概述

Arabic Threat Intelligence

The only Arabic-first OSINT and threat intelligence skill for OpenClaw. Works globally — not limited to any single country or region.

Why This Skill

99% of OSINT skills are English-only. Arabic-speaking analysts, security teams, and researchers lack native-language tooling. This skill bridges that gap with full bilingual (Arabic + English) support.

Commands

Monitor Telegram Channels

Use arabic-threat-intel channel hak994
Use arabic-threat-intel channel anyChannelName --lang both

Scrapes public Telegram channels. Returns posts with timestamps, auto-translates Hebrew/Farsi mentions.

Generate Threat Report

Use arabic-threat-intel report "critical infrastructure"
Use arabic-threat-intel report "ransomware" --lang both

Monitors tracked threat actor channels and generates a structured bilingual threat brief ready for leadership or SOC teams.

Dark Web Search

Use arabic-threat-intel darkweb "company name data leak"
Use arabic-threat-intel darkweb "اسم الشركة تسريب"

Searches dark web indexes via Tor. Accepts Arabic or English queries. Returns .onion links with risk assessment.

CT Log Subdomain Scan

Use arabic-threat-intel scan example.com
Use arabic-threat-intel scan target-domain.org

Passive subdomain discovery via Certificate Transparency logs (crt.sh). Flags takeover candidates, dev/test servers, VPN and admin panels.

Tracked Threat Groups

Group	Platform	Origin	Targeting
-------	----------	--------	-----------
Fatimion Cyber Team	Telegram @hak994	Iran	Infrastructure, Oil & Gas
313 Team	Telegram @xX313XxTeam	Iran	Government sites
Fattah Cyber	Telegram @fattah_irili	Iran	Tech, Media
Handala Hack	Web	Iran (MOIS)	Financial, Defense
Various APT34/MuddyWater	Multiple	Iran	Telecom, Energy

Output Options

Flag	Description
------	-------------
`--lang ar`	Arabic only (RTL output)
`--lang en`	English only
`--lang both`	Bilingual report (default)
`--region me`	Middle East focus
`--region africa`	Africa focus
`--region all`	Global (default)

Requirements

No API keys required for CT log scanning and Telegram monitoring
Optional: Tor for dark web search (service tor start)
Python 3.10+ (pre-installed with OpenClaw)

Use Cases

🔒 SOC teams monitoring Arabic-language threat actors
🕵️ OSINT investigators tracking dark web activity
📰 Journalists covering cybersecurity in the Middle East
🎓 Security researchers and students learning Arabic OSINT
🏢 Enterprise security teams with MENA exposure
🌍 Any analyst tracking Iran-linked APT groups globally

Security & Ethics

This skill performs passive OSINT only. All sources are publicly accessible:

Telegram public channels (t.me/s/)
Certificate Transparency logs (crt.sh)
Dark web search engines via Tor (Ahmia, OnionLand)

No active exploitation. No unauthorized scanning.

版本历史

共 1 个版本

v1.0.1 当前

2026-05-02 03:59 安全安全

安全检测

腾讯云安全 (Keen)

安全，无风险

查看报告

腾讯云安全 (Sanbu)