Automater is a URL/Domain, IP Address, and Md5 Hash OSINT tool aimed at making the analysis process easier for intrusion Analysts. Given a target (URL, IP, or HASH) or a file full of targets Automater will return relevant results from sources like the following: IPvoid.com, Robtex.com, Fortiguard.com, unshorten.me, Urlvoid.com, Labs.alienvault.com, ThreatExpert, VxVault, and VirusTotal.
By default, if Automater does not find data available it will not submit the target to that site to get data. If you would like Automater to use an HTTP POST to send target data to a source like IPVoid or URLVoid use –p
There are also new output methods. –o will output to a file in the same format that is printed to screen, -c will output a csv, and –w will output an html file.
Usage
It does take Automater a little longer to run then it used to. That is because a delay of 2 seconds between requests was implemented to ensure sources don’t get overloaded. You can modify this delay with a –d
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 |
./Automater.py -h usage: Automater.py [-h] [-o OUTPUT] [-w WEB] [-c CSV] [-d DELAY] [-s SOURCE] [--p] target IP, URL, and Hash Passive Analysis tool required arguments: target List one IP Addresses, URL or Hash to query or pass the filename of a file containing IP Addresses, URL or Hash to query each separated by a newline. optional arguments: -h, --help show this help message and exit -o OUTPUT, --output OUTPUT This option will output the results to a file. -w WEB, --web WEB This option will output the results to an HTML file. -c CSV, --csv CSV This option will output the results to a CSV file. -d DELAY, --delay DELAY This will change the delay to the inputted seconds. Default is 2. -s SOURCE, --source SOURCE This option will only run the target against a specific source engine to pull associated domains. Options are defined in the name attribute of the site element in the XML configuration file --p This option tells the program to post information to sites that allow posting. By default the program will NOT post to sites that require a post. |
Automater is now very easily extensible even for those that are not familiar with python. All the sources that are queried and what they are queried for are contained in sites.xml. This must be in the same directory as Automater.py and all the other .py’s that Automater ships with.
You can download Automater here:
TekDefense-Automater-master.zip
Or read more here.