Small collection of tools to help speed up malware and CTI analysis.
-
Updated
Nov 28, 2025 - Go
Small collection of tools to help speed up malware and CTI analysis.
This Python script fetches a list of malicious IP addresses from Abuse CH's IP blocklist and dynamically adds them to the Windows firewall rules, blocking both outgoing and incoming connections to those IPs.
Complete toolkit for abuse.ch APIs — URLhaus, MalwareBazaar, ThreatFox, Feodo Tracker
Open-source CTI feed aggregator — 45K+ IOCs from 6 free feeds, zero dependencies, no API keys. Built by the AIguard team (aiguardai.com)
Python CLI tool that checks domains, IPs, and URLs against Abuse.ch and AlienVault OTX threat intelligence feeds
Cyber threat intelligence pipeline: abuse.ch feeds → Bruin → BigQuery → Streamlit dashboard. How fast do malicious URLs get taken down, and what malware is behind them?
JavaScript/TypeScript client for abuse.ch APIs — the largest open-source malware threat intelligence platform. 1.5M+ malware samples, 3M+ malicious URLs, IOC sharing.
Fetches 1–7 days of ThreatFox IOCs, displays color-coded results to terminal, and exports to CSV
Add a description, image, and links to the abuse-ch topic page so that developers can more easily learn about it.
To associate your repository with the abuse-ch topic, visit your repo's landing page and select "manage topics."