search

intelowlproject / IntelOwl

IntelOwl: manage your Threat Intelligence at scale
https://intelowlproject.github.io
GNU Affero General Public License v3.0
3.79k stars 428 forks source link

[Analyzer] abuse_whois integration #2308

Open drego85 opened 4 months ago

drego85 commented 4 months ago

Name

After the recent integration of Abusix to identify IP address abuse teams, it may be interesting to integrate @ninoseki's abuse_whois project to obtain abuse references for domain names as well.

Link

https://github.com/ninoseki/abuse_whois

Why should we use it

To improve interactions with abuse teams.

mlodic commented 4 months ago

why not?

And recently we went even further. With the last release (6.0.2) we added a new _TakeDownRequest Playbook which automates everything: in this way the user needs only to submit the domain they want to take down and IntelOwl would do all the rest.... and it would send the email to the abuse contact provider too :) You could give it a try :)

We'll show this use case at the next Honeynet Workshop, then we'll share slides and content here

ninoseki commented 4 months ago

FYI sending email approach does not work well in many cases. Especially if you send an email to a domain registrar. I often get automatic reply says “please submit it via our form”. And in most cases a form has a captcha. So it’s difficult to automate the whole process.

mlodic commented 4 months ago

Thanks for sharing :) Right now our playbook sends the email only to hosting providers and not domain registrars. I have no actual extensive experience on that so what you shared is nice to know. I'll update this post if we get more interesting findings about.