RAVEN listens to the dark. It returns what matters.
RAVEN doesn't just aggregate feeds. It understands natural language queries, fuses intelligence from 8 API sources and 6 dark web sources, deduplicates and enriches context, and delivers results through a conversational terminal interface. Ask it anything. It knows where to look.
Interprets operator questions in natural language. 10 query intents — from breach lookups and IOC enrichment to threat actor profiling and dark web monitoring. No rigid syntax. Just ask.
Shodan, Censys, VirusTotal, OTX, GreyNoise, AbuseIPDB, URLhaus, and Pulsedive. Structured threat intelligence from the surface web's best feeds, queried in parallel and correlated automatically.
Tor hidden services, paste sites, breach databases, dark web forums, ransomware leak sites, and marketplace monitoring. UNLEASHED-gated. Passive, dry run, or live Tor scraping.
Merges results from INTEL and DARK subsystems. Deduplicates findings, enriches context, scores confidence, and builds a unified intelligence picture from disparate sources.
Rich terminal interface for interactive threat intelligence sessions. Conversational flow — ask follow-up questions, drill into results, pivot across indicators. History and session persistence.
Feeds intelligence directly into ORION for reconnaissance, IDRIS for governance discovery, NEMESIS for reasoning validation, or any SIEM via structured JSON and STIX/TAXII export.
Background watchdog. 6 alert types — new breaches, credential leaks, dark web mentions, IOC changes, threat actor activity, and infrastructure shifts. Runs silently until something matters.
Cryptographic override. Private key controlled. One operator. Founder's machine only.
Passive API queries only. Surface web intelligence from 8 structured sources. No dark web access. No Tor traffic. No detection risk.
Simulates dark web collection. Shows what sources would be queried, what data would be retrieved. Ed25519 required. No Tor connections made.
Active dark web intelligence. Tor-routed scraping across 6 dark web sources. Real connections to hidden services. Full DARK subsystem engaged.
THIS TOOL IS FOR AUTHORISED SECURITY TESTING ONLY. EVERY EXECUTION IS SIGNED AND LOGGED.
7 subsystems. 8 intel sources. 6 dark web sources. Conversational interface. Ask anything. RAVEN knows where to look.