Automater

Automater es una herramienta OSINT para URL/Dominio, Dirección IP, Hash MD5 destinada a hacer el proceso de análisis más fácil para los analistas en intrusión. Definido un objetivo (URL, IP o Hash) o un lista completa de objetivos, Automater devolverá resultados relevantes desde fuentes como las siguientes: IPVoid.com, Robtex.com, Fortiguard.com, unshorten.me, Urlvoid.com, Labs.alienvault.com, ThreatExpert, VxVault, y VirusTotal.

https://github.com/1aN0rmus/TekDefense-Automater

k0sasp

Instalación

git clone https://github.com/1aN0rmus/TekDefense-Automater.git

Uso

Python Automater.py <target>

PoC

python Automater.py 37.221.161.215

[*] Checking https://robtex.com/37.221.161.215

[*] Checking http://www.fortiguard.com/ip_rep/index.php?data=37.221.161.215&lookup=Lookup

[*] Checking http://www.alienvault.com/apps/rep_monitor/ip/37.221.161.215

[*] Checking https://www.virustotal.com/en/ip-address/37.221.161.215/information/

[*] Checking http://www.ipvoid.com/scan/37.221.161.215

____________________ Results found for: 37.221.161.215 ____________________

[+] A records from Robtex.com: vm1033.gigaservers.net

[+] Fortinet URL Category: Unclassified

[+] Found in AlienVault reputation DB: http://www.alienvault.com/apps/rep_monitor/ip/37.221.161.215

No results found for: [+] pDNS data from VirusTotal:

[+] pDNS malicious URLs from VirusTotal: ('2013-12-03', 'http://37.221.161(.)215/')

[+] pDNS malicious URLs from VirusTotal: ('2013-11-30', 'http://37.221.161(.)215/')

[+] pDNS malicious URLs from VirusTotal: ('2013-11-29', 'http://37.221.161(.)215/crypted.exe%5B/')

No results found for: [+] Blacklist from IPVoid:

[+] ISP from IPvoid: Voxility S.R.L.

[+] Country from IPVoid: (RO) Romania

Referencias

• • http://www.tekdefense.com/automater/