Skip to content

BearBreach is a CLI based threat hunting tool that allows security profressionals to interact with public APIs of more than 13 different threat intelligence engines and enhance their IOC analysis.

License

Notifications You must be signed in to change notification settings

gursimran9708/BearBreach

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

BearBreach 🐻🔒

BEAR BREACH FULL LOGO

BearBreach is a comprehensive tool designed for cybersecurity professionals. It allows users to leverage public APIs of popular threat intelligence platforms like Virustotal, Aienvault, Polyswarm, OPSWAT and many more. This tool can be used by SOC analysts, Threat Hunters and Incident responders to query an IOC on multiple threat intelligence platforms at once without the hassle of going to different platforms using web and log in into them individually. Here we just have to register on all of these platorms for once and get their public API keys and that's all authentication you need to use these platforms to your benefit.

Table of Contents

Features ✨

  • Command Line Based: Easy access through your shell/terminal.
  • Free Threat Intelligence: Utilize public APIs of popular threat platforms to improve your detection.
  • Comprehensive Threat Analysis: Gain insights into the nature and impact of detected threats.
  • Minimal Setup: Follow easy steps and use in your environment.
  • Multiple Data Sources: Don't rely on a single source for threat intelligence data, leverage multiple sources using BearBreach.

Installation 🛠️

Prerequisites

  • Python 3.8 or higher
  • pip (Python package installer)
  • Git

Steps

  1. Clone the repository:

    git clone https://github.com/gursimran9708/BearBreach.git
    cd bearbreach
  2. Install the required packages:

    pip install -r requirements.txt
  3. Setting up the API Keys :

    nano .env 

    You only need to visit following threat intelligence platfroms, create account and retrieve your API keys:

    https://www.virustotal.com/gui/
    https://www.criminalip.io/
    https://malshare.com/
    https://www.abuseipdb.com/
    https://hybrid-analysis.com/docs/api/v2
    https://bazaar.abuse.ch/
    https://metadefender.opswat.com/
    https://www.greynoise.io/
    https://otx.alienvault.com/api
    https://polyswarm.network/

Usage 🚀

  1. Configure the application (see Configuration section).

  2. Run the application (make sure you are inside the folder where "grizzy.py" file is present):

    python grizzy.py
  3. TADAAAA !.

Configuration ⚙️

Here we will populate our API key variables:

  1. Open the ".env" in a text editor and fill all the fields with their respective keys and hit save. Following are the fields that you'll encounter -

     VT_API_KEY=""
     CRIMINALIP_API_KEY=""
     MALSHARE_API_KEY=""
     ABUSEIPDB_API_KEY=""
     FALCON_API_KEY=""
     MALWAREBAZAAR_API_KEY=""
     OPSWAT_API_KEY=""
     GREYNOISE_API_KEY=""
     OTX_API_KEY=""
     POLYSWARM_API_KEY=""
    

Contact 📞

Mail: gursimransinghwadhawan@gmail.com

Linkedin: https://in.linkedin.com/in/gursimransw

Medium: https://medium.com/@gursimransw

About

BearBreach is a CLI based threat hunting tool that allows security profressionals to interact with public APIs of more than 13 different threat intelligence engines and enhance their IOC analysis.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages