Automater is a URL/Domain, IP Address, and Md5 Hash OSINT tool aimed at making the analysis process easier for intrusion Analysts. Given a target (URL, IP, or HASH) or a file full of targets Automater will return relevant results from sources like the following: IPvoid.com, Robtex.com, Fortiguard.com, unshorten.me, Urlvoid.com, Labs.alienvault.com, ThreatExpert, VxVault, and VirusTotal.
Automater comes in two flavors, python script that will work for Linux or Windows, and an exe for Windows.
The Windows client is currently in development. In the meantime the python code will work on Windows with a python 2.7 install
As this is a python script you will need to ensure you have the correct version of python, which for this script is python 2.7. I used mostly standard libraries, but just incase you don’t have them, here are the libraries that are required: httplib2, re, sys, argparse, urllib, urllib2
With the python and the libraries out of the way, you can simply use git to clone the tekdefense code to your local machine.
git clone https://github.com/1aN0rmus/TekDefense-Automater.git
Once installed the usage is pretty much the same across Windows, Linux, and Kali.
python Automater.py -h
or if you chmod +x Automater.py you can
usage: Automater.py [-h] [-o OUTPUT] [-w WEB] [-c CSV] [-d DELAY] [-s SOURCE]
IP, URL, and Hash Passive Analysis tool
target List one IP Addresses, URL or Hash to query or pass
the filename of a file containing IP Addresses, URL or
Hash to query each separated by a newline.
-h, --help show this help message and exit
-o OUTPUT, --output OUTPUT
This option will output the results to a file.
-w WEB, --web WEB This option will output the results to an HTML file.
-c CSV, --csv CSV This option will output the results to a CSV file.
-d DELAY, --delay DELAY
This will change the delay to the inputted seconds.
Default is 2.
-s SOURCE, --source SOURCE
This option will only run the target against a
specific source engine to pull associated domains.
Options are defined in the name attribute of the site
element in the XML configuration file
--p This option tells the program to post information to
sites that allow posting. By default the program will
NOT post to sites that require a post.