Last update: 1 May 2021
CyberGordon is a personal project to help people in their "cyber threat hunting" tasks. The name Gordon come from the fictional character Commissioner James Gordon (DC Comics). On April 2021 the Gordon project was renamed to CyberGordon.
For any question or remark, you can contact me (Marc-Henry Geay) on the contact page.
CyberGordon website is made with Bootstrap, JQuery and Datatables. The logo (shield with wen) is part of Material icons and others small SVG icons come from Heroicons. All backend (request, engine, result processing) is developed with Python 3 invoked in AWS Lambda functions.
I published a post on Medium to describe the arcitecture.
CyberGordon requests on your behalf sources:
After sending your observables, CyberGordon verifies your request, parses and splits your observables into type lists : IPv4, FQDN, URL, MD5, SHA-1, SHA-256 and Email.
Your observables list is sent to a queue that will dispatch to different engines depending on the type. Each engine can manage and search one observable type.
Engine will query the source API and keep a summary of relevant threat and risk records regarding your observables ; then engine stores the results in a file.
Engine results are merged into a consolidated final results list that you can export.
Observables are only searched in open security databases' existing records, no new request or scan against observables are made. However, live DNS lookup (engine 7) could be considred as an exception.
Results stored in database by CyberGordon are available during 7 days. After this delay all copies are definitely deleted.
Gordon strives to protect your requests and results against third parties by:
Lastly, hosting and requested sources providers may, technically, be aware of what you looking for.
CyberGordon website limits the number of remote third-party content. All dependencies are hosted on the website (JQuery, Datatables, Bootstrap) except for abuse protection (hCaptcha).
Following statistic data is collected and shared here: volume of analysis request, observable and for each observable type.
Thank you for people sharing my personal project:
This website is hosted by Amazon Web Services (email@example.com) in the United States.
You have the right to oppose, query, access and rectify your personal information by contacting me on the contact page.
All website data, including personal data, is stored in a state outside the European Union (United States).
The purpose of the processing for which the data is intended is described above (Security & privacy considerations chapter). Its purpose is to protect the website and to provide technical data to identify bugs.
This website use only basic cookies to provide dynamic displays and for abuse protection (hCaptcha).