Threatfox Censys is a tool to query Censys Search for IP addresses and domains and then parses the JSON and submits the results to Threatfox.
- Create dynamic fingerprints for various IoCs
- Create a fingerprint using the
create-fingerprintcommand - Fingerprint file:
fingerprints.yaml
- Create a fingerprint using the
- Uses the Censys Search API
- Submit IoCs to ThreatFox
- Submit IoCs using the
scancommand - Links Censys Search in ThreatFox IoC reference
- Tags IoCs with
censysand the autonomous system name
- Submit IoCs using the
- Uses a PostgreSQL database to store the IoCs submitted to ThreatFox
You will need to install poetry on Python 3.10.
curl -sSL https://install.python-poetry.org | python3 -Clone the repository.
git clone https://github.com/censys-workshop/threatfox-censys.gitThen install the dependencies.
poetry installThen you will need to copy the .env.example file to .env and add your Censys API ID and Secret as well as your Threatfox API key (from https://auth.abuse.ch/). Also make sure to set the DATABASE_URL to your database.
cp .env.example .envThen you will need to run the database migrations.
poetry run threatfox-censys database-migrationsScan Censys Search for IoCs and submit them to ThreatFox.
poetry run threatfox-censys scanYou can also post the results to Mastodon. Make sure to set the MASTODON_API_URL and MASTODON_ACCESS_TOKEN environment variables. It will post a toot for each IoC found. Simply create a Mastodon app and get the access token.
Prompt the user to create a fingerprint for an IoC.
poetry run threatfox-censys create-fingerprintPull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.
poetry run pytestpoetry run flake8poetry run black .
poetry run isort .
poetry run pyupgrade --py310-plus threatfox_censys/*.py scripts/*.pyThreatfox Censys is licensed under the MIT license.
- Add more fingerprint.
- Add more documentation.
![@dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=64&v=4){kind=small}