The project goal is to extract data of the attacks detected by a TPOT or a cluster of them and to generate some feeds that can be used to prevent and detect attacks.

Official announcement here.

Documentation about GreedyBear installation, usage, configuration and contribution can be found at https://greedybear.readthedocs.io/.

There are public feeds provided by The Honeynet Project in this site. Example

Please do not perform too many requests to extract feeds or you will be banned.

If you want to be updated regularly, please download the feeds only once every 10 minutes (this is the time between each internal update).

To check all the available feeds, Please refer to our usage guide

GreedyBear provides an easy-to-query API to get the information available in GB regarding the queried observable (domain or IP address).

To understand more, Please refer to our usage guide

The tool has been created not only to provide the feeds from The Honeynet Project's cluster of TPOTs.

If you manage one or more T-POTs of your own, you can get the code of this application and run Greedybear on your environment. In this way, you are able to provide new feeds of your own.

To install it locally, Please refer to our installation guide

Certego is a MDR (Managed Detection and Response) and Threat Intelligence Provider based in Italy.

Started as a personal Christmas project from Matteo Lodi, since then GreedyBear is being improved mainly thanks to the efforts of the Certego Threat Intelligence Team.

The Honeynet Project is a non-profit organization working on creating open source cyber security tools and sharing knowledge about cyber threats.