Spaces:

CrypticallyRequie
/

ShadowWatchv2

Sleeping

App Files Files Community

CrypticallyRequie commited on 17 days ago

Commit

dc302ac

verified ·

1 Parent(s): 56921f3

Update README.md

Browse files

Files changed (1) hide show

README.md +51 -39

README.md CHANGED Viewed

@@ -1,5 +1,5 @@
 ---
-title: ShadowWatch
 emoji: 🛡️
 colorFrom: green
 colorTo: gray
@@ -8,73 +8,85 @@ app_file: app.py
 pinned: true
 license: apache-2.0
 tags:
-- mcp
-- security
-- dark-web
-- threat-intelligence
-- osint
-short_description: Dark Web Intelligence Platform with MCP Tools
-sdk_version: 6.4.0
 ---
-# 🛡️ SHADOWWATCH
-**Dark Web Intelligence Platform | Cogensec ARGUS**
-Real-time dark web monitoring and threat intelligence for security operations. MCP-enabled tools for integration with AI assistants.
-## 🔧 MCP Tools
 | Tool | Description |
 |------|-------------|
-| `deep_scan` | Crawl marketplaces, forums, and paste sites for threat intelligence |
-| `credential_trace` | Search breach databases for credential exposure |
-| `chatter_analysis` | Monitor dark web discussions for specific keywords |
-| `identity_alert` | Check for PII exposure and impersonation attempts |
-| `generate_threat_report` | Create comprehensive threat intelligence reports |
-## 🔗 Integration
-### Connect to Claude Desktop, Cursor, or any MCP Client
 ```json
 {
   "mcpServers": {
     "shadowwatch": {
-      "url": "https://crypticallyrequie-shadowwatch.hf.space/gradio_api/mcp/sse"
     }
   }
 }
 ```
-### Python Client
 ```python
-from gradio_client import Client
-client = Client("CrypticallyRequie/shadowwatch")
-# Deep scan for threats
-result = client.predict(
-    target="acme.com",
-    scan_type="comprehensive",
-    api_name="/deep_scan"
-)
 ```
-## 📊 Features
-- **Dark Web Scanning** - 50+ marketplaces, forums, and channels
-- **Credential Monitoring** - Known breach databases and combolists
-- **Chatter Analysis** - Real-time mention tracking with sentiment
-- **Identity Protection** - PII exposure and impersonation detection
-- **Threat Reports** - Executive and technical intelligence reports
-## 🏗️ Built With
-- [Gradio](https://gradio.app) - Interface & MCP Server
-- [Cogensec CASF](https://cogensec.com) - AI Security Framework
 ---
-*Built by [Cogensec](https://cogensec.com) - Protecting organizations from dark web threats*

 ---
+title: ShadowWatch v2
 emoji: 🛡️
 colorFrom: green
 colorTo: gray
 pinned: true
 license: apache-2.0
 tags:
+  - mcp
+  - security
+  - threat-intelligence
+  - osint
+  - mcp-server
+short_description: Open Source Threat Intelligence - No API Keys
 ---
+# 🛡️ SHADOWWATCH v2
+**Open Source Threat Intelligence Platform | Cogensec ARGUS**
+100% free threat intelligence using public feeds. No API keys required.
+## ✨ Features
 | Tool | Description |
 |------|-------------|
+| **Indicator Scanner** | Check IPs, domains, URLs against 7+ threat feeds |
+| **IOC Extractor** | Extract & analyze IOCs from text, logs, reports |
+| **Threat Feeds** | View loaded intelligence from all sources |
+## 📡 Data Sources (All Free)
+| Feed | Data Type | Provider |
+|------|-----------|----------|
+| **URLhaus** | Malicious URLs | abuse.ch |
+| **ThreatFox** | IOCs (IPs, domains, hashes) | abuse.ch |
+| **FeodoTracker** | Botnet C2 servers | abuse.ch |
+| **MalwareBazaar** | Malware hashes | abuse.ch |
+| **Spamhaus DROP** | Bad IP ranges | Spamhaus |
+| **Emerging Threats** | Compromised IPs | ProofPoint |
+| **OpenPhish** | Phishing URLs | OpenPhish |
+| **HIBP Breaches** | Breach metadata | HIBP (public) |
+## 🔗 MCP Integration
+Connect to Claude, Cursor, or any MCP client:
 ```json
 {
   "mcpServers": {
     "shadowwatch": {
+      "url": "https://crypticallyrequie-shadowwatchv2.hf.space/gradio_api/mcp/sse"
     }
   }
 }
 ```
+## 🛠️ MCP Tools
 ```python
+# Scan an indicator
+scan_indicator("8.8.8.8", "ip")
+scan_indicator("evil-domain.com", "domain")
+scan_indicator("https://phishing.site/login", "url")
+# Extract IOCs from text
+extract_and_analyze_iocs("Found suspicious IP 192.168.1.1 connecting to malware.com...")
+# Get feed statistics
+get_threat_feed_stats()
 ```
+## 📊 Capabilities
+- **Visual Dashboards** - Risk gauges, threat source charts, IOC distributions
+- **Real Threat Data** - Live feeds from major threat intel providers
+- **IOC Extraction** - Extract IPs, domains, URLs, hashes, emails, CVEs, Bitcoin addresses
+- **Automatic Refresh** - Feeds update hourly
+- **No Setup Required** - Works immediately, no API keys needed
+## 🔒 How It Works
+1. **Threat Feed Manager** downloads and caches public threat feeds
+2. **Indicators are checked** against all loaded feeds
+3. **Risk scores calculated** based on detections across sources
+4. **Visual reports** generated with Plotly charts
 ---
+*Built by [Cogensec](https://cogensec.com) | AI Security Platform*