Post by Bongoknight

Takahē

53d

Here is a more formal description of Cyberclip, a data analysis tool that I use every day for CTI.

The main idea is as follows: a Cyberchef-like tool that runs in a terminal, capable of recognizing certain types of data (IP, domains, URLs, hashes, analytics, JA4, CVE, etc.) and allowing extraction or actions to be performed on them.

For example, I use a lot IOC extraction, JSON parsing, CVE information retrieval, URL or domain parsing, and enrichment via VT or URLScan a lot. Pivots are simplified and accessible without development, for less technical users. It is also possible to chain actions into “recipes,” as on CyberChef.

For those who want screenshots, see below or here
https://bongoknight.github.io/cyberclip/Features%20tour/

For those who would like to test it (feel free to use ctrl+p to see all possible actions):
https://bongoknight.github.io/cyberclip/

More "actions" are planned (Censys, URLquery, etc.), but the idea is also to get feedback to prioritize and improve what already exists! Feel free to ask if you have any questions, problems, or suggestions!

#threatintel #threatintelligence #cyberclip #CTI

The main Cyberclip terminal interface is divided into three parts. The buttons on the left allow you to extract data. The central panel contains text from a Securlist article. The buttons on the right allow you to execute actions related to the detected data types.

ALT

0 0 0 View Post & Replies See Original