Spaces:
Sleeping
Sleeping
| title: ShadowWatch v2 | |
| emoji: π‘οΈ | |
| colorFrom: green | |
| colorTo: gray | |
| sdk: gradio | |
| app_file: app.py | |
| pinned: true | |
| license: apache-2.0 | |
| tags: | |
| - mcp | |
| - security | |
| - threat-intelligence | |
| - osint | |
| - mcp-server | |
| short_description: Open Source Threat Intelligence - No API Keys | |
| sdk_version: 6.4.0 | |
| # π‘οΈ SHADOWWATCH v2 | |
| **Open Source Threat Intelligence Platform | Cogensec ARGUS** | |
| 100% free threat intelligence using public feeds. No API keys required. | |
| ## β¨ Features | |
| | Tool | Description | | |
| |------|-------------| | |
| | **Indicator Scanner** | Check IPs, domains, URLs against 7+ threat feeds | | |
| | **IOC Extractor** | Extract & analyze IOCs from text, logs, reports | | |
| | **Threat Feeds** | View loaded intelligence from all sources | | |
| ## π‘ Data Sources (All Free) | |
| | Feed | Data Type | Provider | | |
| |------|-----------|----------| | |
| | **URLhaus** | Malicious URLs | abuse.ch | | |
| | **ThreatFox** | IOCs (IPs, domains, hashes) | abuse.ch | | |
| | **FeodoTracker** | Botnet C2 servers | abuse.ch | | |
| | **MalwareBazaar** | Malware hashes | abuse.ch | | |
| | **Spamhaus DROP** | Bad IP ranges | Spamhaus | | |
| | **Emerging Threats** | Compromised IPs | ProofPoint | | |
| | **OpenPhish** | Phishing URLs | OpenPhish | | |
| | **HIBP Breaches** | Breach metadata | HIBP (public) | | |
| ## π MCP Integration | |
| Connect to Claude, Cursor, or any MCP client: | |
| ```json | |
| { | |
| "mcpServers": { | |
| "shadowwatch": { | |
| "url": "https://crypticallyrequie-shadowwatchv2.hf.space/gradio_api/mcp/sse" | |
| } | |
| } | |
| } | |
| ``` | |
| ## π οΈ MCP Tools | |
| ```python | |
| # Scan an indicator | |
| scan_indicator("8.8.8.8", "ip") | |
| scan_indicator("evil-domain.com", "domain") | |
| scan_indicator("https://phishing.site/login", "url") | |
| # Extract IOCs from text | |
| extract_and_analyze_iocs("Found suspicious IP 192.168.1.1 connecting to malware.com...") | |
| # Get feed statistics | |
| get_threat_feed_stats() | |
| ``` | |
| ## π Capabilities | |
| - **Visual Dashboards** - Risk gauges, threat source charts, IOC distributions | |
| - **Real Threat Data** - Live feeds from major threat intel providers | |
| - **IOC Extraction** - Extract IPs, domains, URLs, hashes, emails, CVEs, Bitcoin addresses | |
| - **Automatic Refresh** - Feeds update hourly | |
| - **No Setup Required** - Works immediately, no API keys needed | |
| ## π How It Works | |
| 1. **Threat Feed Manager** downloads and caches public threat feeds | |
| 2. **Indicators are checked** against all loaded feeds | |
| 3. **Risk scores calculated** based on detections across sources | |
| 4. **Visual reports** generated with Plotly charts | |
| --- | |
| *Built by [Cogensec](https://cogensec.com) | AI Security Platform* |