OpenSec Atlas

cyberbro: An Open Source Tool for Threat Intelligence | OpenSec Atlas

Threat Intelligence

Tool

cyberbro

Cyberbro is a lightweight application that extracts IoCs from raw input and checks their reputation across multiple threat intelligence services.

Visit Website View on GitHub

About This Tool

A simple application that extracts your IoCs from garbage input and checks their reputation using multiple CTI services.

Primary Use Case

Cyberbro is designed for security analysts and threat hunters who need to quickly parse and analyze Indicators of Compromise (IoCs) from unstructured data. It enables users to automate reputation checks and enrich threat intelligence without deploying complex solutions, making it ideal for OSINT investigations and security automation workflows.

Key Features

Automatic parsing and extraction of IoCs from raw logs or garbage input
Reputation lookup for IPs, hashes, domains, URLs, and Chrome extension IDs using multiple CTI services
Multithreaded processing for fast analysis
Automated pivoting to discover related domains, URLs, and IPs via reverse DNS and RDAP
Integration with Microsoft Defender for Endpoint, CrowdStrike, OpenCTI, and other security tools
Results caching and storage in SQLite for faster repeat lookups
Comprehensive reports with advanced search, filtering, and export to CSV/Excel
Experimental graph view and analysis history for better visualization

Insights & Recommendations

Cyberbro supports proxy configuration and caching at the multi-engine level to optimize performance. It is beginner-friendly and lightweight, but requires API keys configured in secrets.json for full functionality. Leveraging it with LLMs via the Model Context Protocol (MCP) can enhance custom report generation.

Installation

git clone https://github.com/stanfrbd/cyberbro.git
Copy secrets-sample.json to secrets.json and configure your API keys
Run using Docker Compose: docker compose up
Access the web interface at http://localhost:5000

Usage

docker compose up

Starts Cyberbro using Docker Compose for an easy deployment

Paste raw logs or IoCs into the web interface

Automatically parses and extracts IoCs for reputation checking

Export reports to CSV or Excel

Allows saving and sharing of analyzed IoC data

Smart Usage Notes

Integrate Cyberbro with SIEM and SOAR platforms to automate IoC enrichment and accelerate incident response workflows.Leverage the multithreaded processing and caching features to perform bulk reputation checks during threat hunting exercises.Use the graph visualization feature to identify and pivot on related IoCs, enhancing situational awareness during investigations.Combine Cyberbro with LLMs for automated report generation and contextual threat intelligence summarization.Deploy Cyberbro as a lightweight web service in SOC environments to empower analysts with rapid OSINT-driven IoC validation.