Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Analyzer] Tor_Nodes_DanMeUk #1886

Closed
mlodic opened this issue Sep 12, 2023 · 4 comments
Closed

[Analyzer] Tor_Nodes_DanMeUk #1886

mlodic opened this issue Sep 12, 2023 · 4 comments
Assignees
@moonpatel
Labels
new_analyzer

Comments

@mlodic
Copy link
Member

mlodic commented Sep 12, 2023
edited
Loading

Name

Tor_Nodes_DanMeUk

Link

Extract lists of all Tor nodes from this site periodically:
https://www.dan.me.uk/tornodes

Type of analyzer

observable for IP addresses only

Why should we use it

An user requested this:

the Torproject Analyzer uses the Tor exit nodes list, whereas the dan.me.uk list includes all nodes (also entry and intermediary relays). It may be debatable if only the exit nodes are of interest - surely if you are looking at their roles as senders. However, if you look at outgoing traffic (possible C2) yo also want to match against the bridges and entry relay nodes, as this could identify malware. I would advocate to actually use the full list of tor nodes found at dan.me.uk, or provide another Analyzer that uses this list

Possible implementation

just basically copy/paste TorProject one and change the results based on the type of the node
@moonpatel
Copy link
Contributor

Hey @mlodic, I would like to work on this issue.

@moonpatel
Copy link
Contributor

Hey @mlodic what should be the name of this analyzer?

@mlodic
Copy link
Member Author

mlodic commented Mar 20, 2024

Tor_Nodes_DanMeUk

we need to complete the other issue before starting a new one

@moonpatel moonpatel mentioned this issue Mar 24, 2024
Merged
22 tasks
mlodic added a commit that referenced this issue Mar 25, 2024
@moonpatel @mlodic
Closes #1886 observable analyzer Tor_Nodes_DanMeUk (#2217)
7fca653 
* fixes 1886 observable analyzer Tor_Nodes_DanMeUk

added analyzer code for Tor_Node_DanMeUk

migrations for Tor_Nodes_DanMeUk analyzer

added Tor_Nodes_DanMeUk analyzer to FREE_TO_USE_ANALYZERS

updated docs

checking pre-commit

* Updated Usage.md

* Update api_app/analyzers_manager/migrations/0071_analyzer_config_tor_nodes_danmeuk.py

---------

Co-authored-by: Matteo Lodi <30625432+mlodic@users.noreply.github.com>
@mlodic
Copy link
Member Author

mlodic commented Mar 28, 2024

solved with v6.0.0

@mlodic mlodic closed this as completed Mar 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@moonpatel moonpatel

Labels
new_analyzer
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mlodic @moonpatel