Ahtapot
Chrome extension for fast and secure IOC analysis with multiple threat intelligence providers.
Install / Use
/learn @abdullahcicekli/AhtapotREADME
Ahtapot - IOC Analysis Extension
Fast and secure analysis of Indicators of Compromise (IOC) directly in your browser
Website | Features | Installation | Usage | Privacy | Development | API Keys | Versioning
</div>🎉 What's New in v3.0.0
Major Release - AI-Powered Threat Intelligence (December 4, 2025)
This is a major release bringing AI-powered analysis, new threat intelligence providers, and a complete UI overhaul.
🤖 AI Integration
- 3 AI Providers - Claude (Anthropic), Gemini (Google), GPT-4o (OpenAI)
- 3 Analysis Modes - Summary (quick triage), Analysis (escalation), Detailed (investigation)
- Structured Responses - Consistent JSON output with verdict, risk level, confidence scores
- Smart Caching - Language-aware AI result caching with 24-hour expiry
- Export Options - Copy as Markdown, Export as PNG image
🔌 New Providers (Since 2.3.2)
- URLhaus - Malicious URL database by abuse.ch (unlimited free)
- Pulsedive - Threat intelligence with risk scoring (250 req/day free)
- Scamalytics - IP fraud detection (5,000 credits/month free)
🎨 Complete UI Overhaul
- Fresh Color Palette - Lime green accent (#C7F54D), coral red danger (#E63946)
- Responsive Design - Mobile-optimized action buttons and layouts
- Drag-and-Drop Provider Order - Customize how providers appear
- Modern Result Cards - Enhanced UI for all providers
AI Providers (3 Providers)
Claude (Sonnet 4) | Gemini (2.0 Flash) | GPT-4o (Mini)
Active Threat Intelligence Providers (10 Providers)
VirusTotal | OTX AlienVault | AbuseIPDB | MalwareBazaar | ARIN | Shodan | GreyNoise | URLhaus | Pulsedive | Scamalytics
- Smart API Usage - Only queries providers supporting the IOC type
- Rate Limit Protection - Confirmation system for GreyNoise and Shodan
- No API Key Required - ARIN WHOIS & URLhaus (always available)
View Complete Changelog - Full version history and detailed release notes
Features
Intelligent IOC Detection
Automatically detects and analyzes various types of security indicators:
<table> <tr> <td><strong>Network</strong></td> <td>IPv4/IPv6 addresses, Domains, URLs</td> </tr> <tr> <td><strong>Hashes</strong></td> <td>MD5, SHA1, SHA256 file hashes</td> </tr> <tr> <td><strong>Identity</strong></td> <td>Email addresses, CVE numbers</td> </tr> <tr> <td><strong>Crypto</strong></td> <td>Bitcoin, Ethereum addresses</td> </tr> </table>Lightning Fast Workflow
- Select any text on any webpage
- Floating button appears instantly
- One-click analysis
- Results in beautiful side panel
Multiple Threat Intelligence Sources
| Service | Purpose | Rate Limit | |---------|---------|------------| | VirusTotal | Malware & URL scanning | 4 req/min (free) | | OTX AlienVault | Threat intelligence & IOC pulses | 10,000 req/day | | AbuseIPDB | IP reputation & abuse reports | 1,000 req/day (free) | | MalwareBazaar | Malware hash database & sample repository | No strict limit (free) | | ARIN | IP WHOIS & network registration | 15 req/min (no key required) | | Shodan | Device search & vulnerability scanning | 100 results/month (free) * | | GreyNoise | Internet noise detection & classification | 50 searches/week (free) * | | URLhaus | Malicious URL & malware distribution database | Unlimited (free) | | Pulsedive | Threat intelligence with IOC enrichment | 250 req/day (free) | | Scamalytics | IP fraud score & scam detection | 5,000 credits/month (free) |
Note: Rate-limited providers include confirmation system to protect your quota
Smart Provider Matching
- Real-time Support Detection - Each IOC shows compatible providers via badges
- Optimized API Calls - Only queries providers that support the IOC type
- No Wasted Requests - Saves API rate limits by skipping unsupported types
- Clear Messaging - Informative explanations when providers don't support an IOC type
Modern & Intuitive Interface
- Google Translate-style floating button
- Tab-based provider results - Switch between all providers seamlessly (VirusTotal, OTX, AbuseIPDB, MalwareBazaar, ARIN, Shodan, GreyNoise)
- Provider support badges - See which providers support each IOC at a glance
- Informative empty states - Clear explanations when providers don't support an IOC type
- Clean, professional design
- Dark mode optimized
- Smooth animations
- Non-intrusive UX
Privacy First
- All API keys stored locally on your device
- No data collection or tracking
- Secure HTTPS connections only
- Optional caching with configurable retention
- Open source and transparent
- Content Security Policy compliant
- Read our Privacy Policy | Gizlilik Politikasi (TR)
Installation
Visit our website: ahtapot.me for detailed installation guides and documentation
From Chrome Web Store (Recommended)
The easiest way to install Ahtapot:
- Visit the Chrome Web Store
- Click "Add to Chrome"
- Confirm the permissions
- Start analyzing IOCs!
From Source
# Clone the repository
git clone https://github.com/yourusername/ahtapot-extension.git
cd ahtapot-extension
# Install dependencies
npm install
# Build the extension
npm run build
Load in Chrome
- Open Chrome and navigate to
chrome://extensions - Enable "Developer mode" (top-right corner)
- Click "Load unpacked"
- Select the
distfolder from the project directory
Privacy
We take your privacy seriously. Here's what you need to know:
What We Store (Locally Only)
- API Keys: Stored securely on your device using Chrome's encrypted storage
- Cached Results: Previously analyzed IOCs (optional, user-configurable retention period)
- User Preferences: Language selection and settings
What We DON'T Do
- No Tracking: Zero analytics or telemetry
- No Servers: We don't operate any servers
- No Data Transmission: Nothing leaves your device except API calls to security services
- No Sale of Data: Your data is yours, period
- No Third-Party Sharing: Only you and the security APIs you configure
Cache Management
- Configure how long analyzed IOCs are kept (1-30 days, default: 7 days)
- Automatic cleanup of old cached data
- Manual cache clearing anytime
- All cached data stored locally only
Full Privacy Policy
Read the complete privacy policy:
Usage
Quick Start Guide
1. Configure Settings
- Click the Ahtapot extension icon → Settings
- General Settings Tab:
- Choose your language (English/Türkçe)
- Configure cache retention period (optional)
- API Keys Tab:
- Add your API keys for enhanced analysis
- See API Keys section for how to obtain them
2. Analyze IOCs
Choose your preferred method:
Method A: Text Selection
1. Select text containing IOCs on any webpage
2. Floating button appears automatically
3. Click "Analyze" button
4. View results in side panel
Method B: Context Menu
1. Select text with IOCs
2. Right-click → "Analyze with Ahtapot"
3. Results appear in side panel
Method C: Manual Entry
1. Click extension icon → Open side panel
2. Paste IOCs into text area
3. Click "Detect IOCs" → "Analyze"
3. Interpret Results
Results are color-coded for quick threat assessment:
- Safe - No threats detected (green)
- Suspicious - Potential threat, investigate further (yellow)
- Malicious - Confirmed threat, take action (red)
- Unknown - Insufficient data for assessment (gray)
AI-Powered Analysis
Ahtapot integrates with leading AI providers to deliver intelligent IOC analysis. Get instant verdicts, risk assessments, and actionable recommendations.
Supported AI Providers
| Provider | Model | Best For | |----------|-------|----------| | Claude | Claude Sonnet 4 | Advanced reasoning, detailed analysis | | Gemini | Gemini 2.0 Flash | Fast analysis, free tier available | | GPT-4o | GPT-4o Mini | Balanced performance, cost-effective |
AI Analysis Modes
IOC analysis results can be presented in 3 different modes. Each mode is optimized for different use cases and SOC levels.
| Feature | Summary | Analysis | Detailed | |---------|---------|----------|----------| | Target Audience | L1 Triage | L1/L2 Handoff | L2/L3 + IR Team | | Word Count | ~200 | 400-600 | 800-1200 | | Read Time | 10 sec | 1-2 min | 3-5 min | | Use Case | Quick triage decision | Escalation decision | Full investigation | | MITRE ATT&CK
