Automater is a URL/Domain, IP Address, and Md5 Hash OSINT tool aimed at making the analysis process easier for intrusion Analysts. Given a target (URL, IP, or HASH) or a file full of targets Automater will return relevant results from sources like the following: IPvoid.com, Robtex.com, Fortiguard.com, unshorten.me, Urlvoid.com, Labs.alienvault.com, ThreatExpert, VxVault, and VirusTotal.
*Automater is installed on HoneyDrive and Kali by default but currently have an outdated version.
Installation:
Automater comes in two flavors, python script that will work for Linux or Windows, and an exe for Windows.
Windows:
The Windows client is currently in development. In the meantime the python code will work on Windows with a python 2.7 install
Linux:
As this is a python script you will need to ensure you have the correct version of python, which for this script is python 2.7. I used mostly standard libraries, but just incase you don't have them, here are the libraries that are required: httplib2, re, sys, argparse, urllib, urllib2
With the python and the libraries out of the way, you can simply use git to clone the tekdefense code to your local machine.
git clone https://github.com/1aN0rmus/TekDefense-Automater.git
Usage:
Once installed the usage is pretty much the same across Windows, Linux, and Kali.
python Automater.py -h
or if you chmod +x Automater.py you can
./Automater.py -h
usage: Automater.py [-h] [-o OUTPUT] [-w WEB] [-c CSV] [-d DELAY] [-s SOURCE]
[--p]
target
IP, URL, and Hash Passive Analysis tool
positional arguments:
target List one IP Addresses, URL or Hash to query or pass
the filename of a file containing IP Addresses, URL or
Hash to query each separated by a newline.
optional arguments:
-h, --help show this help message and exit
-o OUTPUT, --output OUTPUT
This option will output the results to a file.
-w WEB, --web WEB This option will output the results to an HTML file.
-c CSV, --csv CSV This option will output the results to a CSV file.
-d DELAY, --delay DELAY
This will change the delay to the inputted seconds.
Default is 2.
-s SOURCE, --source SOURCE
This option will only run the target against a
specific source engine to pull associated domains.
Options are defined in the name attribute of the site
element in the XML configuration file
--p This option tells the program to post information to
sites that allow posting. By default the program will
NOT post to sites that require a post.