Over the past few months I have been dabbling a little with Python. I have been sitting on this little script for a while, it’s my first so while it is quite useful it is simple in nature.
I have created OSINTharvest in order to try and reduce the amount of time an analyst spends on gathering, importing and parsing open source intelligence surrounding malicious endpoints. The output from this script can be easily imported into any of the popular SIEM toolsets and will enable the toolset to alert on possible malware communications (C&C) or traffic to any other known-bad endpoint. At the time of writing OSINTharvest only collects lists of IP, domains, C&C hosts and known bad endpoints. I endeavour to add more types of intelligence in the near future. New versions will be modular, integrating a few other intelligence gathering tools.
Download here: https://db.tt/5l4WJODp
There are a few sources pre-configured, feel free to submit them for me to add to the next version or feel free to add them yourself. See the readme for more info!
(note: this is version 0.1 and is being released to test the water and see if anyone would find it useful. Continued development will depend on feedback. I have a lot of ideas that I want the chance to build into OSINTharvest)