new analyzers + some tweaks

NEW INBUILT ANALYZERS:

• Added Triage file analyzer.
• Added Zoomeye analyzer.
• Added Dnstwist analyzers.
• Added Ipinfo analyzer.
• Added ReversingLabs YARA rules analyzer.
• Added Samir YARA rules analyzer.

FIXES/IMPROVEMENTS/Dependency upgrades:

• several little fixes on analyzers (OTXQuery, DNSDB, Classic_DNS, Fortiguard, XMLDeobfuscator)
• increased filename max_length to 512
• added validation checks to avoid DB problems
• upgraded Yara to v4.0.2
• added Yara rule location to the analyzer output

Major Release: v1.8.0; Nov'20

Refer to CHANGELOG.md.

Improvements to recent malicious document analysis

Update Guide

Improvements to recent malicious document analysis:

• Added XLMMacroDeobfuscator analyzer, refer #196 thanks to @0ssigeno
• Updated oletools to last available changes

Other:

• updated black to 20.8b1 and little fix in the docs

Unpacme + whoisxml API + checkdmarc analyzer + Fix VT2

Update Guide

• 3 new analyzers which can be used out of the box:
  • UnpacMe_EXE_Unpacker: UnpacMe is an automated malware unpacking service. (Thanks to @0ssigeno)
  • CheckDMARC: checdmarc provides SPF and DMARC DNS records validator for domains. (Thanks to @goodlandsecurity)
  • Whoisxmlapi: Fetch WHOIS record data, of a domain name, an IP address, or an email address. (Thanks to @tamthaitu)
• Some fixes to Cymru Malware and VT2 analyzers.
• Now you or your organization can get paid support/extra features/custom integrations for IntelOwl via xscode platform. Details.

[Patch] fixed version number - Added SpeakEasy, upgraded Capa and updated docs

This patch allows to download the most recent docker image of IntelOwl. Previous version was downloading the old (v.1.5.1) docker image.

Please see v1.6.0 for release details.

Upgrade guide

Added SpeakEasy, upgraded Capa and updated docs

• added new analyzer for FireEye speakeasy
• updated FireEye Capa to 1.1.0
• updated docs, including instructions for Remnux users and a new "How to use pyintelowl" video

[Patched] IntelX phonebook API + Dynamic Analyzer's Conf.

Patch after v1.5.0.

• Fixed runtime_configuration JSON serialization bug when requesting file scan.

IntelX phonebook API + Dynamic Analyzer's Conf. + more..

This release contains a bug that was fixed in v1.5.1. We recommend cloning the master branch.

Features:

• Ability to pass a JSON field runtime_configuration for dynamic configuration per scan request. Demo GIF.
• IntelligenceX's phonebook API for observables.
• Increased JWT token lifetime for webapp. (Ref.).

Breaking Changes:

• Moved ldap_config.py under configuration/ directory. If you were using LDAP before this release, please refer the updated docs.

Fixes:

• Updates and fixes to: Doc_info, PE_Info, VirusTotal v3 and Shodan_Honeyscore analyzers.
• Added migration files for DB.

Quark Engine, Pulsedive, Python 3.7, GKE Deployment docs

Upgrade Guide

• Inbuilt Integration for Pulsedive analyzer for IP, URL, Domain and Hash observables. Works without API key with rate limit of 30 requests/minute.
• Inbuilt integration for Integrated Quark-engine for APKs - An Obfuscation-Neglect Android Malware Scoring System.
• Increase max_length for file_mimetype column. Thanks to @skygrip for the report.
• Index the fields that are used in ask_analysis_availability for faster fetching.
• Update LDAP documentation, add section about GKE deployments.
• Fixed: is_test issue in _docker_run. Thanks to @colbyprior.
• Fixed: active_dns now returns proper result.
• The base docker image is now based on Python 3.7.
• Refactor test cases/classes to reduce duplicate code.

Elastic Search + LDAP + groups/permissions + specific docker tags

Read at release v1.3.0 for details.

• The images on hub.docker.com are now tagged with the same version number as the GitHub release tags.