Automater v2.0 - URL/Domain, IP Address, and Md5 Hash OSINT Tool

Sunday, June 15, 2014


Automater is a URL/Domain, IP Address, and Md5 Hash OSINT tool aimed at making the analysis process easier for intrusion Analysts. Given a target (URL, IP, or HASH) or a file full of targets Automater will return relevant results from sources like the following: IPvoid.com, Robtex.com, Fortiguard.com, unshorten.me, Urlvoid.com, Labs.alienvault.com, ThreatExpert, VxVault, and VirusTotal.

*Automater is installed on HoneyDrive and Kali by default but currently have an outdated version.

Installation:
Automater comes in two  flavors, python script that will work for Linux or Windows, and an exe for Windows.

Windows:
The Windows client is currently in development. In the meantime the python code will work on Windows with a python 2.7 install

Linux:
As this is a python script you will need to ensure you have the correct version of python, which for this script is python 2.7. I used mostly standard libraries, but just incase you don't have them, here are the libraries that are required: httplib2, re, sys, argparse, urllib, urllib2

With the python and the libraries out of the way, you can simply use git to clone the tekdefense code to your local machine.
git clone https://github.com/1aN0rmus/TekDefense-Automater.git

Usage:
Once installed the usage is pretty much the same across Windows, Linux, and Kali.
python Automater.py -h

or if you chmod +x Automater.py you can


    ./Automater.py -h

    usage: Automater.py [-h] [-o OUTPUT] [-w WEB] [-c CSV] [-d DELAY] [-s SOURCE]

                        [--p]

                        target

     

    IP, URL, and Hash Passive Analysis tool

     

    positional arguments:

      target                List one IP Addresses, URL or Hash to query or pass

                            the filename of a file containing IP Addresses, URL or

                            Hash to query each separated by a newline.

     

    optional arguments:

      -h, --help            show this help message and exit

      -o OUTPUT, --output OUTPUT

                            This option will output the results to a file.

      -w WEB, --web WEB     This option will output the results to an HTML file.

      -c CSV, --csv CSV     This option will output the results to a CSV file.

      -d DELAY, --delay DELAY

                            This will change the delay to the inputted seconds.

                            Default is 2.

      -s SOURCE, --source SOURCE

                            This option will only run the target against a

                            specific source engine to pull associated domains.

                            Options are defined in the name attribute of the site

                            element in the XML configuration file

      --p                   This option tells the program to post information to

                            sites that allow posting. By default the program will

                            NOT post to sites that require a post.  




Subscribe via e-mail for updates!