Skip to content

README.md

Latest commit

 

History

History
122 lines (72 loc) · 2.87 KB

README.md

File metadata and controls

122 lines (72 loc) · 2.87 KB

Analyzer_forums

VECERT Threat Intelligence CLI is a Python-based command-line tool for cyber threat intelligence analysts to query, visualize, and export data from the VECERT Analyzer API.

VECERT1

This API aggregates and structures posts scraped from underground forums, leak sites, and dark web communities — providing insights into threat actor activity, data breaches, and emerging attack vectors.

Menu:

  1. Search by Title
  2. Search by Author
  3. Search by Posted Date
  4. Advanced search (combine filters)
  5. Change per_page (max 100)
  6. Next page
  7. Previous page
  8. Show Overview
  9. Show Current Query
  10. Export Results to CSV
  11. Exit

📊 Overview Dashboard

On startup, it automatically fetches and displays:

Total posts indexed

VECERT

Distribution by source (e.g. BreachForums, XSS, Cracked, etc.)

Top 10 authors / bots Example:

Mode: overview Total records: 403,927

Distribution by Source ┌─────────────┬────────────┬────────────┐ │ Source │ Count │ Percentage │ │ BreachForums│ 34,650 │ 8.58% │ │ Cracked │ 263,016 │ 65.11% │ │ XForums │ 57,041 │ 14.12% │ └─────────────┴────────────┴────────────┘

💾 CSV Export

Export your findings for reporting or correlation in other tools (e.g. MISP, Maltego, Excel).

Option 10 → Export results to CSV

Choose to export:

🟢 Current page

🔵 All pages (auto-pagination)

2️⃣ Requirements

No external dependencies — only Python ≥ 3.7 is required.

✅ Everything runs with built-in libraries:

urllib.request json csv re datetime

🧩 API Reference

Parameter Description Example

title Search keyword in post titles title=bank author Filter by threat actor or bot name author=intelbroker posted_date Date or partial (YYYY-MM-DD or YYYY-MM) posted_date=2025-10 page Pagination (default 1) page=2 per_page Results per page (max 100) per_page=50

🧠 Use Cases for Threat Intelligence

Threat Actor Tracking

Monitor posts by key personas (e.g., intelbroker, pompompurin, etc.)

Breach Monitoring

Identify leaks and databases being traded or sold.

TTPs and Emerging Threats

Search titles for keywords like “ransomware”, “zero-day”, “phishing kit”.

Forum Intelligence Aggregation

Understand where conversations cluster (via distribution_by_source).

Data Correlation

Export to CSV for integration with:

MISP Splunk / ELK Excel / Power BI Maltego

💬 Contact

Created by VECERT Threat Intelligence 🌐 vecert.io

📧 [email protected]