Automate IP and URL analysis with Automater

Automater is a tool created to automate the OSINT analysis of IP addresses.


Given a target (URL, IP, or HASH) or a file full of targets Automater will return relevant results from sources like the following: IPvoid.com, Robtex.com, Fortiguard.com, unshorten.me, Urlvoid.com, Labs.alienvault.com, ThreatExpert.com, VxVault.net, and VirusTotal.com.

There are many output methods: –o will output to a file in the same format that is printed to screen, -c will output a csv, and –w will output an html file.


OSINT?

Open-Source INTelligence (OSINT) is intelligence collected from publicly available sources.
In the intelligence community (IC), the term “open” refers to overt, publicly available sources (as opposed to covert or clandestine sources); it is not related to open-source software or public intelligence.

(from Wikipedia)


Installation

Some python libraries are required: httplib2, requests, sys, argparse, urllib, urllib2

When the dependences are satisfied, simply use git to clone the code to your local machine:

git clone https://github.com/1aN0rmus/TekDefense-Automater.git

…or download the script from https://github.com/1aN0rmus/TekDefense-Automater/archive/master.zip


Usage

./Automater.py -h
usage: Automater.py [-h] [-o OUTPUT] [-w WEB] [-c CSV] [-d DELAY] [-s SOURCE] [ — p] target
IP, URL, and Hash Passive Analysis tool
required arguments:
target List one IP Addresses, URL or Hash to query or pass
the filename of a file containing IP Addresses, URL or
Hash to query each separated by a newline.
optional arguments:
-h, — help show this help message and exit
-o OUTPUT, — output OUTPUT This option will output the results to a file.
-w WEB, — web WEB This option will output the results to an HTML file.
-c CSV, — csv CSV This option will output the results to a CSV file.
-d DELAY, — delay DELAY This will change the delay to the inputted seconds.
Default is 2.
-s SOURCE, — source SOURCE This option will only run the target against a
specific source engine to pull associated domains.
Options are defined in the name attribute of the site
element in the XML configuration file
 — p This option tells the program to post information to
sites that allow posting. By default the program will
NOT post to sites that require a post.

More information on TekDefense website or on GitHub page.

Comments