Cyberbro, an open-source application, has been developed to extract indicators of compromise (IoCs) from various types of input data and then assess their reputation utilizing multiple services. This tool aims to streamline the process of analyzing potential security threats by providing users with a comprehensive view of the IoCs they encounter.
One of the key features of Cyberbro is its capability to handle different types of input, including raw logs, IoCs, or fanged IoCs, using a regex parser to parse the information effectively. This allows users to input a wide range of data types and formats without the need for manual parsing or manipulation.
Another notable feature of Cyberbro is its ability to conduct reputation checks on observables such as IP addresses, hashes, domains, and URLs across various services. By integrating with services like VirusTotal, AbuseIPDB, IPInfo, Spur.us, IP Quality score, MDE, Google Safe Browsing, Shodan, Abusix, Phishtank, ThreatFox, Github, and Google, Cyberbro provides users with a comprehensive overview of the reputation of the IoCs they input.
Furthermore, Cyberbro offers detailed reports with advanced search and filter options, allowing users to customize the information they receive based on their specific needs. The tool also leverages multithreading for high performance, ensuring faster processing of data and efficient analysis of potential threats.
Additionally, Cyberbro automates observable pivoting on domains, URLs, and IP addresses using reverse DNS and RDAP, enabling users to gather more information about potential threats and their sources. Users can also retrieve accurate domain information from ICANN RDAP and find abuse contacts for IPs, URLs, and domains, further enhancing their ability to investigate and respond to security incidents.
For ease of use and compatibility, Cyberbro offers export options to save results in CSV and well-formatted Excel files, as well as integration with MDE to check if observables are flagged on the user’s Microsoft Defender for Endpoint tenant. The tool also supports proxy usage if required and stores results in a SQLite database for easy access and retrieval.
Furthermore, Cyberbro maintains a history of analyses with search functionality, allowing users to track their investigations and revisit previous assessments as needed. This feature enhances the tool’s usability and helps users maintain a comprehensive record of their cybersecurity efforts over time.
In conclusion, Cyberbro is a valuable tool for cybersecurity professionals and analysts seeking to streamline the process of analyzing potential security threats and assessing the reputation of indicators of compromise. With its diverse range of features and integration with multiple services, Cyberbro offers users a comprehensive and efficient solution for threat analysis and investigation.