Sponsor

Use code SecuraBit_Tek05 for 5% off any SANS course in any format.

SANS is the most trusted and by far the largest source for information security training in the world

Security Videos
« Are you feeling lucky? | Main | Connectusers Adobe Leak - 223 passwords in 2 seconds »
Sunday
Nov252012

Automater 1.0 - Passive IP and URL Analysis

Update: Automater gets its own project page http://www.tekdefense.com/automater/

Description:
Automater is an IP and URL analysis tool that I created to assist analyst in pulling data quickly and passively in mass.  This is the first stable release of the tool.
Features:
IPVoid: Pulls blacklist, ISP, and Geo Location
Robtex: Pulls DNS information. *A records only.
Fortiguard: Pulls URL Categorization
Unshotren.me: Will determine if the URL is shortened.  If it is it will display the final destination.
URLVoid - Pulls IP Address, blacklist, ISP, Geo Location, Domain creation date.
Installation:
 1. Download from github: 
wget https://github.com/1aN0rmus/TekDefense/archive/master.tar.gz
 2. Unzip the file:
tar -xvcf master.tar.gz 
 3. Make executable:
cd TekDefense-master
chmod +x *
 4. Now you are ready to run!
*Required Libraries: httplib2, re, sys, argparse, urllib, urllib2
Examples:
Display help information
./Automater.py -h
./Automater.py -t 188.95.52.162
./Automater.py -t securitytube.net
./Automater.py -e bit.ly/XDlV1q
./Automater.py -f hostsss
./Automater.py -f hostsss -o host.out
Video Demo:
Known Bugs:
  • If the IP or URL has not been previously scanned at IPVoid or URLVoid, the script is supposed to submit the IP or URL and then pull results.  This seems to work most of the time, but on occasion it will not wait long enough to pull the appropriate result.  Running the command a second time will work though.
  • Can not use the -e and -f switch together.
  • URLs with http:// cannot be scanned.  Must take the http:// out for it to work.
  • Please submit any other bugs to 1aN0rmus@tekdefense.com

Upcoming Features:

 

  • For those who would like to be able to just query a specific engine or source such as robtex, we will be creating an option to do so.
  • Check IP and/or URL against Malwaredomainlist
  • Check IP and/or URL against malware sandboxes such as ThreatExpert.
  • Summary report that will give statistics on the targets highlighting the known bad information such as blacklists and malicious URL categories.
  • Please submit feature requests to 1aN0rmus@tekdefense.com

 

Reader Comments (1)

Looks interesting...its nice to stumble on automated methods of checking IP & shortened URLs.

December 10, 2012 | Unregistered CommenterFernando

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Post:
 
Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>