Mimir is a smart OSINT collection of common IOC types. This application is designed to assist security analysts and researchers with the collection and assessment of common IOC types. Accepted IOCs currently include IP addresses, domain names, URLs, and file hashes.
The title of this project is named after Mimir, a figure in Norse mythology renowned for his knowledge and wisdom. This application aims to provide you knowledge into IOCs and then some added “wisdom” by calculating risk scores per IOC, assigning a common malware family name to hash lookups based off of reports from VirusTotal and OPSWAT, and leveraging machine learning tools to determine if an IP, URL, or domain is likely to be malicious.
Base Collection
For network based IOCs, Mimir gathers basic information including:
Also Read – Check-LocalAdminHash : PowerShell Tool To Authenticate Multiple Hosts Over WMI Or SMB
Collection Sources
Some of these sources will require an API key, and occassionally only by getting a paid account. I’ve tried to limit reliance on paid services as much as possible.
Risk Scoring
The risk scoring works best when Mimir can gather a decent amount of data points for an IOC; pDNS, well populated url/domain results (communicating samples, associated samples, recent scan data, etc.) and also takes into account the ML malicious-ness prediction result.
Machine Learning Predictions
The machine learning prediction results come from the CSIRT Gadgets projects csirtg-domainsml-py, csirtg-ipsml-py, csirtg-urlsml-py.
Output
Mimir offers results output in various options including local file reports or exporting the results to an external service.
Burrow is an open source tool for burrowing through firewalls, built by teenagers at Hack Club.…
Simple golang webserver that listens for basic auth or post requests and sends a notification…
Nutek Security Platform for macOS and Linux operating systems. Tools for hackers, bug hunters and…
Welcome to SecureSphere Labs, your go-to destination for a curated collection of powerful hacking tools…
All in one Docker-based workstation with hacking tools for Pentesting and offsec Labs by maintained…
Got it! Below is the updated README.md file with instructions for downloading the project on…