IOCLens - Threat Intel Enrichment

Instant threat intelligence for SOC Analysts. Enrich IPs & domains via VirusTotal, Shodan and 7+ other sources securely.

Eliminate "Tab Fatigue" and investigate threats faster. IOCLens is a browser assistant for SOC Analysts and Incident Responders. It integrates threat intelligence directly into your workflow, allowing you to enrich Indicators of Compromise (IPs, domains, hashes) without leaving your current page. Core Capabilities: 📍 Instant Contextual Analysis Highlight any IP or domain, right-click, and get immediate results via our sidebar. 📍 Multi-Source Aggregation Instead of checking services one by one, get a unified view from industry-standard providers. Supported integrations include VirusTotal, GreyNoise, and AbuseIPDB, alongside scanning engines like URLhaus and ThreatFox. 📍 Threat Scoring System v3.0 Our hierarchical decision-tree algorithm provides accurate threat assessments based on priority rules, helping you triage alerts instantly. 📍 Privacy First (Zero-Telemetry) Built by an analyst for analysts. Your requests go directly from your browser to the API providers. We do not collect your search history. Two Tiers to Fit Your Workflow: 🛡️ FREE Tier (Zero Config) Start investigating immediately with open sources: Reputation Scanning: Access multi-engine verdicts standard in the industry. Network Intelligence: View open ports, CVEs, and technologies via InternetDB. Noise Reduction: Identify internet scanners via GreyNoise Community. Geolocation: Fast and reliable IP data. 🚀 PRO Tier (Advanced) Plug in your own API keys for deep-dive investigations: Advanced Threat Intel: Unlock full access to AbuseIPDB and Shodan. Malware Hunting: Get critical alerts from URLhaus and ThreatFox. SIEM Ready: Export your results in JSON/CSV for your ticketing systems. Privacy & Security: Direct API Calls: Keys are used locally; no middleman servers. Secure Storage: API keys are encrypted (AES-GCM) on your device. Manifest V3: Compliant with the latest Chrome security standards.