Automater is a URL/Domain, IP Address, and Md5 Hash open-source intelligence (OSINT) tool aimed at making the analysis process easier for intrusion Analysts. Given a target (URL, IP, or HASH) or a file full of targets, Automater will return relevant results from sources like the following: IPvoid.com, Robtex.com, Fortiguard.com, unshorten.me, Urlvoid.com, Labs.alienvault.com, ThreatExpert, VxVault, and VirusTotal.
This is what the author "1aN0rmus" has to say about this tool: "Automater is a tool that I originally created to automate the OSINT analysis of IP addresses. It quickly grew and became a tool to do analysis of IP Addresses, URLs, and Hashes."
"Unfortunately though, this was my first python project and I made a lot of mistakes, and as the project grew it became VERY hard for me to maintain."
"Luckily, a mentor and friend of mine (@jameshub3r) offered his time and expertise to do an entire re-write of the code that would focus on a modular extensible framework. The new code hits the mark as far as that is concerned. The real power of Automater is how easy it is to modify what sources are checked and what data is taken from them without having to modify the python code. To modify sources simply open up the sites.XML file and modify away."
Automater is also a part of the official penetration testing distribution "Kali Linux" and the Honeypot Linux Distribution "HoneyDrive".
Note: Automater requires python 2.7. And make sure that you have the following libraries installed: httplib2, re, sys, argparse, urllib, urllib2.
Usage:
Automater.py [-h] [-o OUTPUT] [-w WEB] [-c CSV] [-d DELAY] [-s SOURCE] [--p] target
Required arguments:
target List one IP Addresses, URL or Hash to query or pass
the filename of a file containing IP Addresses, URL or
Hash to query each separated by a newline.
optional arguments:
-h, --help show this help message and exit
-o OUTPUT, --output OUTPUT This option will output the results to a file.
-w WEB, --web WEB This option will output the results to an HTML file.
-c CSV, --csv CSV This option will output the results to a CSV file.
-d DELAY, --delay DELAY This will change the delay to the inputted seconds.
Default is 2.
-s SOURCE, --source SOURCE This option will only run the target against a
specific source engine to pull associated domains.
Options are defined in the name attribute of the site
element in the XML configuration file
--p This option tells the program to post information to
sites that allow posting. By default the program will
NOT post to sites that require a post.
You might also like:
Automater - Tool For Analyzing URLs/Domains, IP Addresses, and Md5 Hashes
Reviewed by AC10 Tech
on
Thursday, April 20, 2017
Rating:
No comments: