Product detail
Domain Collector
HORÁK, A. POLIŠENSKÝ, J. HRANICKÝ, R.
Product type
software
Abstract
Domain Collector enables automated collection, aggregation and storage of knowledge about currently known trusted and dangerous domains on the Internet. It uses resources such as Cisco Umbrella and MISP Threat Sharing feeds, particularly VirusTotal, PhishTank, and OpenPhish, to obtain domain names. It then downloads and processes additional information about individual domains based on: 1) active interaction - server response to ICMP echo messages, open known ports, 2) external sources such as DNS, WHOIS/RDAP, information from TLS certificates, etc. The acquired knowledge is then stored in a MongoDB database where it can be used for other purposes (rule creation for application firewalls or IDS/IPS systems, threat intelligence, machine learning, and cyber threat detection research).
Keywords
domain name, MISP, Cisco Umbrella, threat, DNS, WHOIS, RDAP, TLS, ICMP, MongoDB
Create date
17. 5. 2023
Location
Aplikace je ke stažení v přiložených souborech.
Possibilities of use
K využití výsledku jiným subjektem je vždy nutné nabytí licence
Licence fee
Poskytovatel licence na výsledek nepožaduje licenční poplatek
www
Documents
Responsibility: Ing. Marek Strakoš