3.3 KiB
IP/Domain/ Shared Domains on IP Address
robtex.com
IPs, Domains
One of the best of breed tools to investigate Domains, IP addresses and more.
IP/Domain Information
centralops.net
IPs, Domains
Investigate Domains and IP addresses.
Geolocate IPs/Domains
iplocation.net
IPs, Domains
Quick way to find the most up-to-date location of a IP from several different vendors.
Geolocate IPs/Domains
infosniper.net
IPs, Domains
Shows location and provides a nice map.
PassiveDNS, SSL Certificates, Shared Domains on IP address
passivetotal.org
IPs, Domains
Research Domains, IPs, passive DNS sources, SSL certs, and more. Sign up for a free license.
SSL Certificates
censys.io
SSL Certificate Hashes
Scans the internet on a daily basis and allows researchers to search their library for information on SSL certs and more.
Historical Whois information
whoisology.com
Domains, Emails, Keywords
Search historical whois information.
Passive DNS
passivedns.mnemonic.no
IPs, Domains,
Look up domains and IPs and recent resolutions without performing an actual DNS query.
Malware
malwr.com
File Hashes
Free malware analysis service that allows you to submit files to an open source malware sandbox and search results with an account.
Malware
hybrid-analysis.com
File Hashes
Free malware analysis service that allows you to submit files to an open source malware sandbox and search results
Malware (and more)
virustotal.com
File Hashes, IP addresses, Domains
Best of breed free malware analysis service that allows you to submit files to an open source malware sandbox and search results. Users can submit URLs and files TO virustotal but this may result in tipping off adversaries to your action… Usually I recommend just passive research on VT.
Domain
threatcrowd.org
File Hashes, IP address, Domains
Search engine for threat data and open source intelligence reports and other cyber security sources
URLs
urlquery.net
URLs
Submit an URL and it will visit the site, take a snapshot, and analysis it to see if it is malicious. Beware of using this to analyze a link unless you are ok with tipping your hand to the adversary
Search engine
google.com
Any field
Google. No discussion needed. However, I’d recommend disabling pre-fetch https://www.technipages.com/google-chrome-prefetch
Code
github.com
Any field
Github is one of the largest code repositories on the internet. Often you can find interesting strings in the logs that may be in adversaries (or tool creators) Github repo.
Domains, whois
domaintools.com
IPs, Domains,
Best of breed for researching DNS history. For a fee, you can setup DNS branding detection and registration history of domains.
BGP/ASN
bgp.he.net
IPs
Often adversaries utilize the same ASN but different IP addresses. It can be worthwhile to find “malicious” ASNs and alert on them.
PassiveDNS and more
viewdns.info
IPs, Domains, Names
Provides several different DNS research tools. Can find out registrant histories of domains.
Malware
totalhash.cymru.com
IPs, Domains, File Hashes
One of the largest collections of malware on the internet. Great searching capabilities.
APT reports
threatminer.org
Any IOC or key word
Threatminer combines different threat feeds and a searchable repository of APT reports.
IP
ipinfo.io
IPs
Lightweight site that can quickly find out basic info regarding an IP address