VECERT Threat Intelligence CLI is a Python-based command-line tool for cyber threat intelligence analysts to query, visualize, and export data from the VECERT Analyzer API.
This API aggregates and structures posts scraped from underground forums, leak sites, and dark web communities β providing insights into threat actor activity, data breaches, and emerging attack vectors.
Menu:
- Search by Title
- Search by Author
- Search by Posted Date
- Advanced search (combine filters)
- Change per_page (max 100)
- Next page
- Previous page
- Show Overview
- Show Current Query
- Export Results to CSV
- Exit
π Overview Dashboard
On startup, it automatically fetches and displays:
Total posts indexed
Distribution by source (e.g. BreachForums, XSS, Cracked, etc.)
Top 10 authors / bots Example:
Mode: overview Total records: 403,927
Distribution by Source βββββββββββββββ¬βββββββββββββ¬βββββββββββββ β Source β Count β Percentage β β BreachForumsβ 34,650 β 8.58% β β Cracked β 263,016 β 65.11% β β XForums β 57,041 β 14.12% β βββββββββββββββ΄βββββββββββββ΄βββββββββββββ
πΎ CSV Export
Export your findings for reporting or correlation in other tools (e.g. MISP, Maltego, Excel).
Option 10 β Export results to CSV
Choose to export:
π’ Current page
π΅ All pages (auto-pagination)
2οΈβ£ Requirements
No external dependencies β only Python β₯ 3.7 is required.
β Everything runs with built-in libraries:
urllib.request json csv re datetime
𧩠API Reference
Parameter Description Example
title Search keyword in post titles title=bank author Filter by threat actor or bot name author=intelbroker posted_date Date or partial (YYYY-MM-DD or YYYY-MM) posted_date=2025-10 page Pagination (default 1) page=2 per_page Results per page (max 100) per_page=50
π§ Use Cases for Threat Intelligence
Threat Actor Tracking
Monitor posts by key personas (e.g., intelbroker, pompompurin, etc.)
Breach Monitoring
Identify leaks and databases being traded or sold.
TTPs and Emerging Threats
Search titles for keywords like βransomwareβ, βzero-dayβ, βphishing kitβ.
Forum Intelligence Aggregation
Understand where conversations cluster (via distribution_by_source).
Data Correlation
Export to CSV for integration with:
MISP Splunk / ELK Excel / Power BI Maltego
π¬ Contact
Created by VECERT Threat Intelligence π vecert.io
π§ info@vecert.io