Releases: intelowlproject/IntelOwl
Releases · intelowlproject/IntelOwl
Patch release
Patch release after v1.1.0.
- Fix for the wrong service name in
docker-compose.thug.yml
- Slim Thug's docker image by a few MBs
- For full changelog/new features, see v1.1.0.
Note: To update the web-client, please run
docker pull intelowlproject/intelowl_ng:latest
before starting Intel Owl.
Thug Honeyclient, bug fixes, optimizations
Note: Please use v1.1.1 which is a patched version of this.
- Now supports Thug honeyclient for analysis of URL, Domain, HTML files. This is available via an optional docker container and in various flavors of invoking user-agent and thug specific configurations.
Here's how-to enable it and use it in Intel Owl. - Bug fixes: PEframe logs not being created, whitespace around
=
operator in.env
file. - Major under the hood improvements and optimizations and codefactor.io alert fixes.
- Improvements on the web interface for easier navigation/filtering of analysis results.
Note: To update the web-client, please run
docker pull intelowlproject/intelowl_ng:latest
before starting Intel Owl.
Revamped web interface + some new analyzers and code refactoring
Check the official blog posts for all the details:
https://www.honeynet.org/2020/07/05/intel-owl-release-v1-0-0/
21 new analyzers and a new docker-based system for integrations
Added a new way to integrate analysis tools as separated Docker-based analyzers. PEframe is the first of this kind.
21 New analyzers:
- PEframe: Perform static analysis on Portable Executable malware and malicious MS Office documents
- MalwareBazaar_Get_File: Check if a particular malware sample is known to MalwareBazaar
- Censys_Search: scan an IP address against Censys View API
- URLhaus: Query a domain or URL against URLhaus API
- MalwareBazaar_Get_Observable: Check if a particular malware hash is known to MalwareBazaar
- GreyNoise: scan an IP against the Greynoise API (requires API key)
- ONYPHE: search an observable in the ONYPHE
- HoneyDB_Get: IP lookup service
- Threatminer_PDNS: retrieve PDNS data from Threatminer API
- Threatminer_Reports_Tagging: retrieve reports from Threatminer API
- Threatminer_Subdomains: retrieve subdomains from Threatminer API
- ActiveDNS_Google: Retrieve current domain resolution with Google DoH (DNS over HTTPS)
- ActiveDNS_CloudFlare: Retrieve current domain resolution with CloudFlare DoH (DNS over HTTPS)
- ActiveDNS_Classic: Retrieve current domain resolution with default DNS
- Auth0: scan an IP against the Auth0 API
- Securitytrails_IP_Neighbours: scan an IP against securitytrails API for neighbour IPs
- Securitytrails_Details: scan a domain against securitytrails API for general details
- Securitytrails_Subdomains: scan a domain against securitytrails API for subdomains
- Securitytrails_Tags: scan a domain against securitytrails API for tags
- Securitytrails_History_WHOIS: scan a domain against securitytrails API for historical WHOIS
- Securitytrails_History_DNS: scan a domain against securitytrails API for historical DNS
0.3.0
Improvements
- Added DNSDB analyzer
- Improved Maxmind Analayzer
- little tweaks
First release
0.1.0 Merge branch 'master' of github.com:certego/IntelOwl