shadowdragonShadowDragon develops digital tools that simplify the complexities of modern investigations that involve multiple online environments and technologies. Developed by seasoned cyber investigators, these solutions strengthen the capabilities of in house teams by enabling the easy and safe collection, correlation and verification of diverse artifacts on the open, deep and dark web.

ShadowDragon tools were first developed by its sister cyber security company, Packet Ninjas. For nearly decade Packet Ninjas refined these applications for their own use in multi-national cases involving everything from cyber intrusions and corporate espionage, to advanced attribution and real time situational awareness. ShadowDragon was established in 2015 to license the tools to customers.

 Unleash your OSINT and push the envelope. 

devices mockup


The best OSINT data, on your terms.

purpose built

Purpose-built for investigations

Quickly create manual graphs or explore your investigativedatasets with purpose-built transforms through your browser.


leaner analysis

Full data access

secure storage

Flexible deployments

Cloud-based access means you can swiftly deploy access where you need it for on-the-ground investigations or team collaboration needs.

Leaner analysis

Unparalleled speed for unencumbered investigations and easy data storytelling at a moment’s notice

Secure Storage

Encrypted data at rest and two-factor authentication, so your case files remain secure

Designed for Investigations of Any Scale and Speed

Nothing should stand in the way of your objective, especially your link analysis platform. Horizon’s browser-based link analysis lets you do investigations your way. Easily create graphs to explore your hunches or dive deeply into data

Anti-Malware Investigations & Response

MalNet brings together the industry’s most extensive malware threat information from Proofpoint ET Intelligence with Maltego link analysis capabilities from ShadowDragon. MalNet enables incident responders, threat analysts and law enforcement to identify and visualize malware connections in just seconds to expedite investigations, response, and malware protection.

CaseStudy expose cyber espionage@2x

ClearSky and Trend Micro exposed CopyKittens as an active cyber espionage actor who has targeted governments and large companies in the United States, Europe and Middle East. MalNet was used to help identify an infrastructure that used known malware and newly uncovered code and tools.

CaseStudy uncover and attribute@2x

From 2016 – 2017, attackers used malware in continual attempts to breach IEC – Israel’s largest source of electrical power. Clearsky Security is investigating the attribution behind these attacks, using MalNet to support their process and attribute artifacts.