Data enrichment tools
Some data can be improved by combining it with other data sources. It is common to have IP addresses in a data set, yet no details about them. By merging it with another data stream that contains data about IP addresses, we can improve the data set. This process is called data enrichment. Data enrichment itself is a good way to make data more meaningful.
The selection of data enrichment tools is typically based on the actual data that is supported and its format.
Data enrichment tools are typically used for data collection, data enrichment, data processing, data sanitizing.
Users for these tools include forensic specialists, malware analysts, security professionals.
Popular data enrichment tools
Hash Buster (find cleartext of hash)
data enrichment, data processing, discovery of sensitive information, information gathering
Hash Buster is a tool which tries to find the cleartext that is related to a particular hash. A hash is typically a one-way conversion and often used as a fingerprint of a file. Using Hash Buster, the original string might be discovered. This can be useful during a penetration test or as part of digital forensics when one found one or more hashes.
MalPipe (Malware/IOC ingestion and processing engine)
data enrichment, data processing, intrusion detection, malware analysis, malware detection
MalPipe is a modular malware and indicator collection and processing framework. It is designed to pull information about malware, domains, URLs, and IP addresses from multiple feeds. Finally, it will enrich the collected data and export the results.
Wordsmith (tailored wordlists on geolocation)
The primary aim of Wordsmith is to create custom wordlists for security assessments. Wordsmith will create lists with a specific focus on geolocation. The words are based on names of countries, cities, colleges, zip codes, and even sports teams. The generated list can then be used to guess usernames or passwords.
Missing a favorite tool in this list? Share a tool suggestion and we will review it.