In the ever-evolving landscape of cybersecurity threats, staying one step ahead of malicious actors is crucial.
Introducing Chista, an open-source Cyber Threat Intelligence (CTI) Framework designed to equip users with the tools and insights needed to understand, predict, and defend against cyber threats.
In this article, we’ll delve into how Chista harnesses data from various sources to provide invaluable intelligence, monitor threats, and empower organizations to bolster their cybersecurity defenses.
Chista is an Open Source Cyber Threat Intelligence (CTI) Framework designed to help users understand, predict and defend against cyber threats.
It helps its users understand cyber threats by using data collected from various sources. This data includes IOCs, data leaks, phishing campaigns, threat group activities and CTI sources. By analyzing this data, Chista helps users understand the existence, prevalence, trends and probability of cyber threats.
In this document, you’ll find usage & installation
guide. You can check our detailed documentation about which includes developer documentation.
CENSYS_API_SECRET
key. We’ll see .ENV file in the Configuration section.7777
and 7778
ports should be availableThe tool’s configurations is controlled with .ENV file. The .ENV file should placed in root directory of the project. You can see an example .ENV file in below.
DUMP_MODE=true
API_ONLY=false
WHOIS_SERVER="whois.verisign-grs.com:43"
PY_PATH="C:\Users\<USERNAME>\AppData\Local\Programs\Python\Python37\python37.exe"
OPENSQUAT_PY_PATH="./3rd_party/opensquat"
CENSYS_API_ID="<API-ID>"
CENSYS_API_SECRET="<API-KEY>"
Configuration | Default Value | Details | Mandatory/Optional |
---|---|---|---|
DUMP_MODE | true | If it’s true , the API server logs the HTTP requests. It can be useful while debugging. | Mandatory |
API_ONLY | false | When it’s false , the API server generates a WebSocket connection to the CLI tool. So, if you want to use just API part of the tool, you have to set API_ONLY=true | Mandatory |
WHOIS_SERVER | whois.verisign-grs.com:43 | It’s used in whois checker, the tool queries to the given Whois Server. | Mandatory |
PY_PATH | It’s Python’s installation path. Python used for OpenSquat. If you want to use OpenSquat, you have to provide your Python path. | Optional | |
OPENSQUAT_PY_PATH | ./3rd_party/opensquat | OpenSquat folder’s path. The Phishing module uses OpenSquat to generate extra typosquatting domains. | Optional |
CENSYS_API_ID | search.censys.io API Key ID | Optional | |
CENSYS_API_SECRET | search.censys.io API Key Secret | Optional |
You can use pre-built binaries or you can build the project and use. It’s up to your choice!
git clone https://github.com/Chista-Framework/Chista.git
First, open a Command Prompt/Terminal. Then execute the following commands.
go build -o chista.exe
./chista.exe
For Linux:
go build -o chista
./chista
NOTE: If you cannot execute the command in Linux, you should give execute permission yourself on the file. You can use chmod +x chista
. After running the API server, you’ll see the following output.
time="2024-01-12T16:12:08+03:00" level=info msg="DUMP_MODE= true" func=github.com/Chista-Framework/Chista/logger.init.0 file="C:/Users/ResulBozburun/Desktop/Personal/Go/chista/logger/logger.go:54"
time="2024-01-12T16:12:08+03:00" level=error msg="WebSocket connection error while closing: Websocket Connection is nil but trying to send a WS message." func=github.com/Chista-Framework/Chista/helpers.SendMessageWS file="C:/Users/ResulBozburun/Desktop/Personal/Go/chista/helpers/helpers.go:230"
[GIN-debug] [WARNING] Creating an Engine instance with the Logger and Recovery middleware already attached.
[GIN-debug] [WARNING] Running in "debug" mode. Switch to "release" mode in production.
- using env: export GIN_MODE=release
- using code: gin.SetMode(gin.ReleaseMode)
[GIN-debug] GET /api/v1/ioc_feed --> github.com/Chista-Framework/Chista/controller.GetIocs (6 handlers)
[GIN-debug] GET /api/v1/phishing --> github.com/Chista-Framework/Chista/controller.GetPhishingDomains (6 handlers)
[GIN-debug] GET /api/v1/impersonate --> github.com/Chista-Framework/Chista/controller.GetImpersonatingDomains (6 handlers)
[GIN-debug] GET /api/v1/leak --> github.com/Chista-Framework/Chista/controller.GetLeaks (6 handlers)
[GIN-debug] GET /api/v1/threat_profile --> github.com/Chista-Framework/Chista/controller.GetThreatActorProfiles (6 handlers)
[GIN-debug] GET /api/v1/blacklist --> github.com/Chista-Framework/Chista/controller.CheckBlacklist (6 handlers)
[GIN-debug] GET /api/v1/source --> github.com/Chista-Framework/Chista/controller.GetSources (6 handlers)
[GIN-debug] GET /api/v1/c2 --> github.com/Chista-Framework/Chista/controller.GetC2s (6 handlers)
[GIN-debug] GET /api/v1/activities --> github.com/Chista-Framework/Chista/controller.CheckActivities (6 handlers)
[GIN-debug] [WARNING] You trusted all proxies, this is NOT safe. We recommend you to set a value.
Please check https://pkg.go.dev/github.com/gin-gonic/gin#readme-don-t-trust-all-proxies for details.
[GIN-debug] Listening and serving HTTP on localhost:7777
time="2024-01-12T16:12:08+03:00" level=debug msg="Starting the Apt Profiles Data Check periodic function\n" func=github.com/Chista-Framework/Chista/helpers.RunPeriodicly.func1 file="C:/Users/ResulBozburun/Desktop/Personal/Go/chista/helpers/helpers.go:595"
time="2024-01-12T16:12:08+03:00" level=debug msg="Starting the Ransomware Profiles Data Check periodic function\n" func=github.com/Chista-Framework/Chista/helpers.RunPeriodicly.func1 file="C:/Users/ResulBozburun/Desktop/Personal/Go/chista/helpers/helpers.go:595"
time="2024-01-12T16:12:08+03:00" level=debug msg="Requesting source for ransom data." func=github.com/Chista-Framework/Chista/controller.GetRansomProfileData file="C:/Users/ResulBozburun/Desktop/Personal/Go/chista/controller/threat_profile.go:176"
time="2024-01-12T16:12:08+03:00" level=debug msg="Starting the Ransom Data Check periodic function\n" func=github.com/Chista-Framework/Chista/helpers.RunPeriodicly.func1 file="C:/Users/ResulBozburun/Desktop/Personal/Go/chista/helpers/helpers.go:595"
time="2024-01-12T16:12:08+03:00" level=debug msg="Requesting source for ransom data." func=github.com/Chista-Framework/Chista/controller.GetRansomwatchData file="C:/Users/ResulBozburun/Desktop/Personal/Go/chista/controller/activities.go:132"
time="2024-01-12T16:12:09+03:00" level=debug msg="Ransom data has been updated." func=github.com/Chista-Framework/Chista/controller.GetRansomProfileData file="C:/Users/ResulBozburun/Desktop/Personal/Go/chista/controller/threat_profile.go:212"
time="2024-01-12T16:12:09+03:00" level=info msg="Ransom data is up to date. No need to write to the file." func=github.com/Chista-Framework/Chista/controller.GetRansomwatchData file="C:/Users/ResulBozburun/Desktop/Personal/Go/chista/controller/activities.go:158"
time="2024-01-12T16:12:10+03:00" level=info msg="Apt profiles data is up to date. No need to write to the file." func=github.com/Chista-Framework/Chista/controller.getAPTData file="C:/Users/ResulBozburun/Desktop/Personal/Go/chista/controller/threat_profile.go:364"
Kali Linux 2024.4, the final release of 2024, brings a wide range of updates and…
This Go program applies a lifetime patch to PowerShell to disable ETW (Event Tracing for…
GPOHunter is a comprehensive tool designed to analyze and identify security misconfigurations in Active Directory…
Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders…
The free and open-source security platform SecHub, provides a central API to test software with…
Don't worry if there are any bugs in the tool, we will try to fix…