본문으로 바로가기

Automater.py

category Defensive Security/Linux 2013.04.11 21:38

TedDefense에서 만든 Python 코드 입니다. TekDefense에 대한 정보는 http://www.tekdefense.com/에 들어가 보시길 바랍니다.

Automater.py는 URL 또는 IP의 정보를 수집 및 분석하는 도구 입니다. 웹 기반 악성코드를 연구하는 입장에서 이만큼 깔끔한 도구는 없는 것 같습니다. 유포지의 서버가 어디에 위치해있고, 블랙리스트로 등록되었는지, 도메인은 언제 생성되었는지 등 정보를 수집할 수 있습니다. 또한 접합성이 좋은 Python으로 제작되어 활용도가 높을 것으로 예상됩니다.

URL, IP, Hash를 정보화 하여 수집하는 곳들은 (Minotaur, JoeBox , VxVBault, unshorten.me, IPvoid.com, Fortiguard.com, Urlvoid.com, Labs.aliencault.com, ThreatExpert, Rotex.com) 입니다.

Automater.py는 다음과 같은 기능을 가집니다.

  • URL / IP
  • Hash로 탐색
  • Shorten URL 유무
  • URL을 IP로 변환 / IP를 URL로 변환
  • Blacklist 유무
  • 위도 / 경도
  • 도시
  • Domain 생성 시간

설치

Kali Linux에서는 기본적으로 "apt-get install automater"로 설치가 가능하며, "git clone https://github.com/1aN0rmus/TekDefense/blob/master/Automater.py" 를 이용하여 설치 할 수 있습니다. 또한 Windows 계열에서도 사용하실 수 있습니다. - Download

Automater –h

root@kali:~# automater -h

___ _ _

/ _ \ | | | |

/ /_\ \_ _| |_ ___ _ __ ___ __ _| |_ ___ _ __

| _ | | | | __/ _ \| '_ ` _ \ / _` | __/ _ \ '__|

| | | | |_| | || (_) | | | | | | (_| | || __/ |

\_| |_/\__,_|\__\___/|_| |_| |_|\__,_|\__\___|_|

Welcome to Automater! I have created this tool to help analyst investigate IP Addresses and URLs with the common web based tools. All activity is passive so it will not alert attackers.

Web Tools used are: IPvoid.com, Robtex.com, Fortiguard.com, unshorten.me, Urlvoid.com, Labs.alienvault.com

www.TekDefense.com

@author: 1aN0rmus@TekDefense.com, Ian Ahl

Version 1.2

usage: automater [-h] [-t TARGET] [-f FILE] [-o OUTPUT] [-e EXPAND]

[-s SOURCE]

IP and URL Passive Analysis tool

optional arguments:

-h, --help show this help message and exit

-t TARGET, --target TARGET

List one IP Addresses to query. Does not support more

than one address.

-f FILE, --file FILE This option is used to import a file that contains IP

Addresses or URLs

-o OUTPUT, --output OUTPUT

This option will output the results to a file.

-e EXPAND, --expand EXPAND

This option will expand a shortened url using

unshort.me

-s SOURCE, --source SOURCE

This option will only run the target against a specific

source engine to pull associated domains. Options are

robtex, ipvoid, fortinet, urlvoid, alienvault

root@kali:~#

 

Automater –t URL

root@kali:~# automater -t www.google.co.kr

___ _ _

/ _ \ | | | |

/ /_\ \_ _| |_ ___ _ __ ___ __ _| |_ ___ _ __

| _ | | | | __/ _ \| '_ ` _ \ / _` | __/ _ \ '__|

| | | | |_| | || (_) | | | | | | (_| | || __/ |

\_| |_/\__,_|\__\___/|_| |_| |_|\__,_|\__\___|_|

Welcome to Automater! I have created this tool to help analyst investigate IP Addresses and URLs with the common web based tools. All activity is passive so it will not alert attackers.

Web Tools used are: IPvoid.com, Robtex.com, Fortiguard.com, unshorten.me, Urlvoid.com, Labs.alienvault.com

www.TekDefense.com

@author: 1aN0rmus@TekDefense.com, Ian Ahl

Version 1.2

--------------------------------

[*] www.google.co.kr is a URL.

[*] Running URL toolset

[-] www.google.co.kr is not a recognized shortened URL.

[*] Scanning host now on URLVoid.com. May take a few seconds.

[+] Host IP Address is 173.194.35.151

[-] IP is not listed in a blacklist

[+] Latitude / Longitude: 37.4192 / -122.057

[+] Country: (US) United States

[+] Domain creation date: Unknown

[-] FortiGuard URL Categorization: Uncategorized

 

Automater –t IP

root@kali:~# automater -t 10.10.10.10

___ _ _

/ _ \ | | | |

/ /_\ \_ _| |_ ___ _ __ ___ __ _| |_ ___ _ __

| _ | | | | __/ _ \| '_ ` _ \ / _` | __/ _ \ '__|

| | | | |_| | || (_) | | | | | | (_| | || __/ |

\_| |_/\__,_|\__\___/|_| |_| |_|\__,_|\__\___|_|

Welcome to Automater! I have created this tool to help analyst investigate IP Addresses and URLs with the common web based tools. All activity is passive so it will not alert attackers.

Web Tools used are: IPvoid.com, Robtex.com, Fortiguard.com, unshorten.me, Urlvoid.com, Labs.alienvault.com

www.TekDefense.com

@author: 1aN0rmus@TekDefense.com, Ian Ahl

Version 1.2

--------------------------------

[*] 10.10.10.10 is an IP.

[*] Running IP toolset

[+] A records from Robtex: 0.62657468796473407961686f6f2e636f6d40message.flimeabbalma.co.cc

[+] A records from Robtex: 0.62657468796473407961686f6f2e636f6d40message.serveseo.co.cc

[+] A records from Robtex: 21280605.servehttp.com

[+] A records from Robtex: 2945.static.losangelesengineer.co.cc

[+] A records from Robtex: 2daygadget.co.cc

[+] A records from Robtex: 62657468796473407961686f6f2e636f6d40message.healthdietplan.co.cc

[+] A records from Robtex: a026.ap.floridacollege.co.cc

[+] A records from Robtex: abcnews.newyorknursingschools.co.cc

[+] A records from Robtex: aixjuldx.co.cc

[+] A records from Robtex: anti.cindai.web.id

[+] A records from Robtex: ardownload.healthdietplan.co.cc

[+] A records from Robtex: asia-red.georgiacolleges.co.cc

[+] A records from Robtex: aswebhosting.co.cc

[+] A records from Robtex: birthvara.co.cc

[+] A records from Robtex: brokerdirect.com

[+] A records from Robtex: butyv.co.cc

[+] A records from Robtex: bz2.amanterkendali.co.cc

[+] A records from Robtex: calre1.com

[+] A records from Robtex: cf.safediet.co.cc

[+] A records from Robtex: cfg.oshama.co.cc

[+] A records from Robtex: cheap-ipod-nano.co.cc

[+] A records from Robtex: cheapautomaticespressomachine.co.cc

[+] A records from Robtex: chinhdo.georgiacolleges.co.cc

[+] A records from Robtex: city.canaletv.co.cc

[+] A records from Robtex: cns2.resetorigin.co.cc

[+] A records from Robtex: com2fhttp3awww.diamondnice.co.cc

[+] A records from Robtex: come.view-pictures.apartmaji-kobla.co.cc

[+] A records from Robtex: come.view-pictures.arizonacolleges.co.cc

[+] A records from Robtex: condingmee.co.cc

[+] A records from Robtex: cookerverycheap.co.cc

[+] A records from Robtex: corp.ds.culinaryarteducation.co.cc

[+] A records from Robtex: dns1.georgiacolleges.co.cc

[+] A records from Robtex: docjohnsonvibratorsbuy1.co.cc

[+] A records from Robtex: ds.newyorknursingschools.co.cc

[+] A records from Robtex: e-how.co.cc

[+] A records from Robtex: euro.article4all.co.cc

[+] A records from Robtex: ff.resetorigin.co.cc

[+] A records from Robtex: freenaturewallpaper.co.cc

[+] A records from Robtex: gator880.socialtweet.co.cc

[+] A records from Robtex: ge-energyjobs.co.cc

[+] A records from Robtex: get-taller.co.cc

[+] A records from Robtex: gtaproductions.co.cc

[+] A records from Robtex: guarantytrust-uk.co.cc

[+] A records from Robtex: htmlwww.floridacollege.co.cc

[+] A records from Robtex: ieieizil70.co.cc

[+] A records from Robtex: ifxaffiliate.com

[+] A records from Robtex: inktest.amanterkendali.co.cc

[+] A records from Robtex: inktest.oshama.co.cc

[+] A records from Robtex: ipma.www.causescerebralpalsy.co.cc

[+] A records from Robtex: jjjfg.co.cc

[+] A records from Robtex: latinica.socialtweet.co.cc

[+] A records from Robtex: mail.abbsza.com

[+] A records from Robtex: mail.bestdealnetbooks.co.cc

[+] A records from Robtex: mail.blackbolt.co.cc

[+] A records from Robtex: mail.dealermedia.co.cc

[+] A records from Robtex: mail.dietaisvekla.co.cc

[+] A records from Robtex: mail.panther.it

[+] A records from Robtex: mail.traderbase.info

[+] A records from Robtex: mail.transport2000-office.org.uk

[+] A records from Robtex: mail20.detox--diet.co.cc

[+] A records from Robtex: mail20.master-tools.co.cc

[+] A records from Robtex: mail3.newyorknursingschools.co.cc

[+] A records from Robtex: mailmx4.canaletv.co.cc

[+] A records from Robtex: mitsubishihc4000hddlpprojector.co.cc

[+] A records from Robtex: mm138.co.cc

[+] A records from Robtex: monteso.co.cc

[+] A records from Robtex: mx1.semaeb.com

[+] A records from Robtex: mx2.semerap.net

[+] A records from Robtex: nayachitwan.co.cc

[+] A records from Robtex: newreports.floridacollege.co.cc

[+] A records from Robtex: news.xn--o3cohfabsn9a8cihdgu4r.co.cc

[+] A records from Robtex: ns1.losangelesengineer.co.cc

[+] A records from Robtex: obral-obrol.co.cc

[+] A records from Robtex: origin-www.detox--diet.co.cc

[+] A records from Robtex: pinebedsidetables.co.cc

[+] A records from Robtex: postmaster.mefreehost.co.cc

[+] A records from Robtex: prs.cingular.culinaryarteducation.co.cc

[+] A records from Robtex: radio.floridacollege.co.cc

[+] A records from Robtex: rearprojectionhdtv.co.cc

[+] A records from Robtex: reverse.gdsz.georgiacolleges.co.cc

[+] A records from Robtex: riapaewarmcooksbm.co.cc

[+] A records from Robtex: rocker.redirectme.net

[+] A records from Robtex: saiclevaps1s.co.cc

[+] A records from Robtex: sarek.com

[+] A records from Robtex: scesniasay3u.co.cc

[+] A records from Robtex: siidosantv.co.cc

[+] A records from Robtex: spousta.com

[+] A records from Robtex: steamshowers.co.cc

[+] A records from Robtex: symbah.co.cc

[+] A records from Robtex: tdlab.ca

[+] A records from Robtex: tgces.co.cc

[+] A records from Robtex: tuwbwd.co.cc

[+] A records from Robtex: vegasslotcasino.us

[+] A records from Robtex: view-pictures.fennyshop.co.cc

[+] A records from Robtex: virgilio.newyorkengineercollege.co.cc

[+] A records from Robtex: visionbirdcages.co.cc

[+] A records from Robtex: web14.www.keyzedblog.co.cc

[+] A records from Robtex: www.playguitr.co.cc

[+] A records from Robtex: www.xn--ferienwohnungen-rgen-5ec.net

[*] Scanning host now on IPVoid.com. May take a few seconds.

[-] IP is not listed in a blacklist

[-] No ISP listed

[-] No GEO location listed

[-] FortiGuard URL Categorization: Uncategorized

[-] IP is not listed in AlienVault IP reputation database

신고

'Defensive Security > Linux' 카테고리의 다른 글

intro  (0) 2013.05.08
Python Spider, Web Crawler, Bot Examples  (0) 2013.05.02
Automater.py  (1) 2013.04.11
Honeyspider Network 2  (1) 2013.04.11
How to install Kali Linux on Virtualbox Guest Additions  (2) 2013.03.15
BackTrack5 Reborn Kali Linux 간략정리  (0) 2013.03.14

댓글을 달아 주세요

  1. 나그네 신고">2013.04.17 11:20 신고

    일을 하다가 의심하는 아이피에 대한 정보를 조회하기에 좋은 툴인 것 같습니다.
    감사합니다.

티스토리 툴바