Last update: 22 June 2024

CyberGordon is a personal project to help people in their "cyber threat hunting" tasks. The name Gordon come from the fictional character Commissioner James Gordon (DC Comics). On April 2021 the Gordon project was renamed to CyberGordon.

If you like my tool, you can share it on Twitter or contribute to its development by buying me a coffee (donation).

Contact

For any question or remark, you can contact me (Marc-Henry Geay) through several ways: X/Twitter, Mastodon or on Slack.

Components & architecture

CyberGordon website is made with Bootstrap, JQuery and Datatables. The logo uses Comfortaa font and Material icon (shield with wen). Others small SVG icons come from Heroicons. All backend (request, engine, result processing) is developed with Python 3 invoked in AWS Lambda functions.

To learn more about how CyberGordon works and its architecture, see my blog post.

Security & Usage

Observables are only searched in open security databases' existing records, no new request or scan against observables are made. However, live DNS lookup (engine 7) could be considred as an exception.

Results stored in database by CyberGordon are available during 7 days. After this delay all copies are definitely deleted.

Programmatic queries with a volume of 10 analyses per minute are tolerated, but any abuse will be blocked.

CyberGordon strives to protect your analyses and itself against third parties by:

• Using UUID version 4 as Analysis ID to ensure confidentiality.
• Encrypting all request and result data with latest security standards offered by the hosting provider (AWS) : TLS v1.3 for data in motion and AES-256 for data in rest. Encryption keys are managed by AWS.
• Applying stricly the Least Privileges principle on all involved systems.
• Keeping the minimal information about requests and results content: only timestamps, Analysis ID and potential error logs are stored 7 days.
• Blocking non-compliant and high volume of requests.
• Blocking requests from anonymous services (eg: proxy, VPN, Tor), bots, threats and suspicious sources.

Website (CDN) access logs are keep one year for security investigation and legal requirements.

Privacy

CyberGordon website limits the number of remote third-party content. All dependencies are hosted on the website (JQuery, Datatables, Bootstrap) except for abuse protection (hCaptcha anti-bot).
Following statistic data is collected and shared here: volume of analysis request, observable and for each observable type.

Sharing & blog posts about CyberGordon

Thank you for people sharing my personal project:

• 15 June 2020 - Listed on Daniel's Unsupervised Learning: No. 233
• 4 January 2021: Post on Russ McRee's HolisticInfoSec blog
• 19 January 2021: Diary on SANS ISC (Dshield)
• 19 January 2021: Spanish post on Seguridad para Todos blog (Security for All).
• April 2021: Sam's Information blog links
• 16 April 2021: GreyNoise Community integrations
• 8 November 2021: awesome-threat-intelligence, A curated list of Awesome Threat Intelligence resources.
• December 2021: Awesome Threat Intelligence list by Stella Sebastian
• October 2022: US Lewis University IT newsletter.
• June 2023: Goosint directory.
• July 2023: GBHackers on Security - Tools directory.

Legal notice

This website is hosted by Amazon Web Services (abuse@amazonaws.com) in the United States.

You have the right to oppose, query, access and rectify your personal information by contacting me.

All website data, including personal data, is stored in a state outside the European Union (United States).

The purpose of the processing for which the data is intended is described above (Security & privacy considerations chapter). Its purpose is to protect the website and to provide technical data to identify bugs.

This website use only basic cookies to provide dynamic displays.