software

Domain Collector enables automated collection, aggregation and storage of knowledge about currently known trusted and dangerous domains on the Internet. It uses resources such as Cisco Umbrella and MISP Threat Sharing feeds, particularly VirusTotal, PhishTank, and OpenPhish, to obtain domain names. It then downloads and processes additional information about individual domains based on: 1) active interaction - server response to ICMP echo messages, open known ports, 2) external sources such as DNS, WHOIS/RDAP, information from TLS certificates, etc. The acquired knowledge is then stored in a MongoDB database where it can be used for other purposes (rule creation for application firewalls or IDS/IPS systems, threat intelligence, machine learning, and cyber threat detection research).

domain name, MISP, Cisco Umbrella, threat, DNS, WHOIS, RDAP, TLS, ICMP, MongoDB

17. 5. 2023

Aplikace je ke stažení v přiložených souborech.

K využití výsledku jiným subjektem je vždy nutné nabytí licence

Poskytovatel licence na výsledek nepožaduje licenční poplatek

https://www.fit.vut.cz/research/product/784/

domaincollector-documentation.pdf