Gordon is a personal project to help people in their "cyber threat hunting" tasks. The name Gordon come from the fictional character Commissioner James Gordon (DC Comics).
Gordon website is made with Bootstrap, JQuery and Datatables. The logo (shield with wen) is part of Material icons and others small SVG icons come from Heroicons. All backend (request, engine, result processing) is developed with Python 3 invoked in AWS Lambda functions.
For any question or remark, you can contact me on Twitter - @mhgeay (Marc-Henry GEAY, France).
I published a post on Medium to describe the arcitecture.
Gordon requests on your behalf sources:
After sending your observables, Gordon verifies your request, parses and splits your observables into type lists : IPv4, FQDN, URL, MD5, SHA-1, SHA-256 and Email.
Your observables list is sent to a queue that will dispatch to different engines depending on the type. Each engine can manage and search one observable type.
Engine will query the source API and keep a summary of relevant threat and risk records regarding your observables ; then engine stores the results in a file.
Engine results are merged into a consolidated final results list that you can export.
Observables are only searched in open security databases' existing records, no new request or scan against observables are made. However, live DNS lookup (engine 7) could be considred as an exception.
Results stored in database by Gordon are available during 7 days. After this delay all copies are definitely deleted.
Gordon strives to protect your requests and results against third parties by:
Lastly, hosting and requested sources providers may, technically, be aware of what you looking for.
All dependencies are hosted on Gordon website (JQuery, Datatables, Bootstrap). Web metrics are collected for anaytics with Clicky.
Following statistic data is collected and shared here: volume of analysis request, observable and for each observable type.
Paste one or more observable in the text field, click on "Analyze!", you will be redirected into a waiting page and get results few seconds after.
Thank you for people sharing my personal project:
This website is hosted by Amazon Web Services (firstname.lastname@example.org) in the United States.
You have the right to oppose, query, access and rectify your personal information by contacting me.
All website data, including personal data, is stored in a state outside the European Union (United States).
The purpose of the processing for which the data is intended is described above (Security & privacy considerations chapter). Its purpose is to protect the website and to provide technical data to identify bugs.