TedDefense에서 만든 Python 코드 입니다. TekDefense에 대한 정보는 http://www.tekdefense.com/에 들어가 보시길 바랍니다.
Automater.py는 URL 또는 IP의 정보를 수집 및 분석하는 도구 입니다. 웹 기반 악성코드를 연구하는 입장에서 이만큼 깔끔한 도구는 없는 것 같습니다. 유포지의 서버가 어디에 위치해있고, 블랙리스트로 등록되었는지, 도메인은 언제 생성되었는지 등 정보를 수집할 수 있습니다. 또한 접합성이 좋은 Python으로 제작되어 활용도가 높을 것으로 예상됩니다.
URL, IP, Hash를 정보화 하여 수집하는 곳들은 (Minotaur, JoeBox , VxVBault, unshorten.me, IPvoid.com, Fortiguard.com, Urlvoid.com, Labs.aliencault.com, ThreatExpert, Rotex.com) 입니다.
Automater.py는 다음과 같은 기능을 가집니다.
- URL / IP
- Hash로 탐색
- Shorten URL 유무
- URL을 IP로 변환 / IP를 URL로 변환
- Blacklist 유무
- 위도 / 경도
- 도시
- Domain 생성 시간
설치
Kali Linux에서는 기본적으로 "apt-get install automater"로 설치가 가능하며, "git clone https://github.com/1aN0rmus/TekDefense/blob/master/Automater.py" 를 이용하여 설치 할 수 있습니다. 또한 Windows 계열에서도 사용하실 수 있습니다. - Download
Automater –h
root@kali:~# automater -h ___ _ _ / _ \ | | | | / /_\ \_ _| |_ ___ _ __ ___ __ _| |_ ___ _ __ | _ | | | | __/ _ \| '_ ` _ \ / _` | __/ _ \ '__| | | | | |_| | || (_) | | | | | | (_| | || __/ | \_| |_/\__,_|\__\___/|_| |_| |_|\__,_|\__\___|_| Welcome to Automater! I have created this tool to help analyst investigate IP Addresses and URLs with the common web based tools. All activity is passive so it will not alert attackers. Web Tools used are: IPvoid.com, Robtex.com, Fortiguard.com, unshorten.me, Urlvoid.com, Labs.alienvault.com www.TekDefense.com @author: 1aN0rmus@TekDefense.com, Ian Ahl Version 1.2 usage: automater [-h] [-t TARGET] [-f FILE] [-o OUTPUT] [-e EXPAND] [-s SOURCE] IP and URL Passive Analysis tool optional arguments: -h, --help show this help message and exit -t TARGET, --target TARGET List one IP Addresses to query. Does not support more than one address. -f FILE, --file FILE This option is used to import a file that contains IP Addresses or URLs -o OUTPUT, --output OUTPUT This option will output the results to a file. -e EXPAND, --expand EXPAND This option will expand a shortened url using unshort.me -s SOURCE, --source SOURCE This option will only run the target against a specific source engine to pull associated domains. Options are robtex, ipvoid, fortinet, urlvoid, alienvault root@kali:~# |
Automater –t URL
root@kali:~# automater -t www.google.co.kr ___ _ _ / _ \ | | | | / /_\ \_ _| |_ ___ _ __ ___ __ _| |_ ___ _ __ | _ | | | | __/ _ \| '_ ` _ \ / _` | __/ _ \ '__| | | | | |_| | || (_) | | | | | | (_| | || __/ | \_| |_/\__,_|\__\___/|_| |_| |_|\__,_|\__\___|_| Welcome to Automater! I have created this tool to help analyst investigate IP Addresses and URLs with the common web based tools. All activity is passive so it will not alert attackers. Web Tools used are: IPvoid.com, Robtex.com, Fortiguard.com, unshorten.me, Urlvoid.com, Labs.alienvault.com www.TekDefense.com @author: 1aN0rmus@TekDefense.com, Ian Ahl Version 1.2 -------------------------------- [*] www.google.co.kr is a URL. [*] Running URL toolset [-] www.google.co.kr is not a recognized shortened URL. [*] Scanning host now on URLVoid.com. May take a few seconds. [+] Host IP Address is 173.194.35.151 [-] IP is not listed in a blacklist [+] Latitude / Longitude: 37.4192 / -122.057 [+] Country: (US) United States [+] Domain creation date: Unknown [-] FortiGuard URL Categorization: Uncategorized |
Automater –t IP
root@kali:~# automater -t 10.10.10.10 ___ _ _ / _ \ | | | | / /_\ \_ _| |_ ___ _ __ ___ __ _| |_ ___ _ __ | _ | | | | __/ _ \| '_ ` _ \ / _` | __/ _ \ '__| | | | | |_| | || (_) | | | | | | (_| | || __/ | \_| |_/\__,_|\__\___/|_| |_| |_|\__,_|\__\___|_| Welcome to Automater! I have created this tool to help analyst investigate IP Addresses and URLs with the common web based tools. All activity is passive so it will not alert attackers. Web Tools used are: IPvoid.com, Robtex.com, Fortiguard.com, unshorten.me, Urlvoid.com, Labs.alienvault.com www.TekDefense.com @author: 1aN0rmus@TekDefense.com, Ian Ahl Version 1.2 -------------------------------- [*] 10.10.10.10 is an IP. [*] Running IP toolset [+] A records from Robtex: 0.62657468796473407961686f6f2e636f6d40message.flimeabbalma.co.cc [+] A records from Robtex: 0.62657468796473407961686f6f2e636f6d40message.serveseo.co.cc [+] A records from Robtex: 21280605.servehttp.com [+] A records from Robtex: 2945.static.losangelesengineer.co.cc [+] A records from Robtex: 2daygadget.co.cc [+] A records from Robtex: 62657468796473407961686f6f2e636f6d40message.healthdietplan.co.cc [+] A records from Robtex: a026.ap.floridacollege.co.cc [+] A records from Robtex: abcnews.newyorknursingschools.co.cc [+] A records from Robtex: aixjuldx.co.cc [+] A records from Robtex: anti.cindai.web.id [+] A records from Robtex: ardownload.healthdietplan.co.cc [+] A records from Robtex: asia-red.georgiacolleges.co.cc [+] A records from Robtex: aswebhosting.co.cc [+] A records from Robtex: birthvara.co.cc [+] A records from Robtex: brokerdirect.com [+] A records from Robtex: butyv.co.cc [+] A records from Robtex: bz2.amanterkendali.co.cc [+] A records from Robtex: calre1.com [+] A records from Robtex: cf.safediet.co.cc [+] A records from Robtex: cfg.oshama.co.cc [+] A records from Robtex: cheap-ipod-nano.co.cc [+] A records from Robtex: cheapautomaticespressomachine.co.cc [+] A records from Robtex: chinhdo.georgiacolleges.co.cc [+] A records from Robtex: city.canaletv.co.cc [+] A records from Robtex: cns2.resetorigin.co.cc [+] A records from Robtex: com2fhttp3awww.diamondnice.co.cc [+] A records from Robtex: come.view-pictures.apartmaji-kobla.co.cc [+] A records from Robtex: come.view-pictures.arizonacolleges.co.cc [+] A records from Robtex: condingmee.co.cc [+] A records from Robtex: cookerverycheap.co.cc [+] A records from Robtex: corp.ds.culinaryarteducation.co.cc [+] A records from Robtex: dns1.georgiacolleges.co.cc [+] A records from Robtex: docjohnsonvibratorsbuy1.co.cc [+] A records from Robtex: ds.newyorknursingschools.co.cc [+] A records from Robtex: e-how.co.cc [+] A records from Robtex: euro.article4all.co.cc [+] A records from Robtex: ff.resetorigin.co.cc [+] A records from Robtex: freenaturewallpaper.co.cc [+] A records from Robtex: gator880.socialtweet.co.cc [+] A records from Robtex: ge-energyjobs.co.cc [+] A records from Robtex: get-taller.co.cc [+] A records from Robtex: gtaproductions.co.cc [+] A records from Robtex: guarantytrust-uk.co.cc [+] A records from Robtex: htmlwww.floridacollege.co.cc [+] A records from Robtex: ieieizil70.co.cc [+] A records from Robtex: ifxaffiliate.com [+] A records from Robtex: inktest.amanterkendali.co.cc [+] A records from Robtex: inktest.oshama.co.cc [+] A records from Robtex: ipma.www.causescerebralpalsy.co.cc [+] A records from Robtex: jjjfg.co.cc [+] A records from Robtex: latinica.socialtweet.co.cc [+] A records from Robtex: mail.abbsza.com [+] A records from Robtex: mail.bestdealnetbooks.co.cc [+] A records from Robtex: mail.blackbolt.co.cc [+] A records from Robtex: mail.dealermedia.co.cc [+] A records from Robtex: mail.dietaisvekla.co.cc [+] A records from Robtex: mail.panther.it [+] A records from Robtex: mail.traderbase.info [+] A records from Robtex: mail.transport2000-office.org.uk [+] A records from Robtex: mail20.detox--diet.co.cc [+] A records from Robtex: mail20.master-tools.co.cc [+] A records from Robtex: mail3.newyorknursingschools.co.cc [+] A records from Robtex: mailmx4.canaletv.co.cc [+] A records from Robtex: mitsubishihc4000hddlpprojector.co.cc [+] A records from Robtex: mm138.co.cc [+] A records from Robtex: monteso.co.cc [+] A records from Robtex: mx1.semaeb.com [+] A records from Robtex: mx2.semerap.net [+] A records from Robtex: nayachitwan.co.cc [+] A records from Robtex: newreports.floridacollege.co.cc [+] A records from Robtex: news.xn--o3cohfabsn9a8cihdgu4r.co.cc [+] A records from Robtex: ns1.losangelesengineer.co.cc [+] A records from Robtex: obral-obrol.co.cc [+] A records from Robtex: origin-www.detox--diet.co.cc [+] A records from Robtex: pinebedsidetables.co.cc [+] A records from Robtex: postmaster.mefreehost.co.cc [+] A records from Robtex: prs.cingular.culinaryarteducation.co.cc [+] A records from Robtex: radio.floridacollege.co.cc [+] A records from Robtex: rearprojectionhdtv.co.cc [+] A records from Robtex: reverse.gdsz.georgiacolleges.co.cc [+] A records from Robtex: riapaewarmcooksbm.co.cc [+] A records from Robtex: rocker.redirectme.net [+] A records from Robtex: saiclevaps1s.co.cc [+] A records from Robtex: sarek.com [+] A records from Robtex: scesniasay3u.co.cc [+] A records from Robtex: siidosantv.co.cc [+] A records from Robtex: spousta.com [+] A records from Robtex: steamshowers.co.cc [+] A records from Robtex: symbah.co.cc [+] A records from Robtex: tdlab.ca [+] A records from Robtex: tgces.co.cc [+] A records from Robtex: tuwbwd.co.cc [+] A records from Robtex: vegasslotcasino.us [+] A records from Robtex: view-pictures.fennyshop.co.cc [+] A records from Robtex: virgilio.newyorkengineercollege.co.cc [+] A records from Robtex: visionbirdcages.co.cc [+] A records from Robtex: web14.www.keyzedblog.co.cc [+] A records from Robtex: www.playguitr.co.cc [+] A records from Robtex: www.xn--ferienwohnungen-rgen-5ec.net [*] Scanning host now on IPVoid.com. May take a few seconds. [-] IP is not listed in a blacklist [-] No ISP listed [-] No GEO location listed [-] FortiGuard URL Categorization: Uncategorized [-] IP is not listed in AlienVault IP reputation database |
'Information Security > OpenSource' 카테고리의 다른 글
Kali 기초 설정하기 (0) | 2013.05.10 |
---|---|
How To Set Up A TOR Middlebox Routing All VirtualBox Virtual Machine Traffic Over The TOR Network (0) | 2013.05.08 |
Honeyspider Network 2 (1) | 2013.04.11 |
Yara Project 1.7 Release (0) | 2013.03.31 |
Python low-interaction honeyclient Thug Update (0) | 2013.03.12 |