###############
Feeds whishlist
###############

This is a list with various feeds, which are either currently not supported or the usage is not clearly documented in IntelMQ.

If you want to **contribute** documenting how to configure existing bots in order to collect new feeds or by creating new parsers, here is a list of potentially interesting feeds.
See :ref:`feeds documentation` for more information on this.

This list evolved from the issue :issue:`Contribute: Feeds List (#384) <384>`.

- A list of feeds
  - `threatfeeds.io <https://threatfeeds.io>`_
  - `TheCyberThreat <http://thecyberthreat.com/cyber-threat-intelligence-feeds/>`_

- Some third party intelmq bots: `NRDCS' IntelMQ fork <https://github.com/NRDCS/intelmq/tree/certlt/intelmq/bots>`_

- List of potentially interesting data sources:

  - `Abuse.ch SSL Blacklists <https://sslbl.abuse.ch/blacklist/>`_
  - `Adblock Plus Malwaredomains <https://easylist-msie.adblockplus.org/malwaredomains_full.tpl>`_
  - `apivoid IP Reputation API <https://www.apivoid.com/api/ip-reputation/>`_
  - `APWG's ecrimex <https://www.ecrimex.net>`_
  - `Bad IPs <https://www.badips.com>`_
  - `Berkeley <https://security.berkeley.edu/aggressive_ips/ips>`_
  - `Binary Defense <https://www.binarydefense.com/>`_
  - `Bot Invaders Realtime tracker <http://www.marc-blanchard.com/BotInvaders/index.php>`_
  - `Botscout Last Caught <http://botscout.com/last_caught_cache.htm>`_
  - `Carbon Black Feeds <https://github.com/carbonblack/cbfeeds>`_
  - `CERT.pl Phishing Warning List <http://hole.cert.pl/domains/>`_
  - `Chaos Reigns <http://www.chaosreigns.com/spam/>`_
  - `Critical Stack <https://intel.criticalstack.com>`_
  - `Cruzit <http://www.cruzit.com/xwbl2txt.php>`_
  - `Cyber Crime Tracker <http://cybercrime-tracker.net/all.php>`_
  - `DNS DB API <https://api.dnsdb.info>`_
  - `Dyn DNS <http://security-research.dyndns.org/pub/>`_
  - `Facebook Threat Exchange <https://developers.facebook.com/docs/threat-exchange>`_
  - `FilterLists <https://filterlists.com>`_
  - `Firehol IPLists <https://iplists.firehol.org/>`_
  - `Google Webmaster Alerts <https://www.google.com/webmasters/>`_
  - `GPF Comics DNS Blacklist <https://www.gpf-comics.com/dnsbl/export.php>`_
  - `Greensnow <https://blocklist.greensnow.co/greensnow.txt>`_
  - `HP Feeds <https://github.com/rep/hpfeeds>`_
  - `IBM X-Force Exchange <https://exchange.xforce.ibmcloud.com/>`_
  - `ISC SANS <https://isc.sans.edu/ipsascii.html>`_
  - `ISightPartners <http://www.isightpartners.com/>`_
  - `James Brine <https://jamesbrine.com.au/>`_
  - `Joewein <http://www.joewein.net>`_
  - `Malshare <https://malshare.com/>`_
  - `Malware Config <http://malwareconfig.com>`_
  - `Malware DB (cert.pl) <https://mwdb.cert.pl/>`_
  - `MalwareDomainList <http://www.malwaredomainlist.com/zeuscsv.php>`_
  - `MalwareDomains <http://www.malwaredomainlist.com/hostslist/yesterday_urls.php>`_
  - `MalwareInt <http://malwareint.com>`_
  - `Manity Spam IP addresses <http://www.dnsbl.manitu.net/download/nixspam-ip.dump.gz>`_
  - `Marc Blanchard DGA Domains <http://www.marc-blanchard.com/BotInvaders/index.php>`_
  - `MaxMind Proxies <https://www.maxmind.com/en/anonymous_proxies>`_
  - `mIRC Servers <http://www.mirc.com/servers.ini>`_
  - `Monzymerza <https://github.com/monzymerza/parthenon>`_
  - `Multiproxy <http://multiproxy.org/txt_all/proxy.txt>`_
  - `MVPS <http://mvps.org>`_
  - `Null Secure <http://nullsecure.org>`_
  - `OpenBugBounty <https://www.openbugbounty.org/>`_
  - `Payload Security <http://payload-security.com>`_
  - `Project Honeypot (#284) <http://www.projecthoneypot.org/list_of_ips.php?rss=1>`_
  - `ShadowServer Sandbox API <http://www.shadowserver.org/wiki/pmwiki.php/Services/Sandboxapi>`_
  - `Shodan search API <https://shodan.readthedocs.io/en/latest/tutorial.html#searching-shodan>`_
  - `Snort <http://labs.snort.org/feeds/ip-filter.blf>`_
  - `Spamhaus BGP feed (BGPf) <https://www.spamhaus.org/bgpf/>`_
  - `SteveBlack Hosts File <https://github.com/StevenBlack/hosts>`_
  - `TheCyberThreat <http://thecyberthreat.com/cyber-threat-intelligence-feeds/>`_
  - `The Haleys <http://charles.the-haleys.org/ssh_dico_attack_hdeny_format.php/hostsdeny.txt>`_
  - `Threat Crowd <https://www.threatcrowd.org/feeds/hashes.txt>`_
  - `Threat Grid <http://www.threatgrid.com/>`_
  - `Threatstream <https://ui.threatstream.com/>`_
  - `TOR Project Exit addresses <https://check.torproject.org/exit-addresses>`_
  - `TotalHash <http://totalhash.com>`_
  - `UCE Protect <http://wget-mirrors.uceprotect.net/>`_
  - `URI BL <http://rss.uribl.com/index.shtml>`_
  - `urlscan.io <https://urlscan.io/products/phishingfeed/>`_
  - `Virustotal <https://www.virustotal.com/gui/home/search>`_
  - `virustream <https://github.com/ntddk/virustream>`_
  - `VoIP Blacklist <http://www.voipbl.org/update/>`_
  - `Wordpress Callback Domains <http://callbackdomains.wordpress.com>`_
  - `YourCMC <http://vmx.yourcmc.ru/BAD_HOSTS.IP4>`_
