# Feeds whishlist

This is a list with various feeds, which are either currently not supported or the usage is not clearly documented in IntelMQ.

If you want to **contribute** documenting how to configure existing bots in order to collect new feeds or by creating new parsers, here is a list of potentially interesting feeds.
See [Feeds documentation](Developers-Guide.html#feeds-documentation) for more information on this.

This list evolved from the issue [Contribute: Feeds List (#384)](https://github.com/certtools/intelmq/issues/384).

Lists of feeds:
- [threatfeeds.io](https://threatfeeds.io/)
- [TheCyberThreat](http://thecyberthreat.com/cyber-threat-intelligence-feeds/)

Some third party intelmq bots: [NRDCS' IntelMQ fork](https://github.com/NRDCS/intelmq/tree/certlt/intelmq/bots)

List of potentially interesting data sources:
- [Abuse.ch SSL Blacklists](https://sslbl.abuse.ch/blacklist/)
- [Adblock Plus Malwaredomains](https://easylist-msie.adblockplus.org/malwaredomains_full.tpl)
- [apivoid IP Reputation API](https://www.apivoid.com/api/ip-reputation/)
- [APWG's ecrimex](https://www.ecrimex.net) (private)
- [Berkeley](https://security.berkeley.edu/services/aggressive-ip-distribution-aid-list)
- [Binary Defense](https://security.berkeley.edu/services/aggressive-ip-distribution-aid-list)
- [Binary Defense](https://www.binarydefense.com/)
- [Bot Invaders Realtime tracker](http://www.marc-blanchard.com/BotInvaders/index.php)
- [Botscout Last Caught](http://botscout.com/last_caught_cache.htm)
- [Carbon Black Feeds](https://github.com/carbonblack/cbfeeds)
- [CERT.pl Phishing Warning List](http://hole.cert.pl/domains/)
- [Chaos Reigns](http://www.chaosreigns.com/spam/)
- [Critical Stack](https://intel.criticalstack.com)
- [Cruzit](http://www.cruzit.com/xwbl2txt.php)
- [Cyber Crime Tracker](http://cybercrime-tracker.net/all.php)
- [DNS DB API](https://api.dnsdb.info)
- [Facebook Threat Exchange](https://developers.facebook.com/docs/threat-exchange)
- [FilterLists](https://filterlists.com)
- [Firehol IPLists](https://iplists.firehol.org/)
- [Google Webmaster Alerts](https://www.google.com/webmasters/)
- [GPF Comics DNS Blacklist](https://www.gpf-comics.com/dnsbl/export.php)
- [Greensnow](https://blocklist.greensnow.co/greensnow.txt)
- [HP Feeds](https://github.com/rep/hpfeeds) (not a feed, but a feed format)
- [IBM X-Force Exchange](https://exchange.xforce.ibmcloud.com/)
- [ISC SANS](https://isc.sans.edu/ipsascii.html)
- [ISightPartners](http://www.isightpartners.com/)
- [Malshare](https://malshare.com/)
- [Malware Config](http://malwareconfig.com)
- [Malware DB (cert.pl)](https://mwdb.cert.pl/) (private)
- [MalwareDomainList](http://www.malwaredomainlist.com/zeuscsv.php)
- [MalwareDomains](http://www.malwaredomainlist.com/hostslist/yesterday_urls.php)
- [MalwareIntelligence](https://malwareint.com/threatintelligence.php)
- [Manity Spam IP addresses](http://www.dnsbl.manitu.net/download/nixspam-ip.dump.gz)
- [Marc Blanchard DGA Domains](http://www.marc-blanchard.com/BotInvaders/index.php)
- [MaxMind Proxies](https://www.maxmind.com/en/anonymous_proxies)
- [mIRC Servers](http://www.mirc.com/servers.ini)
- [Monzymerza](https://github.com/monzymerza/parthenon)
- [Multiproxy](http://multiproxy.org/txt_all/proxy.txt)
- [OpenBugBounty](https://www.openbugbounty.org/)
- [Payload Security](http://payload-security.com)
- [Project Honeypot](http://www.projecthoneypot.org/list_of_ips.php?rss=1) ([#284](https://github.com/certtools/intelmq/issues/284))
- [ShadowServer Sandbox API](http://www.shadowserver.org/wiki/pmwiki.php/Services/Sandboxapi) as expert bot (private)
- [Shodan search API](https://shodan.readthedocs.io/en/latest/tutorial.html#searching-shodan)
- [Snort IP Blacklist feed](http://talosintel.com/feeds/ip-filter.blf) (see also [this blogpost](https://blog.snort.org/2015/09/ip-blacklist-feed-has-moved-locations.html)
- [Spamhaus Botnet Controller List (BCL)](https://www.spamhaus.org/bgpf/) (private)
- [SteveBlack Hosts File](https://github.com/StevenBlack/hosts)
- [The Haleys](http://charles.the-haleys.org/ssh_dico_attack_hdeny_format.php/hostsdeny.txt)
- [Threat Crowd](https://www.threatcrowd.org/feeds/hashes.txt)
- [Threatstream](https://ui.threatstream.com/) (private)
- [TOR Project Exit addresses](https://check.torproject.org/exit-addresses)
- [TotalHash](http://totalhash.com) as expert bot
- [UCE Protect](http://wget-mirrors.uceprotect.net/)
- [URI BL](http://rss.uribl.com/index.shtml)
- [Virustotal Search](https://www.virustotal.com/gui/home/search) as expert bot
- [virustream](https://github.com/ntddk/virustream) (unmaintained?)
- [VoIP Blacklist](http://www.voipbl.org/update/)
- [YourCMC](http://vmx.yourcmc.ru/BAD_HOSTS.IP4)
