No commit activity in last 3 years
No release in over 3 years
This is a fork of the cikl/threatinator project
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Dependencies

Development

~> 2.0

Runtime

~> 2.5
~> 1.1
~> 0.0.10
~> 2.12
~> 1.1
~> 1.10
~> 1.6
~> 2.9
~> 0.9.3
~> 0.6.0
~> 1.0
 Project Readme

Shadowbq-Threatinator

Threatinator is a ruby library for parsing threat data feeds.

Code Status

Build Status Code Climate Test Coverage Gem Version Tags

Fork

This is a fork published as shadowbq-threatinator

Source code repository

The repository is located at: https://github.com/shadowbq/threatinator

Installation

Install from Gem

gem install shadowbq-threatinator

threatinator will be located in your $PATH if installed from gem.

-OR-

Install from Source.

git clone https://github.com/shadowbq/threatinator
cd threatinator
bundle install

Bundler context

bundle exec bin/threatinator is used if not running from an installed gem.

Listing feeds

bundle exec bin/threatinator list
provider           name                                 type  link/path                                                                            event_types                                     
-----------------  -----------------------------------  ----  ------------------------------------------------------------------------------------ ------------------------------------------------
abuse_ch           feodo_domain_reputation              http  https://feodotracker.abuse.ch/blocklist.php?download=domainblocklist                 [:c2]                                           
abuse_ch           feodo_ip_reputation                  http  https://feodotracker.abuse.ch/blocklist.php?download=ipblocklist                     [:c2]                                           
[..]
alienvault         ip_reputation                        http  https://reputation.alienvault.com/reputation.generic                                 [:scanning, :attacker, :malware_host, :spamming]
arbor              fastflux_domain_reputation           http  http://atlas.arbor.net/summary/domainlist                                            [:c2]                                           
arbor              ssh_ip_reputation                    http  http://atlas-public.ec2.arbor.net/public/ssh_attackers                               [:scanning]                                     
autoshun           shunlist                             http  http://www.autoshun.org/files/shunlist.csv                                           [:scanning]                                     

Running a feed

bundle exec bin/threatinator run alienvault ip_reputation

Using the AMQP output

bundle exec threatinator run --run.output.amqp.url=ENV['RABBITMQ_URL']} --run.output.format=amqp provider name
#    --run.output.amqp.routing_key=arg   - Routing key for Amqp events (default: none)
##        The routing key should be determined by the type
#    --run.output.amqp.url=arg           - The hostname/ip of the RabbitMQ server (default: none)
./bin/threatinator run --run.output.amqp.url='amqp://127.0.0.1' --run.output.format=amqp vxvault url_reputation

Getting help

All commands respond to '--help' to provide details on their usage.

bundle exec bin/threatinator run --help

NAME
    run - fetch and parse a feed

SYNOPSIS
    threatinator [global options] run [command options]

COMMAND OPTIONS
    --run.coverage_output=arg           - Write coverage analysis to the specified file (CSV format) (default: none)
    --run.feed_name=arg                 - The feed name (default: none)
    --run.feed_provider=arg             - The feed provider (default: none)
    --run.fetch_from_file=arg           - Read data from the specified file rather than fetching (default: none)
    --run.output.amqp.routing_key=arg   - Routing key for Amqp events (default: none)
    --run.output.amqp.url=arg           - The hostname/ip of the RabbitMQ server (default: none)
    --run.output.csv.filename=arg       - Path to the file where output will be written (default: none)
    --run.output.format=arg             - Output format (amqp, csv, json, null, rubydebug) (default: none)
    --run.output.json.file=arg          - The hostname/ip of the RabbitMQ server (default: none)
    --run.output.rubydebug.filename=arg - Path to the file where output will be written (default: none)

Contributing and Issue Tracking

All issues for the fork are managed here: shadowbq/threatinator/issues.

Original License

Copyright (C) 2014 Michael Ryan (github.com/justfalter)

Original code: https://github.com/cikl/threatinator

See the LICENSE file for license rights and limitations (LGPLv3).

See the CHANGE LOG for significant changes made to software.

LGPLv3 in Plain English - https://tldrlegal.com/license/gnu-lesser-general-public-license-v3-(lgpl-3)