Sponsor

Security Videos

Entries in analysis (8)

Sunday
Nov182012

Connectusers Adobe Leak - 223 passwords in 2 seconds

As most of you already know there is word of a leak involving Adobe's Connectusers forum.  You can read more about this at The HNN.  The important things to know in relation to this post is that 642 hashes have been released so far and the attacker claims to have 150,000 more to share.  The attacker also released other information with these hashes such as name, title, phone, email, company, and username.

What I have done with the release is first strip out the data I don't want leaveing me with just the hashes.

cat adobe-leaks.txt | grep Password | cut -d: -f 2 >adobehashes 

Now that I have a file with just the hashes, I ran hashcat against the hashes using a few wordlists.

root@bt:./hashcat-cli32.bin --output-file /root/leakedpasswords/ah3.out /root/leakedpasswords/adobehashes /pentest/passwords/wordlists/rockyou.txt /pentest/passwords/wordlists/darkc0de.lst /root/leakedpasswords/yahoopassesonly.txt

In less than 2 seconds, usin only those three wordlists I was able to extract 223 of the 642 passwords.  I mention this because people who do not use these tools may not understand how fast and easy it can work.   

Here is a small sampling of the hashes and passes:

a66edf0fea452ada254f5b9df1e06a37:3622125
db3b81e16cc975d2edcc1c4acf36e895:357008
49858a41a0d7d1d2e38b61513046403d:Daniel81
b23e8ea5a3a6ba0bd3ba22630ee3f153:8biggtoes
17120d69065bd6a1b6393c6e2db4174e:CDE#4rfv
c21435496168ad21cc9ba0a8e5542ec8:C0nn3ct
a4f2a54552dc5f7e1fecb1a3e9c94a59:2more2go
e20d81b83905638dbda34442b4703b4e:2925208
34e2d1989a1dbf75cd631596133ee5ee:Video
d4a6f575e71a416ff8894c6baae0ccd9:48jjfan
14dec073747d945943aaddc07a0d965e:Soccer_14
91381b03056102fcfe5538f87721e144:@WSX4rfv
6a4de56cfde1980ea9667ef3bfb77d54:9982d26
9508cbf2647fd5a5cb23fe3a524c8cc3:Heidi123
cbbd41ba72c93d17f17f2a484295b221:404526
55d7443eeb55ed7786fa89a2cc1bf446:Pass123Word
d4af0320ac68d2b8ad0f8e5faa5a1977:mdnite
11a7a5d55a91adb201e113967eff93fe:collaboration
826805d5bdaa87a3b9c7ead9027a3067:aftereffects
71f698950c9cdadc3d19bb7411177a78:Adobe
952f9dc3ad0b4c8f94de8ec75f8daeb3:trek930
d05a718ceb3cc5c368cc166729c7c7cb:Tanner07
f896dcdeb0ca7d797b439624b0e04ffe:inciner8

The full list can be downloaded here.

So, since I just did a TekTip episode on Pipal I figured I should run the output against there as well.

cat ah.out | cut -d: -f2 > ahpassesonly

 

./pipal.rb ~/leakedpasswords/ahpassesonly -o ahanalysis.txt

 

Here are the pipal results
Total entries = 538
Total unique entries = 223
Top 10 passwords
letmein = 3 (0.56%)
lighthouse = 3 (0.56%)
fisher = 3 (0.56%)
popper = 3 (0.56%)
carefree = 3 (0.56%)
stanley = 3 (0.56%)
Video = 3 (0.56%)
Winston = 3 (0.56%)
louie = 3 (0.56%)
manish = 3 (0.56%)
Top 10 base words
buster = 6 (1.12%)
adobe = 6 (1.12%)
marina = 5 (0.93%)
soccer = 5 (0.93%)
connect = 5 (0.93%)
jonathan = 3 (0.56%)
video = 3 (0.56%)
winston = 3 (0.56%)
louie = 3 (0.56%)
manish = 3 (0.56%)
Password length (length ordered)
5 = 29 (5.39%)
6 = 174 (32.34%)
7 = 130 (24.16%)
8 = 128 (23.79%)
9 = 45 (8.36%)
10 = 21 (3.9%)
11 = 5 (0.93%)
12 = 3 (0.56%)
13 = 3 (0.56%)
Password length (count ordered)
6 = 174 (32.34%)
7 = 130 (24.16%)
8 = 128 (23.79%)
9 = 45 (8.36%)
5 = 29 (5.39%)
10 = 21 (3.9%)
11 = 5 (0.93%)
12 = 3 (0.56%)
13 = 3 (0.56%)
      |                                                                 
      |                                                                 
      |                                                                 
      |                                                                 
      |||                                                               
      |||                                                               
      |||                                                               
      |||                                                               
      |||                                                               
      |||                                                               
      |||                                                               
      ||||                                                              
      ||||                                                              
     |||||                                                              
     ||||||                                                             
|||||||||||||||                                                         
000000000011111
012345678901234
One to six characters = 203 (37.73%)
One to eight characters = 461 (85.69%)
More than eight characters = 77 (14.31%)
Only lowercase alpha = 302 (56.13%)
Only uppercase alpha = 3 (0.56%)
Only alpha = 305 (56.69%)
Only numeric = 29 (5.39%)
First capital last symbol = 2 (0.37%)
First capital last number = 19 (3.53%)
Months
june = 2 (0.37%)
november = 2 (0.37%)
Days
None found
Months (Abreviated)
mar = 12 (2.23%)
jun = 2 (0.37%)
nov = 2 (0.37%)
Days (Abreviated)
mon = 5 (0.93%)
sat = 2 (0.37%)
sun = 2 (0.37%)
Includes years
1979 = 2 (0.37%)
1989 = 2 (0.37%)
2002 = 4 (0.74%)
2007 = 2 (0.37%)
Years (Top 10)
2002 = 4 (0.74%)
1979 = 2 (0.37%)
1989 = 2 (0.37%)
2007 = 2 (0.37%)
Colours
orange = 2 (0.37%)
red = 8 (1.49%)
white = 3 (0.56%)
Single digit on the end = 52 (9.67%)
Two digits on the end = 57 (10.59%)
Three digits on the end = 19 (3.53%)
Last number
0 = 11 (2.04%)
1 = 45 (8.36%)
2 = 16 (2.97%)
3 = 24 (4.46%)
4 = 6 (1.12%)
5 = 14 (2.6%)
6 = 13 (2.42%)
7 = 11 (2.04%)
8 = 13 (2.42%)
9 = 14 (2.6%)
 |                                                                      
 |                                                                      
 |                                                                      
 |                                                                      
 |                                                                      
 |                                                                      
 |                                                                      
 | |                                                                    
 | |                                                                    
 | |                                                                    
 |||                                                                    
 ||| || ||                                                              
|||| |||||                                                              
||||||||||                                                              
||||||||||                                                              
||||||||||                                                              
0123456789
Last digit
1 = 45 (8.36%)
3 = 24 (4.46%)
2 = 16 (2.97%)
5 = 14 (2.6%)
9 = 14 (2.6%)
6 = 13 (2.42%)
8 = 13 (2.42%)
0 = 11 (2.04%)
7 = 11 (2.04%)
4 = 6 (1.12%)
Last 2 digits (Top 10)
23 = 16 (2.97%)
99 = 6 (1.12%)
12 = 6 (1.12%)
08 = 6 (1.12%)
25 = 6 (1.12%)
56 = 5 (0.93%)
13 = 4 (0.74%)
14 = 4 (0.74%)
66 = 4 (0.74%)
02 = 4 (0.74%)
Last 3 digits (Top 10)
123 = 14 (2.6%)
002 = 4 (0.74%)
456 = 3 (0.56%)
388 = 2 (0.37%)
085 = 2 (0.37%)
989 = 2 (0.37%)
900 = 2 (0.37%)
110 = 2 (0.37%)
966 = 2 (0.37%)
325 = 2 (0.37%)
Last 4 digits (Top 10)
2002 = 4 (0.74%)
3456 = 3 (0.56%)
2898 = 2 (0.37%)
1085 = 2 (0.37%)
1989 = 2 (0.37%)
6900 = 2 (0.37%)
6966 = 2 (0.37%)
2325 = 2 (0.37%)
3388 = 2 (0.37%)
2007 = 2 (0.37%)
Last 5 digits (Top 10)
23456 = 3 (0.56%)
12898 = 2 (0.37%)
61085 = 2 (0.37%)
26900 = 2 (0.37%)
16966 = 2 (0.37%)
52325 = 2 (0.37%)
13388 = 2 (0.37%)
52963 = 2 (0.37%)
55225 = 2 (0.37%)
11979 = 2 (0.37%)
US Area Codes
456 = Inbound International (--)
989 = Upper central Michigan: Mt Pleasant, Saginaw (MI)
900 = US toll calls -- prices vary with the number called (--)
325 = Central Texas: Abilene, Sweetwater, Snyder, San Angelo (TX)
Character sets
loweralpha: 302 (56.13%)
loweralphanum: 149 (27.7%)
numeric: 29 (5.39%)
mixedalphanum: 23 (4.28%)
mixedalpha: 18 (3.35%)
mixedalphaspecialnum: 12 (2.23%)
upperalpha: 3 (0.56%)
mixedalphaspecial: 2 (0.37%)
Character set ordering
allstring: 323 (60.04%)
stringdigit: 132 (24.54%)
alldigit: 29 (5.39%)
stringdigitstring: 24 (4.46%)
othermask: 18 (3.35%)
digitstring: 6 (1.12%)
stringspecial: 2 (0.37%)
digitstringdigit: 2 (0.37%)
stringspecialdigit: 2 (0.37%)
Hashcat masks (Top 10)
?l?l?l?l?l?l: 120 (22.3%)
?l?l?l?l?l?l?l: 71 (13.2%)
?l?l?l?l?l?l?l?l: 56 (10.41%)
?l?l?l?l?l?l?d?d: 22 (4.09%)
?l?l?l?l?l: 18 (3.35%)
?l?l?l?l?l?l?l?l?l: 17 (3.16%)
?d?d?d?d?d?d: 17 (3.16%)
?l?l?l?l?l?l?l?d: 15 (2.79%)
?l?l?l?l?l?d?d: 12 (2.23%)
?l?l?l?l?l?l?l?l?l?l: 11 (2.04%)
Sunday
Nov182012

TekTip ep14 - Pipal Password Analysis of Yahoo password dump

Last week are good friends over at Bruteforce Labs posted a quick tutorial for Pipal.  I figured the TekDefense user base may also benefit from this tool.
Description: A password analysis tool that gives relevant statistics of passwords given a password dump.
Uses:  Analyze password trends, create better wordlists, educate users
Installation:
*Requires Ruby1.9.x
*BT5 comes with pipal 1.0.  Update Pipal if on Backtrack to 2.0
Usage:
1.  First you will need a password dump to play with.  There are several out in the wild.  You can find some here:
http://www.skullsecurity.org/wiki/index.php/Passwords
For my demo I will use the recent (kinda) Yahoo dump
2.  Get the file ready for pipal:
You only want the passwords in a file for Pipal, cut out the rest.
cat yahoousersandpass.txt | cut -d: -f 3 > yahoopassesonly.txt
3. Run Pipal:
./pipal.rb ~/leakedpasswords/yahoopassesonly.txt -o yahoodemo
4. Analyze results
We analyzed 442837 passwords in this dump!
Total entries = 442837
Total unique entries = 342509
Here we see some pretty standard bad passwords:
Top 10 passwords
123456 = 1667 (0.38%)
password = 780 (0.18%)
welcome = 437 (0.1%)
ninja = 333 (0.08%)
abc123 = 250 (0.06%)
123456789 = 222 (0.05%)
12345678 = 208 (0.05%)
sunshine = 205 (0.05%)
princess = 202 (0.05%)
qwerty = 172 (0.04%)
Base passwords are password that contain a word but are not only that word:
Top 10 base words
password = 1374 (0.31%)
welcome = 535 (0.12%)
qwerty = 464 (0.1%)
monkey = 430 (0.1%)
jesus = 429 (0.1%)
love = 421 (0.1%)
money = 407 (0.09%)
freedom = 385 (0.09%)
ninja = 380 (0.09%)
sunshine = 367 (0.08%)
As we see in most password dumps, most people go with 8 character passwords.  This is a common requirement, and has been drilled into people for a while now, so no surprise there.  116 people had a 1 character password though?  I usually don't try passwords less than 4 characters when I password crack, guess I might need to bring them back in.
Password length (length ordered)
1 = 116 (0.03%)
2 = 70 (0.02%)
3 = 302 (0.07%)
4 = 2748 (0.62%)
5 = 5324 (1.2%)
6 = 79629 (17.98%)
7 = 65610 (14.82%)
8 = 119133 (26.9%)
9 = 65964 (14.9%)
10 = 54759 (12.37%)
11 = 21218 (4.79%)
12 = 21729 (4.91%)
13 = 2657 (0.6%)
14 = 1492 (0.34%)
15 = 837 (0.19%)
16 = 568 (0.13%)
17 = 262 (0.06%)
18 = 125 (0.03%)
19 = 88 (0.02%)
20 = 177 (0.04%)
21 = 10 (0.0%)
22 = 7 (0.0%)
23 = 2 (0.0%)
24 = 2 (0.0%)
27 = 1 (0.0%)
28 = 4 (0.0%)
29 = 2 (0.0%)
30 = 1 (0.0%)
Password length (count ordered)
8 = 119133 (26.9%)
6 = 79629 (17.98%)
9 = 65964 (14.9%)
7 = 65610 (14.82%)
10 = 54759 (12.37%)
12 = 21729 (4.91%)
11 = 21218 (4.79%)
5 = 5324 (1.2%)
4 = 2748 (0.62%)
13 = 2657 (0.6%)
14 = 1492 (0.34%)
15 = 837 (0.19%)
16 = 568 (0.13%)
3 = 302 (0.07%)
17 = 262 (0.06%)
20 = 177 (0.04%)
18 = 125 (0.03%)
1 = 116 (0.03%)
19 = 88 (0.02%)
2 = 70 (0.02%)
21 = 10 (0.0%)
22 = 7 (0.0%)
28 = 4 (0.0%)
23 = 2 (0.0%)
24 = 2 (0.0%)
29 = 2 (0.0%)
30 = 1 (0.0%)
27 = 1 (0.0%)
        |                                                               
        |                                                               
        |                                                               
        |                                                               
        |                                                               
      | |                                                               
      | |                                                               
      ||||                                                              
      |||||                                                             
      |||||                                                             
      |||||                                                             
      |||||                                                             
      |||||                                                             
      |||||||                                                           
      |||||||                                                           
||||||||||||||||||||||||||||||||                                        
00000000001111111111222222222233
01234567890123456789012345678901
One to six characters = 88189 (19.91%)
One to eight characters = 272932 (61.63%)
More than eight characters = 169905 (38.37%)
66% only used lowercase alpha characters or only used numbers.
Only lowercase alpha = 146516 (33.09%)
Only uppercase alpha = 1778 (0.4%)
Only alpha = 148294 (33.49%)
Only numeric = 26081 (5.89%)
A common trend is for people to capitalize the first character, or add a number or special character to the end of a password. 
First capital last symbol = 1259 (0.28%)
First capital last number = 17467 (3.94%)
While months were used in passwords a decent amount in this dump, it doesn't look like days made up many of them.
Months
january = 106 (0.02%)
february = 30 (0.01%)
march = 192 (0.04%)
april = 284 (0.06%)
may = 725 (0.16%)
june = 386 (0.09%)
july = 245 (0.06%)
august = 238 (0.05%)
september = 68 (0.02%)
october = 182 (0.04%)
november = 154 (0.03%)
december = 130 (0.03%)
Days
monday = 48 (0.01%)
tuesday = 15 (0.0%)
wednesday = 9 (0.0%)
thursday = 18 (0.0%)
friday = 47 (0.01%)
saturday = 6 (0.0%)
sunday = 30 (0.01%)
Months (Abreviated)
jan = 1007 (0.23%)
feb = 172 (0.04%)
mar = 4719 (1.07%)
apr = 472 (0.11%)
may = 725 (0.16%)
jun = 798 (0.18%)
jul = 656 (0.15%)
aug = 504 (0.11%)
sept = 184 (0.04%)
oct = 425 (0.1%)
nov = 519 (0.12%)
dec = 404 (0.09%)
Days (Abreviated)
mon = 4431 (1.0%)
tues = 16 (0.0%)
wed = 212 (0.05%)
thurs = 29 (0.01%)
fri = 479 (0.11%)
sat = 365 (0.08%)
sun = 1237 (0.28%)
Another common trend is for users to add the year of their birth, or wedding, or the current year to their password.  While it may be surprising that 2010, 2011, and 2012 didn't have many hits if you take the source into account it makes sense.  The Yahoo dump comes from an old database that was used as part of a migration for a company that Yahoo bought call Associated Content.  This purchase occurred in 2010.
Includes years
1975 = 255 (0.06%)
1976 = 266 (0.06%)
1977 = 278 (0.06%)
1978 = 332 (0.07%)
1979 = 339 (0.08%)
1980 = 353 (0.08%)
1981 = 331 (0.07%)
1982 = 359 (0.08%)
1983 = 338 (0.08%)
1984 = 392 (0.09%)
1985 = 367 (0.08%)
1986 = 361 (0.08%)
1987 = 413 (0.09%)
1988 = 360 (0.08%)
1989 = 401 (0.09%)
1990 = 304 (0.07%)
1991 = 276 (0.06%)
1992 = 251 (0.06%)
1993 = 218 (0.05%)
1994 = 202 (0.05%)
1995 = 147 (0.03%)
1996 = 171 (0.04%)
1997 = 140 (0.03%)
1998 = 155 (0.04%)
1999 = 189 (0.04%)
2000 = 617 (0.14%)
2001 = 404 (0.09%)
2002 = 404 (0.09%)
2003 = 345 (0.08%)
2004 = 424 (0.1%)
2005 = 496 (0.11%)
2006 = 572 (0.13%)
2007 = 765 (0.17%)
2008 = 1145 (0.26%)
2009 = 1052 (0.24%)
2010 = 339 (0.08%)
2011 = 92 (0.02%)
2012 = 130 (0.03%)
2013 = 50 (0.01%)
2014 = 28 (0.01%)
2015 = 24 (0.01%)
2016 = 25 (0.01%)
2017 = 26 (0.01%)
2018 = 33 (0.01%)
2019 = 84 (0.02%)
2020 = 163 (0.04%)
Years (Top 10)
2008 = 1145 (0.26%)
2009 = 1052 (0.24%)
2007 = 765 (0.17%)
2000 = 617 (0.14%)
2006 = 572 (0.13%)
2005 = 496 (0.11%)
2004 = 424 (0.1%)
1987 = 413 (0.09%)
2001 = 404 (0.09%)
2002 = 404 (0.09%)
Red and Blue make up the majority of colors in the passwords.
Colours
black = 706 (0.16%)
blue = 1143 (0.26%)
brown = 221 (0.05%)
gray = 76 (0.02%)
green = 655 (0.15%)
orange = 250 (0.06%)
pink = 357 (0.08%)
purple = 346 (0.08%)
red = 2202 (0.5%)
white = 244 (0.06%)
yellow = 228 (0.05%)
violet = 66 (0.01%)
indigo = 35 (0.01%)
As stated previously, people tend to tack numbers and special characters at the end of passwords.  These statistics support that theory.
Single digit on the end = 47391 (10.7%)
Two digits on the end = 73640 (16.63%)
Three digits on the end = 31095 (7.02%)
Last number
0 = 17553 (3.96%)
1 = 46694 (10.54%)
2 = 24623 (5.56%)
3 = 29232 (6.6%)
4 = 17692 (4.0%)
5 = 17405 (3.93%)
6 = 17885 (4.04%)
7 = 20402 (4.61%)
8 = 17847 (4.03%)
9 = 19919 (4.5%)
 |                                                                      
 |                                                                      
 |                                                                      
 |                                                                      
 |                                                                      
 | |                                                                    
 | |                                                                    
 |||                                                                    
 |||                                                                    
||||| ||||                                                              
||||||||||                                                              
||||||||||                                                              
||||||||||                                                              
||||||||||                                                              
||||||||||                                                              
||||||||||                                                              
0123456789
Last digit
1 = 46694 (10.54%)
3 = 29232 (6.6%)
2 = 24623 (5.56%)
7 = 20402 (4.61%)
9 = 19919 (4.5%)
6 = 17885 (4.04%)
8 = 17847 (4.03%)
4 = 17692 (4.0%)
0 = 17553 (3.96%)
5 = 17405 (3.93%)
Last 2 digits (Top 10)
23 = 12364 (2.79%)
12 = 6416 (1.45%)
11 = 5476 (1.24%)
01 = 5097 (1.15%)
00 = 4098 (0.93%)
21 = 3669 (0.83%)
08 = 3627 (0.82%)
07 = 3598 (0.81%)
22 = 3587 (0.81%)
13 = 3548 (0.8%)
Last 3 digits (Top 10)
123 = 9446 (2.13%)
456 = 2443 (0.55%)
234 = 2160 (0.49%)
007 = 1477 (0.33%)
000 = 1268 (0.29%)
008 = 1150 (0.26%)
009 = 1086 (0.25%)
111 = 1056 (0.24%)
777 = 980 (0.22%)
101 = 895 (0.2%)
Last 4 digits (Top 10)
3456 = 2151 (0.49%)
1234 = 1968 (0.44%)
2008 = 1033 (0.23%)
2009 = 927 (0.21%)
2345 = 750 (0.17%)
2007 = 674 (0.15%)
2000 = 535 (0.12%)
2006 = 502 (0.11%)
1111 = 436 (0.1%)
2005 = 436 (0.1%)
Last 5 digits (Top 10)
23456 = 2121 (0.48%)
12345 = 724 (0.16%)
56789 = 316 (0.07%)
45678 = 305 (0.07%)
11111 = 269 (0.06%)
34567 = 231 (0.05%)
54321 = 197 (0.04%)
00000 = 162 (0.04%)
99999 = 150 (0.03%)
23123 = 132 (0.03%)
Most popular area codes based ont the 3 character numbers found.
US Area Codes
456 = Inbound International (--)
234 = NE Ohio: Canton, Akron (OH)
Now here is some data that can be directly applied to password cracking.
Character sets
loweralphanum: 224095 (50.6%)
loweralpha: 146516 (33.09%)
numeric: 26081 (5.89%)
mixedalphanum: 23238 (5.25%)
loweralphaspecialnum: 6070 (1.37%)
mixedalpha: 5122 (1.16%)
upperalphanum: 3416 (0.77%)
mixedalphaspecialnum: 3340 (0.75%)
loweralphaspecial: 2079 (0.47%)
upperalpha: 1778 (0.4%)
mixedalphaspecial: 486 (0.11%)
upperalphaspecialnum: 222 (0.05%)
specialnum: 188 (0.04%)
upperalphaspecial: 46 (0.01%)
special: 16 (0.0%)
Character set ordering
stringdigit: 185323 (41.85%)
allstring: 153416 (34.64%)
alldigit: 26081 (5.89%)
othermask: 25117 (5.67%)
digitstring: 24962 (5.64%)
stringdigitstring: 18677 (4.22%)
digitstringdigit: 4648 (1.05%)
stringspecialdigit: 2359 (0.53%)
stringspecial: 1111 (0.25%)
stringspecialstring: 833 (0.19%)
specialstringspecial: 168 (0.04%)
specialstring: 126 (0.03%)
allspecial: 16 (0.0%)
Hashcat masks (Top 10)
?l?l?l?l?l?l: 40693 (9.19%)
?l?l?l?l?l?l?l?l: 32439 (7.33%)
?l?l?l?l?l?l?l: 29129 (6.58%)
?l?l?l?l?l?l?d?d: 20316 (4.59%)
?l?l?l?l?l?l?l?l?l: 16185 (3.65%)
?l?l?l?l?l?l?l?l?d?d: 12632 (2.85%)
?d?d?d?d?d?d: 12583 (2.84%)
?l?l?l?l?l?l?l?d: 10620 (2.4%)
?l?l?l?l?l?l?l?l?l?l: 10310 (2.33%)
?l?l?l?l?l?l?l?d?d: 10281 (2.32%)
1aN0rmus@tekdefense.com
http://www.securitytube.net/user/1aN0rmus
www.youtube.com/user/TekDefense

 

Sunday
Nov042012

Automater - IP and URL analysis tool

Update: Automater gets its own project page http://www.tekdefense.com/automater/

One challenge I have faced, as well as seen other analyst face as well is the amount of time it takes to investigate an IP Address or URL.  If you are like most analyst you have probably used at least some if not all of the following web tools to investigate IPs or URLs involved in an incident:

As I mentioned previously to lookup an IP against all or even some of these takes more time than it should.  Additionally, as they all are formatted differently and have different options, you can not export them in a format that can be attached to a trouble ticket, evidence file, or even an email.  Noticing this issue, I attempted to fix it by creating a python program that will scrape the previously mentioned resources to pull out the information relevant to what the analyst needs.

Meet Automater:

The tool currently only queries IPVoid, Robtex, and Fortiguard currently, but I am working on adding modules from all the resources I mentioned earlier in the article.  The help option will explain where I am heading with the project, all though I am not quite there yet. 

root@bt:~/workspace/Automater# ./Automater.py -h
 
    ONLY -t AND -h WORK CURRENTLY!! 
    -t: target ip or url.  URL must include http://
    -s: source engine (robtex, ipvoid, fortiguard)
    -a: all engines
    -h: help
    -f: import a file of IPs and/or URLs
    -o: output results to file
    -i: Interactive Mode
    Examples:
    ./Automater.py -t 123.123.123.123 -a -o result.txt
    ./Automater.py -f hosts.txt -s robtex -o results.txt

Automater right now only takes the -t and the -h options and only works for one target at a time.  This again will change as I modify it.  URL support has not been added yet either.

I am posting this now in its pre-release form because I would like to hear from the community what types of features they would like to see added.  I would also like to know of any bugs you can find.  Lastly, I am of course interested in anyone who would like to contribute to the project.  If all goes as planned I would like to have the tool fully functional within a couple of weeks.  Once complete I will attempt to pitch the tool to Doug Burks to add to his Security Onion Distro.  I think this could be a really nice tool for analysts.

Contribute to, or download the tool on Github.

Report any Bugs or feature requests to 1aN0rmus@TekDefense.com

DEMO:

Page 1 2