Just-Metadata is a tool that can be used to gather IP address metadata passively about a large number of IP addresses, and attempt to extrapolate relationships that might not otherwise be seen. Just-Metadata has “gather” modules which are used to gather metadata about IPs loaded into the framework across multiple resources on the internet. Just-Metadata also has “analysis” modules. These are used to analyze the data loaded Just-Metadata and perform various operations that can identify potential relationships between the loaded systems.
Just-Metadata will allow you to quickly find the Top “X” number of states, cities, timezones, etc. that the loaded IP addresses are located in. It will allow you to search for IP addresses by country. You can search all IPs to find which ones are used in callbacks as identified by VirusTotal. Want to see if any IPs loaded have been documented as taking part of attacks via the Animus Project, Just-Metadata can do it.
Additionally, it is easy to create new analysis modules to let people find other relationships between IPs loaded based on the available data. New intel gathering modules can be easily added in just as easily.
Just-Metadata gathers various publicly available IP address metadata such as:
- Geo-location information
- GPS Coordinates
- Is it a known attacker documented by the Animus Project?
- Do the attacking IP addresses share any common traits
- SSH Keys
- HTTPS Certificates
- Certificate Chains
- What common ports are open across the attacking IPs?
- Are any of the IPs known by VirusTotal?
- Shodan information (Ports, keys, certificates, etc.)
Ideally, you should be able to run the setup script, and it will install everything you need.
For the Shodan information gathering module, YOU WILL NEED a Shodan API key. This costs like $9 bucks, come on now, it’s worth it :).
I’ll be looking forwards to future versions with cli based input and output for scripting and chaining this with other tools, with a bit of data crunching and pattern matching/machine learning it could be turned into a fairly intelligent attack pre-warning system.
You can download Just-Metadata v1.0 here:
Or read more here.