Automater v2.0 - URL/Domain, IP Address, and Md5 Hash OSINT Tool

Automater is a URL/Domain, IP Address, and Md5 Hash OSINT tool aimed at making the analysis process easier for intrusion Analysts. Given a target (URL, IP, or HASH) or a file full of targets Automater will return relevant results from sources like the following: IPvoid.com, Robtex.com, Fortiguard.com, unshorten.me, Urlvoid.com, Labs.alienvault.com, ThreatExpert, VxVault, and VirusTotal.

*Automater is installed on HoneyDrive and Kali by default but currently have an outdated version.

Automater comes in two  flavors, python script that will work for Linux or Windows, and an exe for Windows.

The Windows client is currently in development. In the meantime the python code will work on Windows with a python 2.7 install

As this is a python script you will need to ensure you have the correct version of python, which for this script is python 2.7. I used mostly standard libraries, but just incase you don't have them, here are the libraries that are required: httplib2, re, sys, argparse, urllib, urllib2

With the python and the libraries out of the way, you can simply use git to clone the tekdefense code to your local machine.
git clone https://github.com/1aN0rmus/TekDefense-Automater.git

Once installed the usage is pretty much the same across Windows, Linux, and Kali.
python Automater.py -h

or if you chmod +x Automater.py you can

./Automater.py -h

usage: Automater.py [-h] [-o OUTPUT] [-w WEB] [-c CSV] [-d DELAY] [-s SOURCE]



IP, URL, and Hash Passive Analysis tool

positional arguments:

target List one IP Addresses, URL or Hash to query or pass

the filename of a file containing IP Addresses, URL or

Hash to query each separated by a newline.

optional arguments:

-h, --help show this help message and exit

-o OUTPUT, --output OUTPUT

This option will output the results to a file.

-w WEB, --web WEB This option will output the results to an HTML file.

-c CSV, --csv CSV This option will output the results to a CSV file.

-d DELAY, --delay DELAY

This will change the delay to the inputted seconds.

Default is 2.

-s SOURCE, --source SOURCE

This option will only run the target against a

specific source engine to pull associated domains.

Options are defined in the name attribute of the site

element in the XML configuration file

--p This option tells the program to post information to

sites that allow posting. By default the program will

NOT post to sites that require a post.

Disqus Comments