While brainstorming for ideas, we began discussing our summer internships. Sharing some of our day to day task with one another. It didn't take long to realize that we all had a similar issue. Threat Intel gathering requires the use of multiple sites and tools, so much so one can even lose their place or worst their train of thought. We wanted to have one centralized place, a one stop shop we could gather intel from those very same sites and have a easy to analyze output. Saving analyst hours, by not having to go out manually to collect the information and transferring it over to one place. So Tom Nook's Cyber Cranney began building.
What it does
Tom Nook's Cyber Cranney is a Command Line Interface threat intel gathering tool and any analyst bestfriend . By calling out to its integrated API's Shodan, Threat Crowd, Intel-X, Domain Rep, Auth0, IPQualityScore, URL Scan and Host IO. It allows the analyst to conduct a real-time searches for any URL, Malware Family, Hash, IP, or email they choose. Tom will then perform the search and output the results in CSV file, which will contain all the information in one single location. Ultimately saving the analyst valuable time and resources.
How we built it
We began with extensive amounts of research into all the different APIs that we chose to use. Each API returns an output in a different format, so we then had to make those outputs all uniform so that the program could easily understand them. After we obtained the API methodology, we began the integration steps. By using the python requests library, we are able to make individual calls to each API with a user specified query, collect the returned data, ask if the user would like to make another search, and, if not, return all of the found outputs to their own excel sheet. Was this project a labor of love? Yes, but also blood, sweat, tears, and a few creative words.
Challenges we ran into
Having to learn how to mess together so many API's in such a short amount of time was brutal. Along with the additional command line interface, time truly was not on our side. Thanks to good time management and proper tasking distribution, we were all able to get all the parts working and together make them work as one.
Accomplishments that we're proud of
By far this has to be the greatest most realistic application hackathon project we have ever finished and even better in only 24 hours.
What we learned
There was so much we were able to learn in such little time. To push ourselves, we used new and different API tools so we could gather data from new sources.
What's next for Tom Nook's Cyber Cranney
There is still much we want to add to the user interface. Now that we can continue to work on the project, we will add more sources of information and tools. We also want add different options to how the information can be exported. Ultimately we want to add as much useful functionality, to make any analyst day a little less hectic.