Fushin
A malicious blog posts monitoring tool.
Features & ToDo
- [x] Subscribe a malicious blog posts feed (by @catnap707)
- [x] Extract IoCs(BTC, URL) from a blog post
- [x] Post extracted IoCs to Slack (or STDOUT) with enrichment
- [x] Attachment handling
- Scan a URL on Hybrid Analysis
Supported blog types
- jugem.jp
- kikey.net
- sblo.jp
- seesaa.net
- shinobi.jp
- teacup.com
Install
gem install fushin
Configuration
Please set the following environment variables:
SLACK_WEBHOOK_URL
: Slack Webhook URLSLACK_CHANNEL
: Slack channel nameHA_API_KEY
: Hybrid Analysis API key
Usage
fushin