explaingit

fastfire/deepdarkcti

6,868Audience · researcherComplexity · 1/5Setup · easy

TLDR

deepdarkCTI is a curated directory of deep web and dark web sources, Telegram channels, ransomware sites, criminal forums, and data leak sites, for cyber threat intelligence researchers to monitor.

Mindmap

mindmap
  root((deepdarkcti))
    Source types
      Telegram channels
      Criminal forums
      Ransomware sites
      Data leak sites
    Coverage
      Exploit databases
      Marketplaces
      Social media
    Community
      Private Telegram group
      GitHub contributions
    Audience
      CTI researchers
      Security analysts
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Things people build with this

USE CASE 1

Browse a curated list of dark web and Telegram sources to monitor for emerging cyber threats and criminal activity.

USE CASE 2

Use the included research methods guide to learn how to search and analyze dark web forums as a CTI newcomer.

USE CASE 3

Submit newly discovered threat intelligence sources to expand the directory via GitHub pull requests.

USE CASE 4

Track ransomware gangs and criminal forums as part of an organizational security monitoring program.

Getting it running

Difficulty · easy Time to first run · 5min

In plain English

deepdarkCTI is a curated collection of sources from the deep web and dark web that are relevant to Cyber Threat Intelligence work. Cyber Threat Intelligence, often called CTI, is the practice of gathering and analyzing information about potential threats so that organizations can better prepare for and respond to cyberattacks. This repository serves as a directory of those information sources rather than being a software tool itself. The sources tracked by the project span a wide range of online spaces where threat actors and cybercriminals operate, including Telegram channels, Discord servers, ransomware gang websites, criminal forums, data leak sites, marketplaces, exploit databases, and social media accounts. The goal is to give security researchers and analysts a single reference point for monitoring where threat-related activity and intelligence information tend to surface. The project includes a file called "methods" that describes techniques for searching and analyzing these sources, which can help practitioners who are newer to dark-web-based research understand how to approach the material. Contributors to the project and active CTI professionals can request access to a private Telegram group where new sources are proposed and research methods are discussed. There is also an official website at deepdarkcti.com. The project accepts donations, and the maintainer states those funds will be used transparently and exclusively for resources related to the project. Contributions of new sources can be submitted through the GitHub repository. This is primarily a research reference collection rather than a software application, so there is no code to install or run.

Copy-paste prompts

Prompt 1
Based on deepdarkCTI, list the most active Telegram channels for ransomware announcements and how to monitor them safely.
Prompt 2
Using deepdarkCTI's methods file, write a weekly workflow for a new CTI analyst to monitor dark web forums for threats to the financial sector.
Prompt 3
Which categories of sources in deepdarkCTI are most relevant for detecting early signs of a data breach affecting my company?
Prompt 4
Help me build a systematic monitoring checklist using deepdarkCTI sources for producing a weekly threat intelligence report.
Open on GitHub → Explain another repo

← fastfire on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.