Malware analysis tools

mitaka v0.58.1 releases: OSINT friendly IOC (Indicator of Compromise) search tool

Mitaka

Mitaka is an OSINT friendly IOC (Indicator of Compromise) search tool.

It works as a Chrome extension and it makes possible to search / scan IOC via the context menu.

Features

Supported IOC types

namedesc.eg.
textfreetextany string(s)
ipIPv4 address8.8.8.8
domaindomain namegithub.com
urlURLhttps://github.com
emailEmail address[email protected]
asnASNAS13335
hashmd5 / sha1 / sha25644d88612fea8a8f36de82e1278abb02f
cveCVE numberCVE-2018-11776
btcBTC address1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa
gaPubIDGoogle Adsense Publisher IDpub-9383614236930773
gaTrackIDGoogle Analytics Tracker IDUA-67609351-1

Supported search engines

nameurlsupported types
BGPViewhttps://bgpview.ioip / asn
BlockCypherhttps://live.blockcypher.combtc
Censyshttps://censys.iotext
Cymonhttps://cymon.ioip / domain
DNSlyticshttps://dnslytics.comip / domain
DomainBigDatahttps://domainbigdata.comdomain
DomainWatchhttps://domainwat.chdomain / email
FOFAhttps://fofa.soip / domain
FindSubDomainshttps://findsubdomains.comdomain
HybridAnalysishttps://www.hybrid-analysis.comip / domain / hash (sha256 only)
Intelligence Xhttps://intelx.ioip / domain / url / email / btc
ONYPHEhttps://www.onyphe.ioip
OTXhttps://otx.alienvault.comip / domain / hash
Piplhttps://pipl.comemail
PubDBhttp://pub-db.comgaPubID / gaTrackID
PublicWWWhttps://publicwww.comtext
Pulsedivehttps://pulsedive.comip / domaion / url / hash
RiskIQhttp://community.riskiq.comip / domain / email
SecurityTrailshttps://securitytrails.comip / domain
Shodanhttps://www.shodan.iotext
Sploitushttps://sploitus.comcve
SpyOnWebhttp://spyonweb.comip / domain / gaPubID / gaTrackID
Taloshttps://talosintelligence.comip / domain
ThreatCrowdhttps://www.threatcrowd.orgip / domain / email
Urlscanhttps://urlscan.ioip / domain / url
ViewDNShttps://viewdns.infoip / domain / email
VirusTotalhttps://www.virustotal.comip / domain / url / hash
Vulmonhttps://vulmon.comcve
WebAnalyzerhttps://wa-com.com/domain
X-Force Exchangehttps://exchange.xforce.ibmcloud.comip / domain / hash
ZoomEyehttps://www.zoomeye.orgip

You can enable / disable a search engine via the extension’s options.

Supported scan engine

nameurlsupported types
Urlscanhttps://urlscan.ioip / domain / url
VirusTotalhttps://www.virustotal.comurl

Download

How to use

The Chrome extension shows context menus based on a type of IOC you selected and then you can choose what you want to search / scan on.

Note:

  • urlscan.io scan:
    • Please set your urlscan.io API key via the options if you want to make a scan.
  • VirusTotal scan:
    • Please set your VirusTotal API key via the options if you want to make a scan.

Options

You can enable / disable a search engine in the options page based on your preference.

About Permissons

This Chrome extension requires following permissions.

  • Read and change all your data on the websites you visit:
    • This extension creates context menus dynamically based on what you select on a website.
    • It means this extension requires reading all your data on the websites you visit. (This extension doesn’t change anything on the websites)
  • Display notifications:
    • This extension makes a notification when something goes wrong.

Copyright (c) 2018 Manabu Niseki

Source: https://github.com/ninoseki/

Anastasis Vasileiadis

PC Technical || Penetration Tester || Ethical Hacker || Cyber Security Expert || Cyber Security Analyst || Information Security Researcher || Malware analyst || Malware Investigator || Reverse Engineering