intelligence, proxy/VPN/Tor detection, and email validation into a single API call. Each request returns an Interaction Trust Score (0-100) with sub-20ms response time. Free tier includes 1,000 requests/day. API documentation and a live scanner are available. +
IPsum