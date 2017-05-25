ThreatPinch Lookup

Introduction

ThreatPinch Lookup creates informational tooltips when hovering oven an item of interest on any website. It helps speed up security investigations by automatically providing relevant information upon hovering over any IPv4 address, MD5 hash, SHA2 hash, and CVE title. It’s designed to be completely customizable and work with any rest API.

A sample of the type of data that can be displayed when hovering over an IPv4 address.

See it in action on Cisco Talos Blog.

Current IOC Support

IPv4

MD5

SHA1

SHA2

CVE

FQDN (EFQDN is for Internet FQDN, IFQDN is for internal domains)

Add your own in the options with regex!

Current Integrations

ThreatMiner for IPv4, FQDN, MD5, SHA1 and SHA2 lookups

Alienvault OTX for IPv4, MD5, SHA1 and SHA2 lookups

IBM XForce Exchange for IPv4, EFQDN lookups

VirusTotal for MD5, SHA1, SHA2 and FQDN lookups

Cymon.io for IPv4 lookups

ThreatCrowd for IPv4, FQDN and MD5 lookups

CIRCL (Computer Incident Response Center Luxembourg) for CVE lookups.

PassiveTotal for FQDN Whois lookups

MISP for MD5 and SHA2 (If you want more submit an issue in this github)

Censys.io for IPv4 lookups

Shodan for IPV4 lookups

Add your own in the developers options page!

Need a new integration?

Log a github issue or reach out to @ThreatPinch on twitter.

Try your luck at creating your own requests with the API Wizard. Check out the Youtube video to see how its done.

Check out the community shared integrations

Support

Check out the Wiki for documentation.

Please log an issue with any questions/comments. We'll respond as soon as possible.

Follow @ThreatPinch on Twitter.

Youtube channel with Demos.

Chrome Web Store

You can download the ThreatPinch Lookup extension directly from the Chrome Web Store

Where is my data stored?

There is no backend server or database for ThreatPinch Lookup. All data is stored in locally used PouchDB databases. It all exists in your browser. Previously Chrome remote storage was used for some configuration items, this proved too challenging due to limitations on the storage. Going forward the Pouch databases will allow for some more interesting functionality.

Optionally, in the developers options you can configure a CouchDB server to sync your API responses with. See the Wiki for more details.

Release Notes