Presenting GreedyBear

GreedyBear is a tool that was created mainly to help to extract Indicators of Compromise from one or more available TPOTs. For those who do not know this tool, we are talking about the most popular all-in-one honeypot available in the community. While the T-POT is great in allowing a fast, easy and reliable installation and collection of data, it struggles in organizing that data in a way that they can be easily collected and disseminated. This is where GreedyBear comes in and becomes the Threat Intelligence Platform for the TPOT.

Started as a personal Christmas project from Matteo Lodi, since then GreedyBear is being improved mainly thanks to the efforts of the Certego Threat Intelligence Team.

It has been evolved to a fully operational web application which provides convenient ways to explore and search extracted data and fully fledged API REST to programmatically extract them.

Thanks to the efforts of The Honeynet Project, we have a public site which allows us to share the data collected from the TPOTs of this organization. Check the official site here!

Happy hunting!