Automater: IP/URL and MD5 OSINT Analysis

by do son · Published September 12, 2017 · Updated November 4, 2024

Automater

Automater is a URL/Domain, IP Address, and Md5 Hash OSINT tool aimed at making the analysis process easier for intrusion Analysts. Given a target (URL, IP, or HASH) or a file full of targets Automater will return relevant results from sources like the following: IPvoid.com, Robtex.com, Fortiguard.com, unshorten.me, Urlvoid.com, Labs.alienvault.com, ThreatExpert, VxVault, and VirusTotal.

Installation

git clone https://github.com/1aN0rmus/TekDefense-Automater.git

Usage

usage: Automater.py [-h] [-o OUTPUT] [-b] [-f CEF] [-w WEB] [-c CSV]

                    [-d DELAY] [-s SOURCE] [--proxy PROXY] [-a USERAGENT] [-V]

                    [-r] [-v]

                    target



IP, URL, and Hash Passive Analysis tool



positional arguments:

  target                List one IP Address (CIDR or dash notation accepted),

                        URL or Hash to query or pass the filename of a file

                        containing IP Address info, URL or Hash to query each

                        separated by a newline.



optional arguments:

  -h, --help            show this help message and exit

  -o OUTPUT, --output OUTPUT

                        This option will output the results to a file.

  -b, --bot             This option will output minimized results for a bot.

  -f CEF, --cef CEF     This option will output the results to a CEF formatted

                        file.

  -w WEB, --web WEB     This option will output the results to an HTML file.

  -c CSV, --csv CSV     This option will output the results to a CSV file.

  -d DELAY, --delay DELAY

                        This will change the delay to the inputted seconds.

                        Default is 2.

  -s SOURCE, --source SOURCE

                        This option will only run the target against a

                        specific source engine to pull associated domains.

                        Options are defined in the name attribute of the site

                        element in the XML configuration file. This can be a

                        list of names separated by a semicolon.

  --proxy PROXY         This option will set a proxy to use (eg.

                        proxy.example.com:8080)

  -a USERAGENT, --useragent USERAGENT

                        This option allows the user to set the user-agent seen

                        by web servers being utilized. By default, the user-

                        agent is set to Automater/version

  -V, --vercheck        This option checks and reports versioning for

                        Automater. Checks each python module in the Automater

                        scope. Default, (no -V) is False

  -r, --refreshxml      This option refreshes the tekdefense.xml file from the

                        remote GitHub site. Default (no -r) is False.

  -v, --verbose         This option prints messages to the screen. Default (no

                        -v) is False.