Automater v2.0 – URL/Domain, IP Address, and Md5 Hash OSINT Tool

Automater is a URL/Domain, IP Address, and Md5 Hash OSINT tool aimed at making the analysis process easier for intrusion Analysts. Given a target (URL, IP, or HASH) or a file full of targets Automater will return relevant results from sources like the following: IPvoid.com, Robtex.com, Fortiguard.com, unshorten.me, Urlvoid.com, Labs.alienvault.com, ThreatExpert, VxVault, and VirusTotal.

*Automater is installed on HoneyDrive and Kali by default but currently have an outdated version.
Installation:
Automater comes in two  flavors, python script that will work for Linux or Windows, and an exe for Windows.
Windows:
The Windows client is currently in development. In the meantime the python code will work on Windows with a python 2.7 install
Linux:
As this is a python script you will need to ensure you have the correct version of python, which for this script is python 2.7. I used mostly standard libraries, but just incase you don’t have them, here are the libraries that are required: httplib2, re, sys, argparse, urllib, urllib2

With the python and the libraries out of the way, you can simply use git to clone the tekdefense code to your local machine.
git clone https://github.com/1aN0rmus/TekDefense-Automater.git

Usage:
Once installed the usage is pretty much the same across Windows, Linux, and Kali.

python Automater.py -h

or if you chmod +x Automater.py you can



./Automater.py -h

usage: Automater.py [-h] [-o OUTPUT] [-w WEB] [-c CSV] [-d DELAY] [-s SOURCE]

[--p]

target



IP, URL, and Hash Passive Analysis tool



positional arguments:

target List one IP Addresses, URL or Hash to query or pass

the filename of a file containing IP Addresses, URL or

Hash to query each separated by a newline.



optional arguments:

-h, --help show this help message and exit

-o OUTPUT, --output OUTPUT

This option will output the results to a file.

-w WEB, --web WEB This option will output the results to an HTML file.

-c CSV, --csv CSV This option will output the results to a CSV file.

-d DELAY, --delay DELAY

This will change the delay to the inputted seconds.

Default is 2.

-s SOURCE, --source SOURCE

This option will only run the target against a

specific source engine to pull associated domains.

Options are defined in the name attribute of the site

element in the XML configuration file

--p This option tells the program to post information to

sites that allow posting. By default the program will

NOT post to sites that require a post.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s