Fileintel – Application to Pull Malicious Files Intelligence

Fileintel is a tool used to collect various intelligence sources for a given file. The tool is written in a modular fashion so new intelligence sources can be easily added.

Files with Fileintel are identified by file hash (MD5, SHA1, SHA256). The output is in CSV format and sent to STDOUT so the data can be saved or piped into another program. Since the output is in CSV format, spreadsheets such as Excel or database systems will easily be able to import the data.

Fileintel - Modular Application to Pull Intelligence about Malicious Files
Fileintel – Modular Application to Pull Intelligence about Malicious Files

The tool allow to add Threat intel resources as required while current supported resources include:

  • VirusTotal (Public API key and network I/O required, throttled when appropriate)
  • NSRL Database
  • ThreatCrowd (Network I/O required, throttled when appropriate)
  • OTX by AlienVault (API key and network I/O required)
  • ThreatExpert (Network I/O required)

You can read more and download this tool over here: https://github.com/keithjjones/fileintel

Share