Tools

Under Construction

This section lists various tools and platforms that enable pivoting. Every tool allows analysts to perform different types of pivots on different types of data, and analysts must usually utilize multiple tools in order to conduct full-scale investigations. This aspect of analysis can be observed in the comparison table below, which demonstrates that no single tool is sufficient for all types of pivots.

Overview

	WHOIS	DNS Hist.	Hosts	Certs	URLs	Samples	Sandbox	Code Sim.	Code	Netflow	Enrich
DNSChecker
MXToolBox
Whoxy
SecurityTrails
DomainTools
RiskIQ
Driftnet
Silent Push
Spamhaus
ZETAlytics
Validin
Shodan
Censys
BinaryEdge
FOFA
Hunt.io
ZoomEye
crt.sh
URLScan
PublicWWW
Internet Archive
VirusTotal
MalShare
MalwareBazaar
HybridAnalysis
any.run
ThreatFox
Intezer Analyse
GitHub Search
Team Cymru
Cortex
Yeti
IntelOwl
Vertex Synapse
Maltego

Automation

Enrichment

Enrichment tools such as Yeti often serve a dual purpose of knowledge management and automatic querying of metadata about artifacts.

Certificate metadata

Registered certificates

Certificate transparency log aggregators such as crt.sh allow querying for metadata related to registered TLS certificates.

Observed certificates

Many host scanning tools provide certificate metadata sourced from the servers hosting them.

Source code scanners

Source code repositories such as GitHub allow querying for code snippets, which can be useful for identifying malware source code.

DNS data

WHOIS Lookup

[...]

DNS History / Passive DNS

[...]

Netflow aggregation

[...]

Host scanners

[...]

URL Scanners

[...]

Malware zoos

Sample repositories

[...]

Sandboxes

[...]

Code similarity scanners

[...]