Taranis NG is an OSINT gathering and analysis tool for CSIRT teams and organisations. It allows osint gathering, analysis and reporting; team-to-team collaboration; and contains a user portal for simple self asset management.
Taranis crawls various data sources such as web sites or tweets to gather unstructured news items. These are processed by analysts to create structured report items, which are used to create products such as PDF files, which are finally published.
|Collector||web||crawl web sites|
|atom||read atom feeds|
|rss||read RSS feeds|
|slack||read Slack messages|
|manual entry||enter news item manually|
|scheduled tasks||populate feed automatically|
|Presenter||create a PDF file|
|text||create plain text from template|
|html||create HTML from template|
|misp||create MISP event JSON|
|ftp||upload to FTP|
|misp||create MISP event|
|wordpress||publish to WordPress|
|Bot||analyst||extract attributes from text by regular expressions|
|grouping||group similar items in the news feed|
|wordlist_updater||update word lists used for matching|
- src/ - TaranisNG source code:
- Core is the REST API, the central component of Taranis NG
- GUI is the web user interface
- Collectors retrieve OSINT information from various sources (such as web, twitter, email, atom, rss, slack, and more) and create news items.
- Presenters convert report items to products such as PDF.
- Publishers upload the products to external places such as e-mail, a WordPress web site, etc.
- Bots are used for automated data processing. Think of them as robotic analysts.
- Common is a shared directory for core, publishers, collectors, presenters.
- ansible/ - Playbooks, roles, files and inventory to support easy deployment through Ansible
- docker/ - Support files for Docker image creation and example docker-compose file