Curated lists of websites related to various categories useful for doing domain research, malware/IOC research, NSM testing like PCAPs, what sites you can perform live analysis/sandbox testing from, and other more specific descriptions as follow:
Sites containing information on whether or not one of the following data types has a reputation, meaning they are defined as malicious, xyz APT, or has data you could use to determine for yourself on whether or not it is malicious or related to something (ie: already existing sandbox report on a file).
- IP
- Domain
- SSL Certificates
- Email Address
- Registrants for Domain
- Hashes such as File, SSL, JA3, etc...
Information related to a domain that is irregardless of its "reputation" of being malware or other category.. Such as Whois information or PassiveDNS information, or list of gTLD (top level domains like .pink or .university).
Sites that allow you to submit Files, URLs, Domains, or IPs for simulated/live analysis (ie: sandbox).
Log records and PCAPs to be used for analysis tests, database/siem/logging testing, machine learning testing, parsing samples, NSM/IDS/application testing.
- Log Records/Samples aide in testing analytics, parsers, databases, SIEM, logging solution, etc...
- PCAPs useful for testing a protocol parser, additional source of malware samples, testing your IDS, IPS, or NSM application/appliance
Curated list of websites for things like:
- Website categorization ie: determine if it is a shopping, technology, adult, cloud storage, or other categorized site. Similar to categories defined by a web proxy.
- Repos of malware and or malware source code.
- Sites that have historical internet scan information (ie: like Shodan).
- Information on JA3 hashes and JA3s hashes.
- Some sites or tools for OSINT
- Various tools that would aide in anything else in this repo. like a tool for scraping a site, or a tool for doing your own domain collection, etc... However, this is probably updated list of any others because other people have much better curated lists for this.
Sites that provide lists of Domains, IPs, URLs, that you can download in bulk/mass for the purpose of blocking or dns sinkhole. Some the lists categorize the data types of whether or not they are malware, advertisements, spam, phishing, and or dynamic dns.
You may notice many repetitive websites as many sites contain information for IPs & Domains & Hashes and a URL consists of a domain/IP, but I wanted to categorize them based on the relation of what you are investigating.
Let me know if I am missing anything or you think things should be re-categorized.