Pentest Tools

Published on March 9th, 2016 📆 | 1578 Views ⚑

0

Machinae — Security Intelligence Collector


Text to Speech

Machinae is a tool for collecting intelligence from public sites/feeds about various security-related pieces of data: IP addresses, domain names, URLs, email addresses, file hashes and SSL fingerprints.  It was inspired by Automater, another excellent tool for collecting information. The Machinae project was born from wishing to improve Automater in 4 areas:

  1. Codebase – Bring Automater to python3 compatibility while making the code more pythonic
  2. Configuration – Use a more human readable configuration format (YAML)
  3. Inputs – Support JSON parsing out-of-the-box without the need to write regular expressions, but still support regex scraping when needed
  4. Outputs – Support additional output types, including JSON, while making extraneous output optional

[adsense size='1']

Out-of-the-Box Data Sources

Security Intelligence Collector, Machinae comes with out-of-the-box support for the following data sources:

  • IPVoid
  • URLVoid
  • URL Unshortener (https://www.toolsvoid.com/unshorten-url)
  • Malc0de
  • SANS
  • Telize GeoIP
  • Fortinet Category
  • VirusTotal pDNS (via web scrape – commented out)
  • VirusTotal pDNS (via JSON API)
  • VirusTotal URL Report (via JSON API)
  • VirusTotal File Report (via JSON API)
  • Reputation Authority
  • ThreatExpert
  • VxVault
  • ProjectHoneypot
  • McAfee Threat Intelligence
  • StopForumSpam
  • Cymru MHR
  • ICSI Certificate Notary
  • TotalHash (disabled by default)
  • DomainTools Parsed Whois (Requires API key)
  • DomainTools Reverse Whois (Requires API key)
  • DomainTools Reputation
  • IP WHOIS (Using RIR REST interfaces)

 

 

Security Intelligence Collector: Machinae Installation

Machinae can be installed using pip3:

pip3 install machinae

Or, if you’re feeling adventurous, Security Intelligence Collector can be installed directly from github:

pip3 install git+https://github.com/HurricaneLabs/machinae.git

You will need to have dependencies for compiling Python modules (on Debian based systems, python3-dev), as well as the libyaml development package (on Debian based systems, libyaml-dev).

[adsense size='1']

Usage

Security Intelligence Collector, Machinae is very similar to Automater:

usage: machinae [-h] [-c CONFIG] [-d DELAY] [-f FILE] [--nomerge] [-o {D,J,N}]
                [-O {ipv4,ipv6,fqdn,email,sslfp,hash,url}] [-q] [-s SITES]
                targets [targets ...]
  • See above for details on the -c/--config and --nomerge options.
  • Machinae supports a -d/--delay option, like Automater. However, Machinae uses 0 by default.
  • Machinae output is controlled by two arguments:
    • -o controls the output format, and can be followed by a single character to indicated the desired type of output:
      • N is the default output (“Normal”)
      • D is the default output, but dot characters are replaced
      • J is JSON output
    • -f/--file specifies the file where output should be written. The default is “-” for stdout.
  • Machinae will attempt to auto-detect the type of target passed in (Machinae refers to targets as “observables” and the type as “otype”). This detection can be overridden with the -O/--otype option. The choices are listed in the usage
  • By default, Machinae operates in verbose mode. In this mode, it will output status information about the services it is querying on the console as they are queried. This output will always be written to stdout, regardless of the output setting. To disable verbose mode, use -q
  • By default, Machinae will run through all services in the configuration that apply to each target’s otypeand are not marked as “default: false”. To modify this behavior, you can:
    • Pass a comma separated list of sites to run (use the top level key from the configuration).
    • Pass the special keyword all to run through all services including those marked as “default: false”

    Note that in both cases, otype validation is still applied.

  • Lastly, a list of targets should be passed. All arguments other than the options listed above will be interpreted as targets.

 

Source && Download



Leave a Reply

Your email address will not be published.