Domain Collector

Domain Collector

Software

Domain Collector enables automated collection, aggregation and storage of knowledge about currently known trusted and dangerous domains on the Internet. It uses resources such as Cisco Umbrella and MISP Threat Sharing feeds, particularly VirusTotal, PhishTank, and OpenPhish, to obtain domain names. It then downloads and processes additional information about individual domains based on: 1) active interaction - server response to ICMP echo messages, open known ports, 2) external sources such as DNS, WHOIS/RDAP, information from TLS certificates, etc. The acquired knowledge is then stored in a MongoDB database where it can be used for other purposes (rule creation for application firewalls or IDS/IPS systems, threat intelligence, machine learning, and cyber threat detection research).

Domain Collector enables automated collection, aggregation and storage of knowledge about currently known trusted and dangerous domains on the Internet. It uses resources such as Cisco Umbrella and MISP Threat Sharing feeds, particularly VirusTotal, PhishTank, and OpenPhish, to obtain domain names. It then downloads and processes additional information about individual domains based on: 1) active interaction - server response to ICMP echo messages, open known ports, 2) external sources such as DNS, WHOIS/RDAP, information from TLS certificates, etc. The acquired knowledge is then stored in a MongoDB database where it can be used for other purposes (rule creation for application firewalls or IDS/IPS systems, threat intelligence, machine learning, and cyber threat detection research).

domain name, MISP, Cisco Umbrella, threat, DNS, WHOIS, RDAP, TLS, ICMP, MongoDB

domain name, MISP, Cisco Umbrella, threat, DNS, WHOIS, RDAP, TLS, ICMP, MongoDB

Aplikace je ke stažení v přiložených souborech.

In order to use the result by another entity, it is always necessary to acquire a license

https://www.fit.vut.cz/research/product/784/

domain-collector-1_0
domaincollector-documentation