SkillAgentSearch skills...

Cyberbro

A simple application that extracts your IoCs from garbage input and checks their reputation using multiple CTI services.

GenerateConvertImprove

Install / Use

/learn @stanfrbd/Cyberbro
About this skill

Quality Score

0/100

Supported Platforms

Universal

README

<h1 align="center">Cyberbro</h1> <p align="center"> <img src="https://github.com/user-attachments/assets/5e5a4406-99c1-47f1-a726-de176baa824c" width="90" /><br /> <b><i>A simple application that extracts your IoCs from garbage input and checks their reputation using multiple services.</i></b> <br /> <b>🌐 <a href="https://demo.cyberbro.net/">demo.cyberbro.net</a></b><br /> </p>
<p align="center"> <a href="https://github.com/stanfrbd/cyberbro/stargazers"> <img src="https://img.shields.io/github/stars/stanfrbd/cyberbro?style=social" alt="GitHub stars"> </a> <a href="https://x.com/cyberbro_cti"> <img src="https://img.shields.io/twitter/follow/cyberbro_cti?style=social" alt="Follow on X/Twitter"> </a> <a href="https://infosec.exchange/@cyberbro"> <img src="https://img.shields.io/badge/Follow_@cyberbro-23-blue?logo=mastodon" alt="Mastodon"> </a> <a href="https://github.com/stanfrbd/cyberbro/issues"> <img src="https://img.shields.io/github/issues/stanfrbd/cyberbro" alt="GitHub issues"> </a> <a href="https://github.com/stanfrbd/cyberbro/blob/main/LICENSE"> <img src="https://img.shields.io/github/license/stanfrbd/cyberbro" alt="License"> </a> <a href="https://github.com/stanfrbd/cyberbro/actions/workflows/jobs.yml"> <img src="https://github.com/stanfrbd/cyberbro/actions/workflows/jobs.yml/badge.svg" alt="build and test badge"> </a> <a href="https://github.com/stanfrbd/cyberbro/actions/workflows/pre-commit-validation.yml"> <img src="https://github.com/stanfrbd/cyberbro/actions/workflows/pre-commit-validation.yml/badge.svg" alt="pre-commit validation badge"> </a> <a href="https://www.python.org/"> <img src="https://img.shields.io/badge/Python-3.13-blue?logo=python" alt="Python"> </a> </p>

About

Inspired by Cybergordon and IntelOwl.

This project aims to provide a simple and efficient way to check the reputation of your observables using multiple services, without having to deploy a complex solution. Read the docs at https://docs.cyberbro.net/

[!TIP] To build custom reports, use Cyberbro with your favorite LLM (Claude, OpenAI gpt-5...) via MCP (Model Context Protocol)
Checkout Cyberbro MCP for more information.

Demo

graph_demo

Features

  • Easy Input: Paste raw logs or IoCs-automatic parsing and extraction.
  • Multi-Service Checks: Reputation lookup for IPs, hashes, domains, URLs, and Chrome extension IDs across many threat intel services.
  • Comprehensive Reports: Advanced search, filtering, and export to CSV/Excel.
  • Fast Processing: Multithreaded for speed.
  • Automated Pivoting: Discover related domains, URLs, and IPs via reverse DNS and RDAP / Whois.
  • Accurate Domain & Abuse Info: RDAP / Whois and abuse contact lookups.
  • Integrations: Microsoft Defender for Endpoint, CrowdStrike, OpenCTI, Grep.App, Hudson Rock, and more.
  • Proxy & Storage: Proxy support and results stored in SQLite.
  • History & Graphs: Analysis history and experimental graph view.
  • Cache: Caching for faster repeat lookups (enabled at multi-engines level, not each engine).

What Makes Cyberbro Unique

  • Beginner-Friendly: Accessible for all skill levels.
  • Chrome Extension ID Lookup: Get extension names and CTI data from IDs.
  • Lightweight Deployment: Simple setup and use.
  • Advanced TLD Extraction: Accurate root domain detection for better lookups.
  • Pragmatic Data Gathering: Uses GitHub and Google to find overlooked IoCs.
  • CTI Report Integration: Fetches IoC-related reports from IoC.One.
  • EDR Integration: Checks observables against your own security tools (MDE, CrowdStrike).

Getting Started - TL;DR

[!TIP] If you are lazy, you need Docker.
Do a git clone ; copy .env.sample to .env ; docker compose up then go to localhost:5000. Yep, that's it!

Getting Started

  • To get started, clone the repository
git clone https://github.com/stanfrbd/cyberbro
cd cyberbro

Edit the config file (mandatory)

cp .env.sample .env

[!NOTE] Don't have API keys? No problem, just copy .env.sample to .env and leave optional values empty. Be careful if a proxy is used.
You will be able to use all free engines!

  • Fill values (including proxy if needed) in the .env file.

[!WARNING] .env contains sensitive secrets and must never be committed. For production/team deployments, use SOPS, Vault, or an equivalent secret manager workflow.

ABUSEIPDB=token_here
ALIENVAULT=token_here
CRIMINALIP_API_KEY=token_here
CROWDSTRIKE_CLIENT_ID=client_id_here
CROWDSTRIKE_CLIENT_SECRET=client_secret_here
DFIR_IRIS_API_KEY=token_here
DFIR_IRIS_URL=https://dfir-iris.local
GOOGLE_CSE_CX=cx_here
GOOGLE_CSE_KEY=key_here
GOOGLE_SAFE_BROWSING=token_here
IPAPI=token_here
IPINFO=token_here
MDE_CLIENT_ID=client_id_here
MDE_CLIENT_SECRET=client_secret_here
MDE_TENANT_ID=tenant_here
MISP_API_KEY=token_here
MISP_URL=https://misp.local
OPENCTI_API_KEY=token_here
OPENCTI_URL=https://demo.opencti.io
PROXY_URL=
RL_ANALYZE_API_KEY=token_here
RL_ANALYZE_URL=https://spectra_analyse_url_here
ROSTI_API_KEY=token_here
SHODAN=token_here
SPUR_US=token_here
THREATFOX=token_here
VIRUSTOTAL=token_here
WEBSCOUT=token_here

[!IMPORTANT] Starting with version v0.13.0, Cyberbro no longer supports secrets.json and the /config page. Cf. discussion 165.
If you already have a legacy secrets.json, convert it to .env with: python3 scripts/secrets_json_to_env.py

See Advanced options for deployment in the docs.

Launch the app

Lazy and easy - use docker

[!WARNING] Make sure you install the compose plugin as docker compose and not docker-compose. In Docker, the app binds to 0.0.0.0 inside the container even if your local .env sets FLASK_HOST=127.0.0.1.

docker compose up # use -d to run in background and use --build to rebuild the image
  • Go to http://127.0.0.1:5000 and Enjoy.

Don't forget to edit .env before building the image.

See Advanced options for deployment in the docs to get all Docker deployment options.

The old way

  • Clone the repository and install the requirements.

You might want to create a venv before installing the dependencies.

pip install -r requirements.txt
  • Run the app with gunicorn (clean mode).
gunicorn -c prod/gunicorn.conf.py app:app
  • Run the app with in development mode.
python3 app.py

Screenshots

<details> <summary>See all screenshots</summary> <img width="1897" height="909" alt="image" src="https://github.com/user-attachments/assets/8f8da960-e42f-4357-80a0-eb5366b04686" /> <img width="1883" height="907" alt="image" src="https://github.com/user-attachments/assets/f6dd920a-884f-47a4-b862-8f3361b0c2f6" /> <img width="1887" height="906" alt="image" src="https://github.com/user-attachments/assets/8bfe69af-3a9e-4e85-a38c-eb8821f1182e" /> </details> <img width="1788" height="1536" alt="image" src="https://github.com/user-attachments/assets/a5206515-2f5e-44db-bc50-384144c62021" /> <img width="1873" height="900" alt="image" src="https://github.com/user-attachments/assets/7588ade2-9347-4497-8edd-37c5fbd8cce3" />

[!CAUTION] If you intend to use this in a production environment, use well configured Reverse Proxy + WAF to prevent security issues.

Cyberbro browser extension

<p> <a href="https://addons.mozilla.org/addon/cyberbro-analyzer/"><img src="https://user-images.githubusercontent.com/585534/107280546-7b9b2a00-6a26-11eb-8f9f-f95932f4bfec.png" alt="Get Cyberbro Analyzer for Firefox"></a> <a href="https://chromewebstore.google.com/detail/cyberbro-analyzer/nfcfigpaollodajabegcdobhmgaclbbm"><img src="https://user-images.githubusercontent.com/585534/107280622-91a8ea80-6a26-11eb-8d07-77c548b28665.png" alt="Get Cyberbro Analyzer for Chromium"></a> <a href="https://microsoftedge.microsoft.com/addons/detail/cyberbro-analyzer/lbponbmcggcepflackehgpbceehagiam"><img src="https://user-images.githubusercontent.com/585534/107280673-a5ece780-6a26-11eb-9cc7-9fa9f9f81180.png" alt="Get Cyberbro Analyzer for Microsoft Edge"></a> </p>

Cyberbro API

  • The API is available at /api/ and can be accessed via the GUI or command-line.

There are currently 3 endpoints:

  • /api/analyze - Analyze a text and return analysis ID (JSON).
  • /api/is_analysis_complete/<analysis_id> - Check if the analysis is complete (JSON).
  • /api/results/<analysis_id> - Retrieve the results of a previous analysis (JSON).
curl -X POST "http://localhost:5000/api/analyze" -H "Content-Type: application/json" -d '{"text": "cyberbro.net", "engines": ["reverse_dns", "rdap_whois"]}'

{
  "analysis_id": "e88de647-b153-4904-91e5-8f5c79174854",
  "link": "/results/e88de647-b153-4904-91e5-8f5c79174854"
}

curl "http://localhost:5000/api/is_analysis_complete/e88de647-b153-4904-91e5-8f5c79174854"

{
  "complete": true
}

curl "http://localhost:5000/api/results/e88de647-b153-4904-91e5-8f5c79174854"

[
  {
    "observable": "cyberbro.net",
    "rdap_whois": {
      "abuse_contact": "registrar-abuse@cloudflare.com",
      "creation_date": "2024-12-20",
      "data_source": "rdap",
      "emails": [
        "registrar-abuse@cloudflare.com"
      ],
      "expiration_date": "2026-12-20",
      "link": "https://rdap.verisign.com/net/v1/domain/CYBERBRO.NET",
      "name_servers": [
        "anderson.ns.cloudflare.com",
        "lisa.ns.cloudflare.com"

stanfrbd

View profile

View on GitHub
GitHub Stars621
CategoryDevelopment
Updated22h ago
Forks58
stanfrbd/cyberbro

Languages

Python

Security Score

100/100

Audited on Apr 7, 2026

No findings