misp-website/_pages/tools.md

---
layout: page
title: Tools
permalink: /tools/
toc: true
---

## Software and Tools

Many open source and proprietary tools integrate MISP support (MISP format or API) in order to extend their tools
or MISP itself. A series of additional software are supported and handled by the [MISP project](https://www.github.com/MISP).
The additional software supported by the MISP project allow the community to rely on additional tools to support their day-to-day operations. The objective
is also to explore new ideas, concepts or functionality which can be integrated in MISP core software later on.

### Software within the MISP project


* [misp-modules](https://github.com/MISP/misp-modules) - Modules for expansion services in MISP
     * Passive Total - [doc](http://blog.passivetotal.org/misp-sharing-done-differently/).
     * CIRCL Passive DNS - a hover and expansion module to expand hostname and IP addresses with passive DNS information.
     * CIRCL Passive SSL - a hover and expansion module to expand IP addresses with the X.509 certificate seen.
     * EUPI API Support (Phishing Initiative project).
     * IPASN - a hover and expansion to get the BGP ASN of an IP address.
     * ASN History - a hover and expansion module to expand an AS number with the ASN description and its history.
     * CVE a hover module to give more information about a vulnerability (CVE).
* [misp-workbench](https://github.com/MISP/misp-workbench) - Tools to export data out of the MISP MySQL database and use and abuse them outside of this platform.
* [MISpego](https://github.com/MISP/MISPego) - Maltego Transform to put entities into MISP events.
* [MISP-maltego](https://github.com/MISP/MISP-maltego) - Set of Maltego transforms to inferface with a MISP instance.
* [PyMISP](https://github.com/CIRCL/PyMISP) - Python library using the MISP Rest API. This is the official library for MISP and can also generate offline MISP events.
* [MISP-STIX-Converter](https://github.com/MISP/MISP-STIX-Converter) -  An utility repo to assist with converting between MISP and STIX formats.
* [MISP-Taxii-Server](https://github.com/MISP/MISP-Taxii-Server) - An OpenTAXII Configuration for MISP with automatic TAXII to MISP sync.
* [mail_to_misp](https://github.com/MISP/mail_to_misp) - Connect your mail client/infrastructure to MISP in order to create events based on the information contained within mails.

For the additional software created by the MISP project, check our [MISP project organization](https://github.com/MISP/).

### Software or Services with MISP support or Extending MISP functionalities

* [Viper](http://www.viper.li/) - is a binary management and analysis framework dedicated to malware and exploit researchers including a MISP module.
* [cve-search](https://github.com/cve-search) - a tool to perform local searches for known vulnerabilities include a [MISP plug-in](https://github.com/cve-search/Plugins/tree/master/plugins/plugins/MISP).
* [Cuckoo modified](https://github.com/spender-sandbox/cuckoo-modified) - heavily modified version of Cuckoo Sandbox including a [MISP reporting module](https://github.com/spender-sandbox/cuckoo-modified/blob/master/modules/reporting/misp.py) to put the information into a MISP instance.
* [Hybrid analysis](https://www.hybrid-analysis.com/) exports in MISP format.
* [Joe Sanbox](https://www.joesecurity.org/) outputs analysis in MISP format.
* [Loki - Simple IOC Scanner](https://github.com/Neo23x0/Loki) includes a MISP receiver.
* [MISP-Extractor](https://github.com/PidgeyL/MISP-Extractor) extracts information from MISP via the API and automate some tasks.
* [IntelMQ](https://github.com/certtools/intelmq) support MISP to retrieve events and update tags.
* [misp-to-autofocus](https://github.com/PaloAltoNetworks/misp-to-autofocus) - script for pulling events from a MISP database and converting them to Autofocus queries.
* [otx_misp](https://github.com/gcrahay/otx_misp/) imports Alienvault OTX pulses to a MISP instance.
* [FireMISP](https://github.com/deralexxx/FireMISP) FireEye Alert json files to MISP Malware information sharing platform (Alpha).
* [cti-toolkit](https://github.com/certau/cti-toolkit)  CERT Australia Cyber Threat Intelligence (CTI) Toolkit includes a transform to MISP from STIX.
* [MISP-IOC-Validator](https://github.com/tom8941/MISP-IOC-Validator/) validates the format of the different IOC from MISP and to remove false positive by comparing these IOC to existing known false positive.
* [TheHive](https://thehive-project.org/) A 3-in-1 Security Incident Response Platform has an extensive MISP support.
* [yara-exporter](https://github.com/BSI-CERT-Bund/yara-exporter) - Exporting MISP event attributes to yara rules usable with Thor apt scanner.
* [tie2misp](https://github.com/DCSO/tie2misp) - Import DCSO TIE IOCs as MISP events.
* [misp-takedown](https://github.com/rommelfs/misp-takedown) - A curses-style interface for automatic takedown notification based on MISP events.
* [OpenDXL-ATD-MISP](https://github.com/mohl1/OpenDXL-ATD-MISP) - Automated threat intelligence collection with McAfee ATD, OpenDXL and MISP.
* [OpenDXL-MISP-IntelMQ-Output](https://github.com/mohl1/OpenDXL-MISP-IntelMQ-Output) - This use case is focusing on the automated real-time threat sharing with MISP (Malware Intelligence Sharing Platform), orchestration tool (IntelMQ) and OpenDXL. IntelMQ is used to collect data from the Malware Intelligence Sharing Platform (MISP), to parse and push intelligence via OpenDXL.
* [BTG](https://github.com/conix-security/BTG) - BTG's purpose is to make fast and efficient search on IOC  including a MISP crawler and collector.
* [ThreatPinchLookup](https://github.com/cloudtracer/ThreatPinchLookup)  - ThreatPinch Lookup creates informational tooltips when hovering oven an item of interest on any website and contains a MISP connector.
* [Automated Payload Test Controller](https://github.com/jymcheong/aptc) - A set of scripts using PyMISP to extend MISP for automated payload testing.
* [MISP Golang](https://github.com/0xrawsec/golang-misp) - Golang Library to interact with your MISP instance.
* [misp-bulk-tag](https://github.com/morallo/misp-bulk-tag) - this script performs bulk tagging operations over MISP.
* [polarity MISP integration](https://github.com/polarityio/misp) - The Polarity MISP integration allows Polarity to search your instance of MISP to return valid information about domains, IPS, and hashes.
* [AIL framework - Framework for Analysis of Information Leaks](https://github.com/CIRCL/AIL-framework) - AIL framework - Framework for Analysis of Information Leaks use MISP to share  found leaks within a threat intelligence platform using MISP standard (objects).
Tools added 2016-08-10 09:13:09 +02:00			`---`
			`layout: page`
			`title: Tools`
			`permalink: /tools/`
			`toc: true`
			`---`

			`## Software and Tools`

			`Many open source and proprietary tools integrate MISP support (MISP format or API) in order to extend their tools`
			`or MISP itself. A series of additional software are supported and handled by the [MISP project](https://www.github.com/MISP).`
			`The additional software supported by the MISP project allow the community to rely on additional tools to support their day-to-day operations. The objective`
			`is also to explore new ideas, concepts or functionality which can be integrated in MISP core software later on.`

STIX-MISP repo added 2016-09-17 13:06:54 +02:00			`### Software within the MISP project`
Tools added 2016-08-10 09:13:09 +02:00
Tools added 2016-08-11 11:46:00 +02:00
			`* [misp-modules](https://github.com/MISP/misp-modules) - Modules for expansion services in MISP`
			`* Passive Total - [doc](http://blog.passivetotal.org/misp-sharing-done-differently/).`
			`* CIRCL Passive DNS - a hover and expansion module to expand hostname and IP addresses with passive DNS information.`
			`* CIRCL Passive SSL - a hover and expansion module to expand IP addresses with the X.509 certificate seen.`
			`* EUPI API Support (Phishing Initiative project).`
			`* IPASN - a hover and expansion to get the BGP ASN of an IP address.`
			`* ASN History - a hover and expansion module to expand an AS number with the ASN description and its history.`
			`* CVE a hover module to give more information about a vulnerability (CVE).`
			`* [misp-workbench](https://github.com/MISP/misp-workbench) - Tools to export data out of the MISP MySQL database and use and abuse them outside of this platform.`
			`* [MISpego](https://github.com/MISP/MISPego) - Maltego Transform to put entities into MISP events.`
			`* [MISP-maltego](https://github.com/MISP/MISP-maltego) - Set of Maltego transforms to inferface with a MISP instance.`
New tools added 2017-04-01 12:12:06 +02:00			`* [PyMISP](https://github.com/CIRCL/PyMISP) - Python library using the MISP Rest API. This is the official library for MISP and can also generate offline MISP events.`
STIX-MISP repo added 2016-09-17 13:06:54 +02:00			`* [MISP-STIX-Converter](https://github.com/MISP/MISP-STIX-Converter) - An utility repo to assist with converting between MISP and STIX formats.`
New tools added 2017-04-01 12:12:06 +02:00			`* [MISP-Taxii-Server](https://github.com/MISP/MISP-Taxii-Server) - An OpenTAXII Configuration for MISP with automatic TAXII to MISP sync.`
mail_to_misp is now a MISP project 2017-05-29 09:52:49 +02:00			`* [mail_to_misp](https://github.com/MISP/mail_to_misp) - Connect your mail client/infrastructure to MISP in order to create events based on the information contained within mails.`
Tools added 2016-08-10 09:13:09 +02:00
Tools updated 2016-08-11 12:05:27 +02:00			`For the additional software created by the MISP project, check our [MISP project organization](https://github.com/MISP/).`

Add rommelfs tools 2017-04-30 10:39:15 +02:00			`### Software or Services with MISP support or Extending MISP functionalities`
Tools added 2016-08-10 09:13:09 +02:00
Tools updated 2016-08-11 12:05:27 +02:00			`* [Viper](http://www.viper.li/) - is a binary management and analysis framework dedicated to malware and exploit researchers including a MISP module.`
			`* [cve-search](https://github.com/cve-search) - a tool to perform local searches for known vulnerabilities include a [MISP plug-in](https://github.com/cve-search/Plugins/tree/master/plugins/plugins/MISP).`
			`* [Cuckoo modified](https://github.com/spender-sandbox/cuckoo-modified) - heavily modified version of Cuckoo Sandbox including a [MISP reporting module](https://github.com/spender-sandbox/cuckoo-modified/blob/master/modules/reporting/misp.py) to put the information into a MISP instance.`
			`* [Hybrid analysis](https://www.hybrid-analysis.com/) exports in MISP format.`
			`* [Joe Sanbox](https://www.joesecurity.org/) outputs analysis in MISP format.`
Loki MISP receiver added 2016-09-04 10:12:52 +02:00			`* [Loki - Simple IOC Scanner](https://github.com/Neo23x0/Loki) includes a MISP receiver.`
More tools added 2016-08-11 14:24:39 +02:00			`* [MISP-Extractor](https://github.com/PidgeyL/MISP-Extractor) extracts information from MISP via the API and automate some tasks.`
			`* [IntelMQ](https://github.com/certtools/intelmq) support MISP to retrieve events and update tags.`
			`* [misp-to-autofocus](https://github.com/PaloAltoNetworks/misp-to-autofocus) - script for pulling events from a MISP database and converting them to Autofocus queries.`
			`* [otx_misp](https://github.com/gcrahay/otx_misp/) imports Alienvault OTX pulses to a MISP instance.`
			`* [FireMISP](https://github.com/deralexxx/FireMISP) FireEye Alert json files to MISP Malware information sharing platform (Alpha).`
			`* [cti-toolkit](https://github.com/certau/cti-toolkit) CERT Australia Cyber Threat Intelligence (CTI) Toolkit includes a transform to MISP from STIX.`
Tool added 2016-08-12 12:20:16 +02:00			`* [MISP-IOC-Validator](https://github.com/tom8941/MISP-IOC-Validator/) validates the format of the different IOC from MISP and to remove false positive by comparing these IOC to existing known false positive.`
TheHive added in the tools 2017-02-19 09:27:40 +01:00			`* [TheHive](https://thehive-project.org/) A 3-in-1 Security Incident Response Platform has an extensive MISP support.`
New tools added 2017-04-01 12:12:06 +02:00			`* [yara-exporter](https://github.com/BSI-CERT-Bund/yara-exporter) - Exporting MISP event attributes to yara rules usable with Thor apt scanner.`
			`* [tie2misp](https://github.com/DCSO/tie2misp) - Import DCSO TIE IOCs as MISP events.`
Add rommelfs tools 2017-04-30 10:39:15 +02:00			`* [misp-takedown](https://github.com/rommelfs/misp-takedown) - A curses-style interface for automatic takedown notification based on MISP events.`
MISP - OpenDXL tools added 2017-05-27 11:03:39 +02:00			`* [OpenDXL-ATD-MISP](https://github.com/mohl1/OpenDXL-ATD-MISP) - Automated threat intelligence collection with McAfee ATD, OpenDXL and MISP.`
			`* [OpenDXL-MISP-IntelMQ-Output](https://github.com/mohl1/OpenDXL-MISP-IntelMQ-Output) - This use case is focusing on the automated real-time threat sharing with MISP (Malware Intelligence Sharing Platform), orchestration tool (IntelMQ) and OpenDXL. IntelMQ is used to collect data from the Malware Intelligence Sharing Platform (MISP), to parse and push intelligence via OpenDXL.`
BTG added 2017-05-27 11:06:22 +02:00			`* [BTG](https://github.com/conix-security/BTG) - BTG's purpose is to make fast and efficient search on IOC including a MISP crawler and collector.`
ThreatPinch Lookup added 2017-05-27 11:08:47 +02:00			`* [ThreatPinchLookup](https://github.com/cloudtracer/ThreatPinchLookup) - ThreatPinch Lookup creates informational tooltips when hovering oven an item of interest on any website and contains a MISP connector.`
Automated Payload Test Controller added 2017-05-27 11:10:35 +02:00			`* [Automated Payload Test Controller](https://github.com/jymcheong/aptc) - A set of scripts using PyMISP to extend MISP for automated payload testing.`
Goland github link fixed 2017-06-30 10:56:40 +02:00			`* [MISP Golang](https://github.com/0xrawsec/golang-misp) - Golang Library to interact with your MISP instance.`
misp-bulk-tag addded 2017-06-17 17:25:33 +02:00			`* [misp-bulk-tag](https://github.com/morallo/misp-bulk-tag) - this script performs bulk tagging operations over MISP.`
Polarity added 2017-09-30 17:04:17 +02:00			`* [polarity MISP integration](https://github.com/polarityio/misp) - The Polarity MISP integration allows Polarity to search your instance of MISP to return valid information about domains, IPS, and hashes.`
AIL added in the tools 2017-12-04 08:13:10 +01:00			`* [AIL framework - Framework for Analysis of Information Leaks](https://github.com/CIRCL/AIL-framework) - AIL framework - Framework for Analysis of Information Leaks use MISP to share found leaks within a threat intelligence platform using MISP standard (objects).`