• Home
  • Become a Hacker
    • Get Started
    • Hacker Mindset
    • Roadmap
    • Simple Setup – Hacker 101
    • Types of Hackers
    • Recommended Courses
  • Boot People Offline
  • Courses
    • All Hacking Courses
    • Cyber Security School
  • CTF
    • Beginners to Advanced Guide
    • Create your own CTF box
    • Field and Resources Guide
    • Platforms & Wargames
    • Tools Used for Solving CTF
    • Writeups
  • Dark Web
    • Beginners Guide
    • Darknet Markets
    • Darkweb 101 (Anonymity Guide)
    • Dark Web OSINT Tools
    • Hacking Forums
    • Latest News
    • Onion Links
  • Hacker Gadgets
  • Hacking Books
  • Tools Directory
Menu
  • Home
  • Become a Hacker
    • Get Started
    • Hacker Mindset
    • Roadmap
    • Simple Setup – Hacker 101
    • Types of Hackers
    • Recommended Courses
  • Boot People Offline
  • Courses
    • All Hacking Courses
    • Cyber Security School
  • CTF
    • Beginners to Advanced Guide
    • Create your own CTF box
    • Field and Resources Guide
    • Platforms & Wargames
    • Tools Used for Solving CTF
    • Writeups
  • Dark Web
    • Beginners Guide
    • Darknet Markets
    • Darkweb 101 (Anonymity Guide)
    • Dark Web OSINT Tools
    • Hacking Forums
    • Latest News
    • Onion Links
  • Hacker Gadgets
  • Hacking Books
  • Tools Directory
Search
Close
  • Home
  • 2018
  • September
  • 30
  • Cortex 2.1.0 released: Powerful Observable Analysis Engine

Cortex 2.1.0 released: Powerful Observable Analysis Engine

September 30, 2018July 27, 2019 Comments Off on Cortex 2.1.0 released: Powerful Observable Analysis Engine
cortex cortex 2.1.0 cortex opensource

Cortex tries to solve a common problem frequently encountered by SOCs, CSIRTs and security researchers in the course of threat intelligence, digital forensics, and incident response: how to analyze observables they have collected, at scale, by querying a single tool instead of several?

Cortex, an open source, and free software have been created by TheHive Project for this very purpose. Observables, such as IP and email addresses, URLs, domain names, files or hashes, can be analyzed one by one or in bulk mode using a Web interface. Analysts can also automate these operations thanks to the Cortex REST API.

By using Cortex, you won’t need to rewrite the wheel every time you’d like to use a service or a tool to analyze an observable and help you investigate the case at hand. Leverage one of the several analyzers it contains and if you are missing a tool or a service, create a suitable program easily and make it available for the whole team (or better, for the whole community) thanks to Cortex.

Cortex and TheHive

Along with MISP, Cortex is the perfect companion for TheHive. Starting from Buckfast (TheHive version 2.10), you can analyze tens or hundreds of observables in a few clicks using one or several Cortex instances depending on your OPSEC needs and security requirements. Moreover, TheHive comes with a report template engine that allows you to adjust the output of Cortex analyzers to your taste instead of having to create your own JSON parsers for Cortex output.

Cortex and MISP

Starting from Cortex 1.1.1, Cortex can be integrated with MISP in two ways:

  • Cortex can invoke MISP modules
  • MISP can invoke Cortex analyzers

Architecture

Cortex is written in Scala. The front-end uses AngularJS with Bootstrap. Its REST API is stateless which allows it to be horizontally scalable. The provided analyzers are written in Python. Additional analyzers may be written using the same language or any other language supported by Linux.

Analyzers

Cortex has 30 analyzers listed below. To configure them, read the Cortex Analyzers Requirements Guide.

  • Abuse_Finder: use CERT-SG’s Abuse Finder to find the abuse contact associated with domain names, URLs, IP, and email addresses.
  • CERTatPassiveDNS*: Check CERT.at Passive DNS Service for a given domain.
  • CIRCLPassiveDNS*: Check CIRCL’s Passive DNS for a given domain.
  • CIRCLPassiveSSL*: Check CIRCL’s Passive SSL service for a given IP address or certificate hash.
  • CuckooSandbox: analyze URLs and files using Cuckoo Sandbox.
  • DNSDB*: leverage Farsight Security’s DNSDB for Passive DNS.
  • DomainTools*: look up domain names, IP addresses, WHOIS records, etc. using the popular DomainTools service API.
  • EmergingThreats*: leverage Proofpoint’s Emerging Threats Intelligence to assess the reputation of various observables and obtain additional and valuable information on malware.
  • File_Info: parse files in several formats such as OLE and OpenXML to detect VBA macros, extract their source code, generate useful information on PE, PDF files and much more.
  • FireHOLBlocklists: check IP addresses against the FireHOL blocklists.
  • GoogleSafebrowsing*: check URLs against Google Safebrowsing.
  • HybridAnalysis*: fetch Hybrid Analysis reports associated with hashes and filenames.
  • Hippocampe: query threat feeds through Hippocampe, a FOSS tool that centralizes feeds and allows you to associate a confidence level to each one of them (that can be changed over time) and get a score indicating the data quality.
  • JoeSandbox*: analyze URLs and files using the powerful Joe Sandbox malware analysis solution.
  • MaxMind: geolocation.
  • MISP*: search for MISP events in one or several MISP instances containing the observable submitted as input.
  • Nessus: use Nessus Professional, a popular vulnerability scanner to scan an IP address or an FQDN.
  • MsgParser: parse Outlook message files automatically and show the key information it contains such as headers, attachments etc.
  • OTXQuery*: query AlienVault Open Threat Exchange for IPs, domains, URLs, or file hashes.
  • PassiveTotal*: leverage RiskIQ’s PassiveTotal service to gain invaluable insight on observables, identify overlapping infrastructure using Passive DNS, WHOIS, SSL certificates and more.
  • Phishing Initiative*: query Phishing Initiative to assess whether a URL has been flagged as a phishing site.
  • PhishTank*: query PhishTank to assess whether a URL has been flagged as a phishing site.
  • Shodan*: retrieve key Shodan information on domains and IP addresses.
  • URLCategory: check the Fortinet categories of URLs.
  • VirusShare: check whether a file/hash is available on VirusShare.com.
  • VirusTotal*: look up files, URLs, and hashes in VirusTotal.
  • VMRay*: analyze files using the VMRay Analyzer Platform.
  • WOT*: check a domain against Web of Trust, a website reputation service.
  • Yara: check files against YARA rules using yara-python.
  • Yeti: retrieve all available information related to a domain, a fully qualified domain name, an IP address, a URL or a hash from a YETI instance.

The star (*) indicates that the analyzer needs an API key, a user account or special access from the service provider to work correctly. We do not provide API keys, user accounts or request access on your behalf. You have to use your own or contact the service provider.

Changelog v2.2.0

Full Changelog

Implemented enhancements:

  • Show PAP value in the Org > Analyzers screen #124
  • Display cache configuration in analyzer admin page #123

Fixed bugs:

  • Temporary files are not removed at the end of job #129
  • MISP fails to run analyzers #128
  • MISP API fails #109
  • File_Info issue #53

Merged pull requests:

  • Update resolvers in build.sbt to contain Maven as a dependency #130 (adl1995)

Tutorial

Copyright (C) 2016-2017 Thomas Franco
Copyright (C) 2016-2017 Saâd Kadhi
Copyright (C) 2016-2017 Jérôme Leonard

Source: https://github.com/TheHive-Project/

Post navigation

SocialBox – A Bruteforce Attack Framework[ Facebook , Gmail , Instagram ,Twitter]
JShell – Get A JavaScript Shell With XSS

Related Articles

DeTTecT – Detect Tactics, Techniques & Combat Threats

- Incident Response
October 15, 2019

PatrOwl – Smart and Scalable Security Operations Orchestration Platform

- Threat Intelligence
October 7, 2019

DumpsterFire Toolset – Security Incidents In A Box!

- Incident Response
October 4, 2019
hacker gadgets
hacker phone covers

Recent Posts

APT-Hunter v3.0 releases: Threat Hunting tool for windows event logs

APT-Hunter v3.0 releases: Threat Hunting tool for windows event logs

January 30, 2023
Hackers are exploiting CVE-2023-0558 and CVE-2023-0557 in WordPress plugin

Hackers are exploiting CVE-2023-0558 and CVE-2023-0557 in WordPress plugin

January 29, 2023
Yaralyzer - Visually Inspect And Force Decode YARA And Regex Matches Found In Both Binary And Text Data, With Colors

Yaralyzer – Visually Inspect And Force Decode YARA And Regex Matches Found In Both Binary And Text Data, With Colors

January 29, 2023
Austrian Resold Drugs Purchased on The Dark Web

Austrian Resold Drugs Purchased on The Dark Web

January 29, 2023
SSTImap - Automatic SSTI Detection Tool With Interactive Interface

SSTImap – Automatic SSTI Detection Tool With Interactive Interface

January 28, 2023
Octosuite v3.0.4 releases: Advanced Github OSINT Framework

Octosuite v3.0.4 releases: Advanced Github OSINT Framework

January 28, 2023

Social Media Hacking

SocialPath – Track users across Social Media Platforms

SocialPath – Track users across Social Media Platforms

- Social Media Hacking
October 16, 2019October 16, 2019

SocialPath is a django application for gathering social media intelligence on specific username. It checks for Twitter, Instagram, Facebook, Reddit...

SocialScan – Check Email Address and Username Availability on Online Platforms

SocialScan – Check Email Address and Username Availability on Online Platforms

June 17, 2019
Shellphish – Phishing Tool For 18 Social Media Apps

Shellphish – Phishing Tool For 18 Social Media Apps

June 10, 2019July 27, 2019
WhatsApp Hacking using QRLJacking

WhatsApp Hacking using QRLJacking

May 2, 2019May 19, 2019
How to Hack any Facebook Account with Z-Shadow

How to Hack any Facebook Account with Z-Shadow

April 26, 2019June 29, 2020
hacker buffs

About Us

Haxf4rall is a collective, a good starting point and provides a variety of quality material for cyber security professionals.

Join Our Community!

Please wait...
Get the latest News and Hacking Tools delivered to your inbox.
Don't Worry ! You will not be spammed

Active Members

Submit a Tool

Hackers Handbook 2018


Grab your copy here

ABOUT US

Haxf4rall is a collective, a good starting point and provides a variety of quality material for cyber security professionals.

Our primary focus revolves around the latest tools released in the Infosec community and provide a platform for developers to showcase their skillset and current projects.

COMPANY
  • Contact Us
  • Disclaimer
  • Hacker Gadgets
  • LANC Remastered
  • PCPS IP Puller
  • Privacy Policy
  • Sitemap
  • Submit your Tool
Menu
  • Contact Us
  • Disclaimer
  • Hacker Gadgets
  • LANC Remastered
  • PCPS IP Puller
  • Privacy Policy
  • Sitemap
  • Submit your Tool
Live Chat
RESOURCES
  • Attack Process
  • Become a Hacker
  • Career Pathways
  • Dark Web
  • Hacking Books
  • Practice Your Skills
  • Recommended Courses
  • Simple Setup – Hacker 101
Menu
  • Attack Process
  • Become a Hacker
  • Career Pathways
  • Dark Web
  • Hacking Books
  • Practice Your Skills
  • Recommended Courses
  • Simple Setup – Hacker 101
Get Started
TOOLBOX
  • Anonymity
  • Bruteforce
  • DoS – Denial of Service
  • Information Gathering
  • Phishing
  • SQL Injection
  • Vulnerability Scanners
  • Wifi Hacking
Menu
  • Anonymity
  • Bruteforce
  • DoS – Denial of Service
  • Information Gathering
  • Phishing
  • SQL Injection
  • Vulnerability Scanners
  • Wifi Hacking
Tools Directory

2014 – 2020 | Haxf4rall.com               Stay Connected:

Facebook Twitter Google-plus Wordpress
Please wait...

Join Our Community

Subscribe now and get your free HACKERS HANDBOOK

Don't Worry ! You will not be spammed
SIGN UP FOR NEWSLETTER NOW