🔍 Analise de ameacas com engine hibrido Python + Rust. Consulta IOCs, varre repositorios, gera relatorios e cria resumos com IA local.
🔍 Threat analysis with hybrid Python + Rust engine. Queries IOCs, scans repositories, generates reports and creates summaries with local AI.
📥 Baixar / Download » | 📖 Documentacao / Docs »
⭐ De uma estrela se te ajudou! / Star if it helped you!
- Analise de IOCs via VirusTotal, AbuseIPDB, Shodan, URLHaus
- Varredura de repositorios GitHub/GitLab (segredos, backdoors, dependencias maliciosas)
- Reputacao de arquivos por hash SHA256
- 46 regras de deteccao para segredos, crypto miners, SSRF, reverse shells e mais
- Rust engine de alta performance via PyO3
- IA local com Ollama (nenhum dado sai da sua maquina)
- GUI + CLI bilingues (PT-BR / EN-US)
- Relatorios em Excel e PDF
Baixe o binario da pagina de Releases e execute:
Windows: clique duplo em ThreatDeflect-GUI-Windows.exe
Linux:
chmod +x ThreatDeflect-GUI-Linux
./ThreatDeflect-GUI-Linux
# opcional: mover para o PATH
sudo mv ThreatDeflect-GUI-Linux /usr/local/bin/threatdeflectmacOS:
xattr -cr ThreatDeflect-GUI-macOS
./ThreatDeflect-GUI-macOSCom uv (recomendado):
git clone https://github.com/DevGreick/ThreatDeflect.git
cd ThreatDeflect
uv sync
uv run threatdeflect --help
uv run threatdeflect-guiCom pip:
git clone https://github.com/DevGreick/ThreatDeflect.git
cd ThreatDeflect
python3 -m venv .venv
source .venv/bin/activate # Windows: .venv\Scripts\activate
pip install -r requirements.txt
pip install -e .Para topicos avancados (Rust engine, regras customizadas, Ollama), consulte a Documentacao completa.
Apenas o VirusTotal e obrigatorio. As demais ampliam a cobertura de analise.
| Servico | Obrigatorio | Limite gratuito | Onde obter |
|---|---|---|---|
| VirusTotal | Sim | 500 req/dia | virustotal.com → perfil → API Key |
| GitHub | Recomendado | 5.000 req/h | github.com/settings/tokens (public read) |
| GitLab | Recomendado | — | Settings → Access Tokens → read_api |
| AbuseIPDB | Opcional | 1.000 checks/dia | abuseipdb.com → API |
| Shodan | Opcional | Limitado | shodan.io → dashboard |
| URLHaus | Opcional | Ilimitado | Gratuito, sem autenticacao |
| MalwareBazaar | Opcional | Ilimitado | Gratuito, sem autenticacao |
Configurando via CLI:
threatdeflect config set virustotal SUA_CHAVE
threatdeflect config set abuseipdb SUA_CHAVE
threatdeflect config set shodan SUA_CHAVE
threatdeflect config set github SEU_TOKEN
threatdeflect config set gitlab SEU_TOKENOu via GUI: Configuracoes → Aba "API Keys" → cole as chaves nos campos correspondentes.
As chaves ficam armazenadas no keyring do sistema operacional (Windows Credential Locker, macOS Keychain, Linux Secret Service).
# alvo unico
threatdeflect ioc 8.8.8.8
# multiplos alvos
threatdeflect ioc 8.8.8.8 1.1.1.1 https://dominio-suspeito.com
# a partir de arquivo (um alvo por linha)
threatdeflect ioc -f targets.txt -o relatorio.xlsx
# com resumo por IA local
threatdeflect ioc -f targets.txt --ai llama3threatdeflect file suspeito.exe
threatdeflect file malware.dll trojan.pdf --ai llama3 -o auditoria.xlsxNenhum arquivo e enviado a verificacao e feita apenas pelo hash SHA256.
threatdeflect repo https://github.com/org/repo
threatdeflect repo https://github.com/org/repo https://gitlab.com/org/repo2 --ai mistralthreatdeflect config showCom Ollama instalado, o ThreatDeflect gera resumos executivos dos relatorios sem enviar dados para a nuvem:
ollama pull llama3
threatdeflect ioc -f targets.txt --ai llama3O detection engine e publicado como crate independente no crates.io, permitindo integracao direta em projetos Rust sem depender do Python:
[dependencies]
threatdeflect-core = "0.1"use threatdeflect_core::SecretAnalyzer;
let rules = vec![("AWS Key".to_string(), r"AKIA[0-9A-Z]{16}".to_string())];
let analyzer = SecretAnalyzer::new(rules, vec![])?;
let result = analyzer.analyze_content("key = AKIAIOSFODNN7EXAMPLE1", "config.py", "config.py");Documentacao da crate: docs.rs/threatdeflect-core
- IOC analysis via VirusTotal, AbuseIPDB, Shodan, URLHaus
- Repository scanning on GitHub/GitLab (secrets, backdoors, malicious dependencies)
- File reputation by SHA256 hash
- 46 detection rules for secrets, crypto miners, SSRF, reverse shells and more
- High-performance Rust engine via PyO3
- Local AI with Ollama (no data leaves your machine)
- GUI + CLI bilingual (PT-BR / EN-US)
- Reports in Excel and PDF
Download the binary from the Releases page and run:
Windows: double-click ThreatDeflect-GUI-Windows.exe
Linux:
chmod +x ThreatDeflect-GUI-Linux
./ThreatDeflect-GUI-Linux
# optional: move to PATH
sudo mv ThreatDeflect-GUI-Linux /usr/local/bin/threatdeflectmacOS:
xattr -cr ThreatDeflect-GUI-macOS
./ThreatDeflect-GUI-macOSWith uv (recommended):
git clone https://github.com/DevGreick/ThreatDeflect.git
cd ThreatDeflect
uv sync
uv run threatdeflect --help
uv run threatdeflect-guiWith pip:
git clone https://github.com/DevGreick/ThreatDeflect.git
cd ThreatDeflect
python3 -m venv .venv
source .venv/bin/activate # Windows: .venv\Scripts\activate
pip install -r requirements.txt
pip install -e .For advanced topics (Rust engine, custom rules, Ollama), see the Full documentation.
Only VirusTotal is required. The others extend analysis coverage.
| Service | Required | Free tier | Where to get |
|---|---|---|---|
| VirusTotal | Yes | 500 req/day | virustotal.com → profile → API Key |
| GitHub | Recommended | 5,000 req/h | github.com/settings/tokens (public read) |
| GitLab | Recommended | — | Settings → Access Tokens → read_api |
| AbuseIPDB | Optional | 1,000 checks/day | abuseipdb.com → API |
| Shodan | Optional | Limited | shodan.io → dashboard |
| URLHaus | Optional | Unlimited | Free, no authentication |
| MalwareBazaar | Optional | Unlimited | Free, no authentication |
Configure via CLI:
threatdeflect config set virustotal YOUR_KEY
threatdeflect config set abuseipdb YOUR_KEY
threatdeflect config set shodan YOUR_KEY
threatdeflect config set github YOUR_TOKEN
threatdeflect config set gitlab YOUR_TOKENOr via GUI: Settings → "API Keys" tab → paste your keys in the corresponding fields.
Keys are stored in the OS keyring (Windows Credential Locker, macOS Keychain, Linux Secret Service).
# single target
threatdeflect ioc 8.8.8.8
# multiple targets
threatdeflect ioc 8.8.8.8 1.1.1.1 https://suspicious-domain.com
# from file (one target per line)
threatdeflect ioc -f targets.txt -o report.xlsx
# with local AI summary
threatdeflect ioc -f targets.txt --ai llama3threatdeflect file suspicious.exe
threatdeflect file malware.dll trojan.pdf --ai llama3 -o audit.xlsxNo file is uploaded — verification is done by SHA256 hash only.
threatdeflect repo https://github.com/org/repo
threatdeflect repo https://github.com/org/repo https://gitlab.com/org/repo2 --ai mistralthreatdeflect config showWith Ollama installed, ThreatDeflect generates executive summaries without sending data to the cloud:
ollama pull llama3
threatdeflect ioc -f targets.txt --ai llama3The detection engine is published as an independent crate on crates.io, enabling direct integration in Rust projects without Python:
[dependencies]
threatdeflect-core = "0.1"use threatdeflect_core::SecretAnalyzer;
let rules = vec![("AWS Key".to_string(), r"AKIA[0-9A-Z]{16}".to_string())];
let analyzer = SecretAnalyzer::new(rules, vec![])?;
let result = analyzer.analyze_content("key = AKIAIOSFODNN7EXAMPLE1", "config.py", "config.py");Crate documentation: docs.rs/threatdeflect-core
GPLv3. See LICENSE.