ThreatLens: Automating IoC Detection Directly in Your Browser
嗯,用户让我用中文帮他总结一篇文章的内容,控制在一百个字以内,而且不需要用“文章内容总结”或者“这篇文章”这样的开头。直接写描述即可。好的,首先我需要理解这篇文章的内容。 文章的作者是一个SOC分析师,他在工作中经常淹没在日志和警报中,手动提取IoC并交叉引用威胁情报非常耗时且容易出错。于是他开发了一个名为ThreatLens的开源Chrome扩展,用来自动化检测IoC和声誉扫描。 文章详细介绍了ThreatLens的功能,比如实时检测IPv4、IPv6、域名和URL,集成AbuseIPDB获取声誉数据,批量扫描,去遮罩支持,范围控制,非破坏性UI等等。还提到了它的隐私保护措施,没有 telemetry 或跟踪。 用户的需求是总结这篇文章的内容,控制在100字以内。所以我要抓住关键点:作者身份、问题、解决方案(ThreatLens)、功能和优势。 接下来我要组织语言,确保简洁明了。比如:“文章介绍了一款名为ThreatLens的开源Chrome扩展工具,旨在帮助安全分析师自动化检测和分析潜在威胁指标(IoC),提供实时声誉扫描功能,并支持批量处理和隐私保护。” 这样刚好在100字以内,并且涵盖了主要信息。 检查一下是否符合要求:没有使用特定的开头语句,直接描述内容;控制在100字以内;中文表达清晰准确。 </think> 文章介绍了一款名为ThreatLens的开源Chrome扩展工具,旨在帮助安全分析师自动化检测和分析潜在威胁指标(IoC),提供实时声誉扫描功能,并支持批量处理和隐私保护。 2026-4-12 07:23:18 Author: infosecwriteups.com(查看原文) 阅读量:15 收藏

Muraleekrishnan Unnithan R

As a SOC analyst, I’ve often found myself drowning in a sea of logs and alerts, constantly sifting through data to identify potential threats. The manual process of extracting Indicators of Compromise (IoCs) and cross-referencing them with threat intelligence sources can be incredibly time-consuming and prone to human error. It’s a challenge many security professionals face daily.

To solve this, I built ThreatLens — an open-source Chrome extension designed to automate IoC detection and reputation scanning directly in your browser.

What is ThreatLens?

ThreatLens is a powerful open-source Chrome extension that automatically highlights and analyzes potential IoCs directly within any webpage you’re viewing. It’s built with the needs of SOC analysts and security professionals in mind, providing immediate context and reputation data for suspicious elements.

The goal was simple: build a tool that gives you instant threat intelligence without breaking your workflow.

Press enter or click to view image in full size

Figure 1: Clicking on the 🔍 icon shows IP/domain reputation

Key Features That Make a Difference

Real-time IoC Detection: Automatically identifies IPv4, IPv6, domains, and URLs on any webpage.

AbuseIPDB Integration: Get reputation scores, ISP, and country data with a single click.

Bulk Scanning: Paste a list of indicators in the options page to scan them all at once.

De-masking Support: Automatically handles obfuscated indicators like [.].

Scope Control: Configure and run only on selected sites or exclude specific domains to fit your workflow.

Non-destructive UI: The extension injects subtle badges (🔍) next to detected indicators. This is implemented without affecting the layout or inputs of the website.

Get Muraleekrishnan Unnithan R’s stories in your inbox

Join Medium for free to get updates from this writer.

Remember me for faster sign in

Privacy Focused: No telemetry or tracking. Data is only sent to AbuseIPDB when you trigger a scan.

Press enter or click to view image in full size

Figure 2: Bulk Scanning (With Demasking)

How It Works?

ThreatLens operates with a clear, privacy-focused methodology, ensuring you get the intelligence you need without compromising your data.

  • Non-destructive UI: Injects small 🔍 badges next to detected indicators without breaking page layout.
  • Scope Check: Runs only on sites allowed by your allowlist/blocklist settings.
  • DOM Scan: Uses TreeWalker to scan visible text while skipping scripts, inputs, and editable fields.
  • Regex Detection: Identifies IPv4, IPv6, domains, and URLs using pattern matching.
  • Badge Injection: Detected indicators are wrapped in a <span> with a 🔍 button.
  • Reputation Lookup: Clicking 🔍 resolves domains via Google DNS-over-HTTPS and queries AbuseIPDB.
  • Result Display: Shows a colored badge (🟢 safe / 🔴 danger) based on abuse confidence score.

Getting Started with ThreatLens

Ready to enhance your threat analysis workflow? Getting started is straightforward:

  1. Installation: Install ThreatLens directly from the Chrome Web Store. You can find it here: ThreatLens on Chrome Web Store
  2. API Key: Obtain a free AbuseIPDB v2 API key from abuseipdb.com. The free tier offers 1,000 checks per day, which is typically sufficient for most analysts’ daily needs.
  3. Configuration: Open the extension options page (right-click the ThreatLens icon → Options) to enter your API key and configure your preferred scope settings (allowlist/blocklist). It’s quick and easy to tailor to your environment.

Privacy and Trust: Built with Security in Mind

ThreatLens is designed with a strong commitment to user privacy. No data is sent anywhere except to AbuseIPDB for explicit lookups you trigger and to Google DNS for domain resolution. There is absolutely no telemetry, no tracking, and no hidden data collection. You can use ThreatLens with confidence, knowing your browsing activity remains private.

Conclusion

ThreatLens is designed to be that tool, transforming the way you interact with IoCs online. By automating detection and integrating with a reputable threat intelligence source, it lets you focus on deeper analysis and higher-priority tasks, ultimately strengthening your defensive posture.

ThreatLens is also an open-source project, and contributions are always welcome. Whether it’s new features, improvements, or ideas, your input helps make the tool better for everyone.

Give it a try and see the difference it can make in your daily workflow. Your feedback is invaluable as we continue to evolve and improve ThreatLens for the security community.

Thanks for reading! Feel free to share your thoughts or any feedback you have — I’d love to hear from you!


文章来源: https://infosecwriteups.com/threatlens-automating-ioc-detection-directly-in-your-browser-9547e3c7defa?source=rss----7b722bfd1b8d---4
如有侵权请联系:admin#unsafe.sh