Mitaka is a browser extension for OSINT (open source intelligence) search which can:
- Extract & refang IoCs (indicators of compromise) from a selected block of text.
- E.g.
example[.]comtoexample.com,test[at]example.comto[email protected],hxxp://example.comtohttp://example.com, etc. - You can find all the refang techniques at here.
- E.g.
- Search / scan it on various engines.
- E.g. VirusTotal, urlscan.io, Censys, Shodan, etc.
| name | desc. | e.g. |
|---|---|---|
| text | Freetext | any string(s) |
| asn | ASN | AS13335 |
| btc | BTC address | 1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa |
| cve | CVE number | CVE-2018-11776 |
| domain | Domain name | github.com |
| Email address | [email protected] |
|
| eth | Ethereum address | 0x32be343b94f860124dc4fee278fdcbd38c102d88 |
| gaPubID | Google Adsense Publisher ID | pub-9383614236930773 |
| gaTrackID | Google Analytics Tracker ID | UA-67609351-1 |
| hash | md5 / sha1 / sha256 | 44d88612fea8a8f36de82e1278abb02f |
| ip | IPv4 address | 8.8.8.8 |
| url | URL | https://github.com |
| name | url | supported types |
|---|---|---|
| AbuseIPDB | https://www.abuseipdb.com | ip |
| AnyRun | https://app.any.run | hash |
| apklab | https://apklab.io | hash (SHA256 only) |
| archive.org | https://archive.org | url |
| archive.today | http://archive.fo | url |
| Auth0 | https://auth0.com | ip |
| BGPView | https://bgpview.io | ip / asn |
| BinaryEdge | https://app.binaryedge.io | ip / domain |
| BitcoinAbuse | https://www.bitcoinabuse.com | btc |
| BitcoinWhosWhos | https://bitcoinwhoswho.com | btc |
| Blockchain.com | https://www.blockchain.com | btc |
| Blockchair | https://blockchair.com | btc / eth |
| BlockCypher | https://live.blockcypher.com | btc |
| Censys | https://censys.io | ip / domain / asn / text |
| crt.sh | https://crt.sh | domain |
| DNSlytics | https://dnslytics.com | ip / domain |
| DomainBigData | https://domainbigdata.com | ip / domain / email |
| DomainTools | https://www.domaintools.com | ip / domain |
| DomainWatch | https://domainwat.ch | domain / email |
| EmailRep | https://emailrep.io | |
| FOFA | https://fofa.so | ip / domain |
| FortiGuard | https://fortiguard.com | ip / url / cve |
| Google Safe Browsing | https://transparencyreport.google.com | domain / url |
| GreyNoise | https://viz.greynoise.io | ip / domain / asn |
| Hashdd | https://hashdd.com | ip / domain / hash |
| Hurricane Electric | https://bgp.he.net/ | ip / domain / asn |
| HybridAnalysis | https://www.hybrid-analysis.com | ip / domain / hash |
| Intelligence X | https://intelx.io | ip / domain / url / email / btc |
| Intezer | https://analyze.intezer.com | hash |
| IPinfo | https://ipinfo.io | ip / asn |
| IPIP | https://en.ipip.net | ip / asn |
| Joe Sandbox | https://www.joesandbox.com | hash |
| MalShare | https://malshare.com | hash |
| Maltiverse | https://www.maltiverse.com | domain / hash |
| MalwareBazaar | https://bazaar.abuse.ch | hash |
| Malwares | https://www.malwares.com | hash |
| NVD | https://nvd.nist.gov | cve |
| OOCPR | https://data.occrp.org | |
| ONYPHE | https://www.onyphe.io | ip |
| OpenTIP | https://opentip.kaspersky.com | hash |
| OTX | https://otx.alienvault.com | ip / domain / hash |
| PublicWWW | https://publicwww.com | text |
| Pulsedive | https://pulsedive.com | ip / domain / url / hash |
| RiskIQ | http://community.riskiq.com | ip / domain / email / gaTrackID |
| Robtex | https://www.robtex.com | ip / domain |
| Scumware | https://www.scumware.org | ip / domain / hash (MD5 only) |
| SecurityTrails | https://securitytrails.com | ip / domain / email |
| Shodan | https://www.shodan.io | ip / domain / asn |
| Sploitus | https://sploitus.com | cve |
| SpyOnWeb | http://spyonweb.com | ip / domain / gaPubID / gaTrackID |
| Spyse | https://spyse.com | ip / domain / asn |
| Talos | https://talosintelligence.com | ip / domain |
| ThreatConnect | https://app.threatconnect.com | ip / domain / email |
| ThreatCrowd | https://www.threatcrowd.org | ip / domain / email |
| ThreatMiner | https://www.threatminer.org | ip / domain / hash |
| TIP | https://threatintelligenceplatform.com | ip / domain |
| URLhaus | https://urlhaus.abuse.ch | ip / domain |
| Urlscan | https://urlscan.io | ip / domain / asn / url |
| ViewDNS | https://viewdns.info | ip / domain / email |
| VirusTotal | https://www.virustotal.com | ip / domain / url / hash |
| VMRay | https://www.vmray.com | hash |
| Vulmon | https://vulmon.com | cve |
| VulncodeDB | https://www.vulncode-db.com | cve |
| VxCube | http://vxcube.com | ip / domain / hash |
| WebAnalyzer | https://wa-com.com | domain |
| X-Force Exchange | https://exchange.xforce.ibmcloud.com | ip / domain / hash |
| ZoomEye | https://www.zoomeye.org | ip |
| name | url | supported types |
|---|---|---|
| Browserling | https://www.browserling.com | url |
| HybridAnalysis | https://www.hybrid-analysis.com | url |
| Urlscan | https://urlscan.io | ip / domain / url |
| VirusTotal | https://www.virustotal.com | url |
This browser extension shows context menus based on a type of IoC you selected and then you can choose what you want to search / scan on.
Examples:
Also, there is a how-to article about Mitaka which is written by Null Byte.
Note:
Please set your API keys in the options for enabling HybridAnalysis, urlscan.io and VirusTotal scans.
You can enable / disable a search engine on the options page based on your preference.
This browser extension requires the following permissions.
Read and change all your data on the websites you visit:- This extension creates context menus dynamically based on what you select on a website.
- It means this extension requires reading all your data on the websites you visit. (This extension doesn't change anything on the websites)
Display notifications:- This extension makes a notification when something goes wrong.
I don't (and will never) collect any information from the users.
- CrowdScrape
- Gotanda
- Sputnik
- ThreatConnect Integrated Chrome Extension
- ThreatPinch Lookup
- VTchromizer
Read the contribution guide and join the contributors.