Fast and secure analysis of Indicators of Compromise (IOC) directly in your browser
π Website β’ Features β’ Installation β’ Usage β’ Privacy β’ Development β’ API Keys β’ Versioning
- π¨ Custom Loading Animation - Branded Ahtapot logo spinner with smooth vertical rotation
- π― Enhanced No-Results UX - Color-coded cards showing searched IOCs and supported types
- π Improved AbuseIPDB Layout - Abuse Categories now appear before Location & Network
- π½ Collapsible OTX Section - Threat summary section now collapsible (default closed)
- π Better i18n Coverage - Enhanced translations for empty states and loading messages
- β VirusTotal β’ OTX AlienVault β’ AbuseIPDB β’ MalwareBazaar β’ ARIN β’ Shodan β’ GreyNoise
- π― Smart API Usage - Only queries providers supporting the IOC type
β οΈ Rate Limit Protection - Confirmation system for GreyNoise and Shodan- π No API Key Required - ARIN WHOIS (always available)
π View Complete Changelog - Full version history and detailed release notes
Automatically detects and analyzes various types of security indicators:
| π Network | IPv4/IPv6 addresses, Domains, URLs |
| π Hashes | MD5, SHA1, SHA256 file hashes |
| π§ Identity | Email addresses, CVE numbers |
| π° Crypto | Bitcoin, Ethereum addresses |
- Select any text on any webpage
- Floating button appears instantly
- One-click analysis
- Results in beautiful side panel
| Service | Purpose | Rate Limit |
|---|---|---|
| VirusTotal | Malware & URL scanning | 4 req/min (free) |
| OTX AlienVault | Threat intelligence & IOC pulses | 10,000 req/day |
| AbuseIPDB | IP reputation & abuse reports | 1,000 req/day (free) |
| MalwareBazaar | Malware hash database & sample repository | No strict limit (free) |
| ARIN | IP WHOIS & network registration | 15 req/min (no key required) |
| Shodan | Device search & vulnerability scanning | 100 results/month (free) |
| GreyNoise | Internet noise detection & classification | 50 searches/week (free) |
- Real-time Support Detection - Each IOC shows compatible providers via badges
- Optimized API Calls - Only queries providers that support the IOC type
- No Wasted Requests - Saves API rate limits by skipping unsupported types
- Clear Messaging - Informative explanations when providers don't support an IOC type
- Google Translate-style floating button
- Tab-based provider results - Switch between all providers seamlessly (VirusTotal, OTX, AbuseIPDB, MalwareBazaar, ARIN, Shodan, GreyNoise)
- Provider support badges - See which providers support each IOC at a glance
- Informative empty states - Clear explanations when providers don't support an IOC type
- Clean, professional design
- Dark mode optimized
- Smooth animations
- Non-intrusive UX
- β All API keys stored locally on your device
- β No data collection or tracking
- β Secure HTTPS connections only
- β Optional caching with configurable retention
- β Open source and transparent
- β Content Security Policy compliant
- β Read our Privacy Policy | Gizlilik PolitikasΔ± (TR)
π Visit our website: ahtapot.me for detailed installation guides and documentation
The easiest way to install Ahtapot:
- Visit the Chrome Web Store
- Click "Add to Chrome"
- Confirm the permissions
- Start analyzing IOCs!
# Clone the repository
git clone https://github.com/yourusername/ahtapot-extension.git
cd ahtapot-extension
# Install dependencies
npm install
# Build the extension
npm run build- Open Chrome and navigate to
chrome://extensions - Enable "Developer mode" (top-right corner)
- Click "Load unpacked"
- Select the
distfolder from the project directory
We take your privacy seriously. Here's what you need to know:
- β API Keys: Stored securely on your device using Chrome's encrypted storage
- β Cached Results: Previously analyzed IOCs (optional, user-configurable retention period)
- β User Preferences: Language selection and settings
- β No Tracking: Zero analytics or telemetry
- β No Servers: We don't operate any servers
- β No Data Transmission: Nothing leaves your device except API calls to security services
- β No Sale of Data: Your data is yours, period
- β No Third-Party Sharing: Only you and the security APIs you configure
- Configure how long analyzed IOCs are kept (1-30 days, default: 7 days)
- Automatic cleanup of old cached data
- Manual cache clearing anytime
- All cached data stored locally only
π Read the complete privacy policy:
- Click the Ahtapot extension icon β Settings
- General Settings Tab:
- Choose your language (English/Türkçe)
- Configure cache retention period (optional)
- API Keys Tab:
- Add your API keys for enhanced analysis
- See API Keys section for how to obtain them
Choose your preferred method:
Method A: Text Selection
1. Select text containing IOCs on any webpage
2. Floating button appears automatically
3. Click "Analyze" button
4. View results in side panel
Method B: Context Menu
1. Select text with IOCs
2. Right-click β "Analyze with Ahtapot"
3. Results appear in side panel
Method C: Manual Entry
1. Click extension icon β Open side panel
2. Paste IOCs into text area
3. Click "Detect IOCs" β "Analyze"
Results are color-coded for quick threat assessment:
- π’ Safe - No threats detected
- π‘ Suspicious - Potential threat, investigate further
- π΄ Malicious - Confirmed threat, take action
- βͺ Unknown - Insufficient data for assessment
| Type | Example | Pattern |
|---|---|---|
| IPv4 | 192.168.1.1 |
0-255.0-255.0-255.0-255 |
| IPv6 | 2001:0db8:85a3::8a2e:0370:7334 |
Full/compressed |
| Domain | example.com |
Valid TLD required |
| URL | https://example.com/path |
HTTP/HTTPS |
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
32 hex chars |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
40 hex chars |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
64 hex chars |
[email protected] |
RFC 5322 | |
| CVE | CVE-2021-44228 |
CVE-YYYY-NNNNN |
| Bitcoin | 1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa |
Base58/Bech32 |
| Ethereum | 0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb |
0x + 40 hex |
- Node.js 18+ and npm
- Chrome browser
- TypeScript knowledge (recommended)
- Framework: React 18 + TypeScript
- Build Tool: Vite 5
- Styling: CSS3 with CSS Variables
- Icons: Lucide React
- Extension: Manifest V3
- Storage: Chrome Storage API
- Clone the repository
- Install dependencies:
npm install - Build the extension:
npm run build - Load
distfolder in Chrome - Test on various websites
Get free API keys to unlock full analysis capabilities:
- Purpose: Malware, file, URL, IP, and domain analysis
- Free Tier: 4 requests per minute
- Supported IOCs: IPv4, IPv6, Domain, URL, File Hashes (MD5, SHA1, SHA256)
- Get Key: virustotal.com/gui/join-us
- Features:
- Real-time malware scanning
- Comprehensive threat analysis
- Detection statistics from 70+ antivirus engines
- Purpose: Threat intelligence and IOC pulse analysis
- Free Tier: 10,000 requests per day (10 req/sec)
- Supported IOCs: IPv4, IPv6, Domain, URL, File Hashes (MD5, SHA1, SHA256), CVE
- Get Key: otx.alienvault.com/api
- Features:
- Community-driven threat intelligence
- Pulse-based threat information
- Malware family identification
- Targeted countries and adversary information
- Custom threat scoring algorithm
- Purpose: IP address reputation and abuse confidence scoring
- Free Tier: 1,000 requests per day
- Supported IOCs: IPv4, IPv6 only
- Get Key: abuseipdb.com/register
- Features:
- Abuse confidence scoring (0-100%)
- Detailed abuse reports and categories
- Geographic and network information
- ISP and usage type detection
- Community-reported abuse data
- Purpose: Malware sample database and hash reputation lookup
- Free Tier: No API key required, no strict rate limits
- Supported IOCs: File Hashes (MD5, SHA1, SHA256) only
- Documentation: bazaar.abuse.ch/api
- Features:
- Malware sample information and metadata
- File type and signature detection
- Malware family classification
- Submission date and first seen information
- Community-driven malware intelligence
- No authentication required for basic lookups
- Purpose: IP address WHOIS and network registration information
- Free Tier: No API key required (public read-only access)
- Supported IOCs: IPv4, IPv6 only
- Documentation: arin.net/resources/registry/whois/rws
- Features:
- Network registration details
- Organization information
- IP address allocation ranges
- CIDR notation and network blocks
- Registration and update dates
- Parent network relationships
- Always available without configuration
- Purpose: Internet-connected device search and vulnerability analysis
- Free Tier: 100 results per month (
β οΈ rate-limited with confirmation) - Supported IOCs: IPv4, IPv6, Domain
- Get Key: Visit developer.shodan.io/api β Click "Show API Key" (top right)
- Features:
- Open port and service detection
- CVE vulnerability identification
- Device banners and service versions
- Geographic location data
- ISP and organization information
- Historical scan data
- Subdomain discovery for domains
- Purpose: Internet-wide noise detection and threat classification
- Free Tier: 50 searches per week (
β οΈ rate-limited with confirmation, combined with Visualizer usage) - Supported IOCs: IPv4 only
- Get Key: viz.greynoise.io/account/details
- Features:
- Internet scanner detection (mass scanning vs targeted)
- RIOT (Rule It Out) - benign service identification
- Classification (malicious, benign, unknown)
- Actor information and tags
- Last seen timestamps
- Metadata about scanning activity
Privacy Note: All API keys are stored locally in Chrome's secure storage. They never leave your device except when making API calls to the respective services.
Rate Limit Protection: GreyNoise and Shodan require user confirmation before consuming your limited quota. You can choose to analyze or skip these providers for each request.
Live Validation: Test your API keys directly in the settings page before saving to ensure they work correctly.
Smart Optimization: Extension automatically detects which providers support each IOC type and only makes necessary API calls, saving your rate limits.
- User selects text β Content script detects IOCs
- Content script sends IOCs to background via messages
- Background worker makes secure API calls
- Results returned to side panel for display
- No sensitive data stored permanently
Contributions are welcome! This project is actively maintained.
- Fork the repository
- Create a feature branch
git checkout -b feature/amazing-feature
- Commit your changes
git commit -m 'Add amazing feature' - Push to your branch
git push origin feature/amazing-feature
- Open a Pull Request
This project is licensed under the MIT License - see the LICENSE file for details.
- Website: ahtapot.me
- Chrome Web Store: Install Extension
- Issues: GitHub Issues
- Discussions: GitHub Discussions
- Privacy Questions: See Privacy Policy
- Security Vulnerabilities: Please report security issues privately via GitHub Security tab
This project follows Semantic Versioning 2.0.0 (SemVer).
Version Format: MAJOR.MINOR.PATCH
- MAJOR - Backward-incompatible changes (e.g., removing a provider)
- MINOR - New features, backward compatible (e.g., adding a provider)
- PATCH - Bug fixes and minor improvements
For detailed information:
π VERSIONING.md - Complete versioning strategy and contributor guidelines π CHANGELOG.md - Full version history and release notes
Current Version: 2.3.1
Made with β€οΈ for the cybersecurity community
β Star this repo if you find it useful!
π Website β’ Chrome Web Store β’ Report Bug β’ Request Feature