• Stars
    star
    1,107
  • Rank 41,944 (Top 0.9 %)
  • Language
    Python
  • License
    GNU General Publi...
  • Created about 7 years ago
  • Updated about 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

CLI tool for open source and threat intelligence

Harpoon

OSINT / Threat Intel CLI tool.

PyPI PyPI - Downloads PyPI - License GitHub issues

Install

Requirements

As a pre-requesite for Harpoon, you need to install lxml requirements, on Debian/Ubuntu : sudo apt-get install libxml2-dev libxslt-dev python3-dev.

You need to have geoipupdate installed and correctly configured to use geolocation correctly (make sure you to have GeoLite2-Country GeoLite2-City GeoLite2-ASN as EditionIDs).

Installing harpoon

You can simply install the package from pypi with pip install harpoon

If the above install instructions didn't work, you can build the tool from source by executing the following commands in the terminal (this assumes you are using virtualenvs):

git clone https://github.com/Te-k/harpoon.git
cd harpoon
pip3 install .

You may want to install harpoontools to have additional commands using harpoon features.

Configuration

To configure harpoon, run harpoon config and fill in the needed API keys.

Then run harpoon update to download needed files. Check what plugins are configured with harpoon config -c.

See the wiki for more information.

Updating Harpoon

If you installed harpoon from pypi, just do pip install -U harpoon.

If you installed harpoon from the git repository, go to the repository and use the following commands:

git pull origin master
pip install .

Usage

After configuration the following plugins are available within the harpoon command:

    asn                 Gather information on an ASN
    binaryedge          Request BinaryEdge API
    cache               Requests webpage cache from different sources
    censys              Request information from Censys database (https://censys.io/)
    certspotter         Get certificates from https://sslmate.com/certspotter
    circl               Request the CIRCL passive DNS database
    config              Configure Harpoon
    crtsh               Search in https://crt.sh/ (Certificate Transparency database)
    cybercure           Search cybercure.ai intelligence database for specific indicators.
    dns                 Map DNS information for a domain or an IP
    dnsdb               Requests Farsight DNSDB
    email               Gather information on an email address
    fullcontact         Requests Full Contact API (https://www.fullcontact.com/)
    github              Request Github information through the API
    greynoise           Request information from GreyNoise API (pick Community or Enterprise via api_type config)
    hashlookup          Request CIRCL Hash Lookup db
    help                Give help on an Harpoon command
    hibp                Request Have I Been Pwned API (https://haveibeenpwned.com/)
    hunter              Request hunter.io information through the API
    hybrid              Requests Hybrid Analysis platform
    intel               Gather information on a domain
    ip                  Gather information on an IP address
    ipinfo              Request ipinfo.io information
    koodous             Request Koodous API
    malshare            Requests MalShare database
    misp                Get information from a MISP server through the API
    numverify           Query phone number information from NumVerify
    opencage            Forward/Reverse Geocoding using OpenCage
    otx                 Requests information from AlienVault OTX
    permacc             Request Perma.cc information through the API
    pgp                 Search for information in PGP key servers
    pt                  Requests Passive Total database
    pulsedive           Request PulseDive API
    quad9               Check if a domain is blocked by Quad9
    robtex              Search in Robtex API (https://www.robtex.com/api/)
    safebrowsing        Check if the given domain is in Google safe Browsing list
    save                Save a webpage in cache platforms
    securitytrails      Requests SecurityTrails database
    shodan              Requests Shodan API
    spyonweb            Search in SpyOnWeb through the API
    subdomains          Research subdomains of a domain
    telegram            Request information from Telegram through the API
    threatcrowd         Request the ThreatCrowd API
    threatgrid          Request Threat Grid API
    threatminer         Requests TreatMiner database https://www.threatminer.org/
    tor                 Check if an IP is a Tor exit node listed in the public list
    totalhash           Request Total Hash API
    twitter             Requests Twitter API
    umbrella            Check if a domain is in Umbrella Top 1 million domains
    update              Update Harpoon data
    urlhaus             Request urlhaus.abuse.ch API
    urlscan             Search and submit urls to urlscan.io
    vt                  Request Virus Total API
    xforce              Query IBM Xforce Exchange API
    zetalytics          Search in Zetalytics database

You can get information on each command with harpoon help COMMAND

Access Keys

Contributions

Thanks to people who helped improving Harpoon : @jakubd @marrouchi @grispan56 @christalib

Credits for the logo goes to @euphoricfall and the PulseDive team

License

This code is released under GPLv3 license.

More Repositories

1

flexidie

Source code and binaries of FlexiSpy from the Flexidie dump
824
star
2

cobaltstrike

Code and yara rules to detect and analyze Cobalt Strike
Python
237
star
3

pecli

CLI tool to analyze PE files
YARA
71
star
4

malware-classification

Data and code for malware classification using machine learning (for fun, not production)
Python
37
star
5

phpscanner

Php Scanner for malicious files (/!\ this tool is not maintained anymore)
Python
33
star
6

apkcli

CLI tool to analyze APKs
Python
31
star
7

openssh-backdoor

Openssh backdoor found with a ssh honeypot
C
28
star
8

pycrtsh

Python 3 library to request https://crt.sh/
Python
27
star
9

commands-for-sec

Useful commands for infosec
26
star
10

harpoontools

CLI tools using Harpoon features
Python
20
star
11

pysafebrowsing

Python 3 Google Safe Browsing library
Python
20
star
12

pybinaryedge

Python 3 Wrapper for the BinaryEdge API https://www.binaryedge.io/
Python
18
star
13

how-to-quick-forensic

Advices to look for malicious software on your devices
17
star
14

sdanalyzer

Tool to analyze a lot of APK files
HTML
16
star
15

spyonweb

Python3 wrapper and CLI for the SpyOnWeb API
Python
9
star
16

tips

Tips command line tool
Go
7
star
17

machocli

Python tool to analyse mach-o files (based in LIEF)
YARA
7
star
18

pysecuritytrails

Python3 wrapper for the Security Trails API
Python
7
star
19

binaryedge-maltego-local-transform

Maltego Local Transform for BinaryEdge
Python
7
star
20

webcache

OSINT tool to search or save pages in cache
Python
6
star
21

php-malicious-sample

Sample of malicious php
PHP
4
star
22

ipvtechbib

Bibliography on technology used in intimate partner violence
HTML
4
star
23

yaraa

Advanced Yara - extended features to Yara
Python
3
star
24

blog

Static pages of my blog
HTML
3
star
25

pyregripper

A forensic tool I started some time ago to understand some forensic artifacts, definitely not as good as RegRipper but in python
Python
3
star
26

random

Random stuff
2
star
27

100DaysofYARA

Notes for my #100DaysofYARA
2
star
28

andfind

List files and their creation, modification and access time on android
Go
2
star
29

mispcli

CLI tool for MISP
Python
1
star
30

privacytoronto-website

Website for Privacy Toronto
HTML
1
star
31

gdpr_us_media

Python
1
star
32

pypermacc

Python3 wrapper for the perma.cc API
Python
1
star