Hugging Face's logo

Spaces:
CrypticallyRequie
/
ShadowWatchv2
Sleeping

App Files Community
ShadowWatchv2 / README.md
CrypticallyRequie's picture
CrypticallyRequie
Update README.md
18c456e verified
preview code
|
raw
history blame contribute delete
2.51 kB

A newer version of the Gradio SDK is available: 6.5.1

Upgrade
metadata 
title: ShadowWatch v2
emoji: πŸ›‘οΈ
colorFrom: green
colorTo: gray
sdk: gradio
app_file: app.py
pinned: true
license: apache-2.0
tags:
  - mcp
  - security
  - threat-intelligence
  - osint
  - mcp-server
short_description: Open Source Threat Intelligence - No API Keys
sdk_version: 6.4.0

πŸ›‘οΈ SHADOWWATCH v2

Open Source Threat Intelligence Platform | Cogensec ARGUS

100% free threat intelligence using public feeds. No API keys required.

✨ Features

Tool Description
Indicator Scanner Check IPs, domains, URLs against 7+ threat feeds
IOC Extractor Extract & analyze IOCs from text, logs, reports
Threat Feeds View loaded intelligence from all sources

πŸ“‘ Data Sources (All Free)

Feed Data Type Provider
URLhaus Malicious URLs abuse.ch
ThreatFox IOCs (IPs, domains, hashes) abuse.ch
FeodoTracker Botnet C2 servers abuse.ch
MalwareBazaar Malware hashes abuse.ch
Spamhaus DROP Bad IP ranges Spamhaus
Emerging Threats Compromised IPs ProofPoint
OpenPhish Phishing URLs OpenPhish
HIBP Breaches Breach metadata HIBP (public)

πŸ”— MCP Integration

Connect to Claude, Cursor, or any MCP client:

{
  "mcpServers": {
    "shadowwatch": {
      "url": "https://crypticallyrequie-shadowwatchv2.hf.space/gradio_api/mcp/sse"
    }
  }
}

πŸ› οΈ MCP Tools 

# Scan an indicator
scan_indicator("8.8.8.8", "ip")
scan_indicator("evil-domain.com", "domain")
scan_indicator("https://phishing.site/login", "url")

# Extract IOCs from text
extract_and_analyze_iocs("Found suspicious IP 192.168.1.1 connecting to malware.com...")

# Get feed statistics
get_threat_feed_stats()

πŸ“Š Capabilities

  • Visual Dashboards - Risk gauges, threat source charts, IOC distributions
  • Real Threat Data - Live feeds from major threat intel providers
  • IOC Extraction - Extract IPs, domains, URLs, hashes, emails, CVEs, Bitcoin addresses
  • Automatic Refresh - Feeds update hourly
  • No Setup Required - Works immediately, no API keys needed

πŸ”’ How It Works

  1. Threat Feed Manager downloads and caches public threat feeds
  2. Indicators are checked against all loaded feeds
  3. Risk scores calculated based on detections across sources
  4. Visual reports generated with Plotly charts

Built by Cogensec | AI Security Platform