Mitaka is an OSINT friendly Chrome extension which can:
- Extract & refang IoC from a block of text
- E.g.
example[.]com
toexample.com
- E.g.
- Search / scan it on various engines
- E.g. VirusTotal, urlscan.io, Censys, Shodan, etc.
name | desc. | e.g. |
---|---|---|
text | Freetext | any string(s) |
ip | IPv4 address | 8.8.8.8 |
domain | Domain name | github.com |
url | URL | https://github.com |
Email address | test@test.com |
|
asn | ASN | AS13335 |
hash | md5 / sha1 / sha256 | 44d88612fea8a8f36de82e1278abb02f |
cve | CVE number | CVE-2018-11776 |
btc | BTC address | 1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa |
gaPubID | Google Adsense Publisher ID | pub-9383614236930773 |
gaTrackID | Google Analytics Tracker ID | UA-67609351-1 |
name | url | supported types |
---|---|---|
AbuseIPDB | https://www.abuseipdb.com | ip |
archive.org | https://archive.org/ | url |
BGPView | https://bgpview.io | ip / asn |
BinaryEdge | https://app.binaryedge.io | ip / domain |
BitcoinAbuse | https://www.bitcoinabuse.com | btc |
Blockchain.com | https://www.blockchain.com | btc |
BlockCypher | https://live.blockcypher.com | btc |
Censys | https://censys.io | ip / domain / asn / text |
crt.sh | https://crt.sh | domain |
Cymon | https://cymon.io | ip / domain |
DNSlytics | https://dnslytics.com | ip / domain |
DomainBigData | https://domainbigdata.com | domain |
DomainTools | https://www.domaintools.com | ip / domain |
DomainWatch | https://domainwat.ch | domain / email |
FindSubDomains | https://findsubdomains.com | domain |
FOFA | https://fofa.so | ip / domain |
FortiGuard | https://fortiguard.com | ip / url / cve |
Google Safe Browsing | https://transparencyreport.google.com/ | domain / url |
GreyNoise | https://viz.greynoise.io | ip |
HybridAnalysis | https://www.hybrid-analysis.com | ip / domain / hash (sha256 only) |
Intelligence X | https://intelx.io | ip / domain / url / email / btc |
IPinfo | https://ipinfo.io | ip / asn |
MalShare | https://malshare.com | hash |
Maltiverse | https://www.maltiverse.com | domain / hash |
OOCPR | https://data.occrp.org | |
ONYPHE | https://www.onyphe.io | ip |
OTX | https://otx.alienvault.com | ip / domain / hash |
Pipl | https://pipl.com | |
PubDB | http://pub-db.com | gaPubID / gaTrackID |
PublicWWW | https://publicwww.com | text |
Pulsedive | https://pulsedive.com | ip / domaion / url / hash |
RiskIQ | http://community.riskiq.com | ip / domain / email / gaTrackID |
SecurityTrails | https://securitytrails.com | ip / domain / email |
Shodan | https://www.shodan.io | ip / domain / asn |
Sploitus | https://sploitus.com | cve |
SpyOnWeb | http://spyonweb.com | ip / domain / gaPubID / gaTrackID |
Talos | https://talosintelligence.com | ip / domain |
ThreatCrowd | https://www.threatcrowd.org | ip / domain / email |
ThreatMiner | https://www.threatminer.org | ip / domain / hash |
TIP | https://threatintelligenceplatform.com | ip / domain |
Urlscan | https://urlscan.io | ip / domain / url |
ViewDNS | https://viewdns.info | ip / domain / email |
VirusTotal | https://www.virustotal.com | ip / domain / url / hash |
Vulmon | https://vulmon.com | cve |
VxCube | http://vxcube.com | ip / domain / hash |
WebAnalyzer | https://wa-com.com/ | domain |
X-Force Exchange | https://exchange.xforce.ibmcloud.com | ip / domain / hash |
ZoomEye | https://www.zoomeye.org | ip |
You can enable / disable a search engine via the extension's options.
name | url | supported types |
---|---|---|
Urlscan | https://urlscan.io | ip / domain / url |
VirusTotal | https://www.virustotal.com | url |
The Chrome extension shows context menus based on a type of IoC you selected and then you can choose what you want to search / scan on.
Examples:
Note:
Please set your urlscan.io & VirusTotal API keys in the options page for enabling urlscan.io & VirusTotal scans.
You can enable / disable a search engine on the options page based on your preference.
This Chrome extension requires the following permissions.
Read and change all your data on the websites you visit
:- This extension creates context menus dynamically based on what you select on a website.
- It means this extension requires reading all your data on the websites you visit. (This extension doesn't change anything on the websites)
Display notifications
:- This extension makes a notification when something goes wrong.
I don't (and will never) collect any information from the users.
The chrome extension is written in TypeScript and built by webpack.
TypeScript files will start out in src
directory, run through the TypeScript compiler, then webpack, and end up in JavaScript files in dist
directory.
git clone https://github.com/ninoseki/mitaka.git
cd mitaka
npm install
npm run test
npm run build
For loading an unpacked extension, please follow the procedures described at https://developer.chrome.com/extensions/getstarted.
Mitaka/見たか means "Have you seen it?" in Japanese.