Spaces:
Sleeping
Sleeping
File size: 2,514 Bytes
8d77fcb dc302ac 8d77fcb 18c456e dc302ac 18c456e 8d77fcb dc302ac 8d77fcb dc302ac 8d77fcb dc302ac 8d77fcb dc302ac 8d77fcb dc302ac 8d77fcb dc302ac 8d77fcb dc302ac 8d77fcb dc302ac 8d77fcb dc302ac 8d77fcb dc302ac 8d77fcb dc302ac 8d77fcb dc302ac 8d77fcb dc302ac 8d77fcb dc302ac 8d77fcb dc302ac 8d77fcb dc302ac 8d77fcb dc302ac |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 |
---
title: ShadowWatch v2
emoji: 🛡️
colorFrom: green
colorTo: gray
sdk: gradio
app_file: app.py
pinned: true
license: apache-2.0
tags:
- mcp
- security
- threat-intelligence
- osint
- mcp-server
short_description: Open Source Threat Intelligence - No API Keys
sdk_version: 6.4.0
---
# 🛡️ SHADOWWATCH v2
**Open Source Threat Intelligence Platform | Cogensec ARGUS**
100% free threat intelligence using public feeds. No API keys required.
## ✨ Features
| Tool | Description |
|------|-------------|
| **Indicator Scanner** | Check IPs, domains, URLs against 7+ threat feeds |
| **IOC Extractor** | Extract & analyze IOCs from text, logs, reports |
| **Threat Feeds** | View loaded intelligence from all sources |
## 📡 Data Sources (All Free)
| Feed | Data Type | Provider |
|------|-----------|----------|
| **URLhaus** | Malicious URLs | abuse.ch |
| **ThreatFox** | IOCs (IPs, domains, hashes) | abuse.ch |
| **FeodoTracker** | Botnet C2 servers | abuse.ch |
| **MalwareBazaar** | Malware hashes | abuse.ch |
| **Spamhaus DROP** | Bad IP ranges | Spamhaus |
| **Emerging Threats** | Compromised IPs | ProofPoint |
| **OpenPhish** | Phishing URLs | OpenPhish |
| **HIBP Breaches** | Breach metadata | HIBP (public) |
## 🔗 MCP Integration
Connect to Claude, Cursor, or any MCP client:
```json
{
"mcpServers": {
"shadowwatch": {
"url": "https://crypticallyrequie-shadowwatchv2.hf.space/gradio_api/mcp/sse"
}
}
}
```
## 🛠️ MCP Tools
```python
# Scan an indicator
scan_indicator("8.8.8.8", "ip")
scan_indicator("evil-domain.com", "domain")
scan_indicator("https://phishing.site/login", "url")
# Extract IOCs from text
extract_and_analyze_iocs("Found suspicious IP 192.168.1.1 connecting to malware.com...")
# Get feed statistics
get_threat_feed_stats()
```
## 📊 Capabilities
- **Visual Dashboards** - Risk gauges, threat source charts, IOC distributions
- **Real Threat Data** - Live feeds from major threat intel providers
- **IOC Extraction** - Extract IPs, domains, URLs, hashes, emails, CVEs, Bitcoin addresses
- **Automatic Refresh** - Feeds update hourly
- **No Setup Required** - Works immediately, no API keys needed
## 🔒 How It Works
1. **Threat Feed Manager** downloads and caches public threat feeds
2. **Indicators are checked** against all loaded feeds
3. **Risk scores calculated** based on detections across sources
4. **Visual reports** generated with Plotly charts
---
*Built by [Cogensec](https://cogensec.com) | AI Security Platform* |