This project has been moved into github.com/khulnasoft-lab/reconpoint - all packages or their equivalents can be found there instead
Unified Threat Intelligence Management Platform
Query malware, IPs, domains, and more — across multiple sources — with a single API request.
Do you want threat intelligence data about malware, IP addresses, or domains?
Do you want to retrieve this from multiple sources simultaneously through one simple API call?
You’re in the right place!
ThreatMatrix is an Open Source solution designed to manage Threat Intelligence at scale.
It integrates many online analyzers and cutting-edge malware analysis tools — all in one place.
- ⚡ Scalable & Fast: Built to scale out and speed up threat data retrieval.
- 🧩 Rich Enrichment: Enrich files and observables (IP, domain, URL, hash, etc.) with comprehensive intel.
- 🔗 REST APIs: Fully-fledged, Python & Django-based REST APIs for seamless integration.
- 🤖 Automation Ready: Automate workflows typically done manually by SOC analysts using official client libraries:
- 🖥️ Built-in GUI: Dashboard, visualizations, and easy forms to request analysis.
- 🧱 Modular Framework:
- Plugins powering the platform:
- Analyzers: Query external sources (VirusTotal, AbuseIPDB) or run internal tools (Yara, Oletools)
- Connectors: Export data to MISP, OpenCTI, and others
- Pivots: Automate chaining of analyses
- Visualizers: Custom GUI visualizations
- Ingestors: Automatic data ingestion from streams
- Playbooks: Repeatable, automated analysis workflows
- Data Models: Normalize data from diverse analyzers into a common schema
- Plugins powering the platform:
- 🕵️♂️ Investigation Hub: Register findings, correlate intel, and collaborate in a single place.
Explore the repo, install the platform, and start scaling your threat intelligence workflows!
Made with ❤️ by the ThreatMatrix Team
