Threatfox Censys is a tool to query Censys Search for IP addresses and domains and then parses the JSON and submits the results to Threatfox.
create-fingerprint commandfingerprints.yamlscan commandcensys and the autonomous system nameYou will need to install poetry on Python 3.10.
curl -sSL https://install.python-poetry.org | python3 -
Clone the repository.
git clone https://github.com/censys-workshop/threatfox-censys.git
Then install the dependencies.
poetry install
Then you will need to copy the .env.example file to .env and add your Censys API ID and Secret as well as your Threatfox API key (from https://auth.abuse.ch/). Also make sure to set the DATABASE_URL to your database.
cp .env.example .env
Then you will need to run the database migrations.
poetry run threatfox-censys database-migrations
Scan Censys Search for IoCs and submit them to ThreatFox.
poetry run threatfox-censys scan
You can also post the results to Mastodon. Make sure to set the MASTODON_API_URL and MASTODON_ACCESS_TOKEN environment variables. It will post a toot for each IoC found. Simply create a Mastodon app and get the access token.
Prompt the user to create a fingerprint for an IoC.
poetry run threatfox-censys create-fingerprint
Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.
poetry run pytest
poetry run flake8
poetry run black .
poetry run isort .
poetry run pyupgrade --py310-plus threatfox_censys/*.py scripts/*.py
Threatfox Censys is licensed under the MIT license.