Pentest Tools

Published on May 11th, 2016 📆 | 8483 Views ⚑

0

sIPI – Simple IP Information Tools


iSpeech.org

This tool is aimed for Incident Response Team and anyone what's want to know the behaviour of the "suspicious" IP Address. The tools do search looking for reputation info from a set of open threat intelligence sources. Information about this IP like malware activity, malicious activity, blacklist, spam and botnet activity.
Depedencies :
  • request
  • shodan

Installation :

pip install requests & easy_install shodan
git clone "repositori"
config API token into config.json

try: $> python sipi.py any_ip -A

Descripcion
[[@SVTCloud] Simple IP Information Tool [[@st2labs]]

 sIPi - is a free reconnaissance tool for obtain IP Address Information from
 many Open Sources: cymon.io | shoda.io | ipinfo.io

Julian J. Gonzalez Caracuel - @rhodius Version: 0.1
Es una herramienta que analiza una IP o lista de IP, obteniendo como resultado informaci贸n sobre:

    - reputaci贸n / actividad
    - nivel de exposici贸n 
    - geolocalizaci贸n

Reputaci贸n / detecci贸n de la IP en lista negras seg煤n las siguientes categorias:

   Source: cymon.io - Cymon is the largest open tracker of malware, phishing, botnets, spam, and more

   ['malware',
       'botnet',
       'spam',
       'phishing',
       'malicious activity',
       'blacklist',
       'dnsbl']

Nivel de exposici贸n:

    Source: shodan.io - Shodan is the world's first search engine for Internet-connected devices.

    Obtiene informaci贸n toda la direcci贸n IP que tiene SHODAN sobre la direcci贸n IP, dependiendo del nivel de acceso al motor SHODAN 
    se podra obtener informaci贸n con mayor cantidad de datos (n煤mero de puertos, banner, geolocalizaci贸n)

Geolocalizaci贸n:

    Source: ipinfo.io

    Obtiene informaci贸n simple de la direcci贸n IP, geolocalizaci贸n e informaci贸n sobre el ASN, permite un ratio de 1000/day

Instalacion Requisitos

cymon.io  - Necesita token de autenticaci贸n - usuario registrado ratio: 1000/days
shodan.io - Necesita token de autenticaci贸n - usuario registrado limite 100 resultados, puertos limitados

La configuraci贸n de los token, se introduce en Fichero: config.json, que debe estar en el directorio donde se ejecuta sipi.py << API token from all service is setting up into a "config.json" filename place in the root directory >>
Dependencias
requests

pip install requests

shodan

easy_install shodan

Linux & Windows

Examples | Ejemplos

 Buscar informaci贸n en todas las categorias de reputaci贸n, nivel de exposici贸n & ip informaci贸n
 Get Info to IP's list filename in All categoty from cymon, and adds info from Shodan & IPInfo
 $> python sipi.py list_ip -A -s -i

 Obtener informaci贸n sobre la IP en lista de SPAM, nivel de exposici贸n & ip informaci贸n
 Get Info to IP's list filename only in SPAM categoty from cymon, and adds info from Shodan & IPInfo
 $> python sipi.py list_ip -t spam -s -i

 Obtener informaci贸n sobre la lista de IP en reputaci贸n a nivel de Malware
 Get Info to IP's list filename only in MALWARE categoty from cymon with 1 day ago and 1000 entry limits
 $> python sipi.py list_ip -t malware -d 1 -l 1000

    -d <days[1-3]> Solamente se puede analizar el nivel de reputaci贸n de la IP hace 3 d铆as
    If you don't find anythings, maybe events was more than 3 day ago, please try to use -d 4 options
    Para m谩s de 3 d铆as utilizar -d 4

    -l <limite> Controlar el n煤mero de resultados donde analizar la IP - Default: 100

Output Example:
$> python sipi.py lista.txt -d 4 -A
[[@SVTCloud] Simple IP Information Tool [[@st2labs]]

 sIPi - is a free recorn tool for obtain IP Address Information from
 many Open Sources: cymon.io | shoda.io | ipinfo.io

Julian J. Gonzalez Caracuel - @rhodius Version: 0.1

 [!] This IP ['83.55.23.240s'] is not valid & have been removed from searching


 If days more than 3, auto change mode is active
 [ip_blacklist > ip_events] to obtain Ip Info

[adsense size='1']

 ++++++++++++++++++++++++++++++++++++++
 + Info obtain from: https://cymon.io  +
 +     Checking for ip_events
 ++++++++++++++++++++++++++++++++++++++


 +---------------------------------+
 +-Events for IP:93.76.61.78
 +---------------------------------+

   +--

   [!] IP 93.76.61.78 found in malicious activity BlackList
   Detected by: [u'esentire threat labs']

   --+

   [NOT_FOUND] IP 93.76.61.78  in this CATEGORIES:['malware', 'botnet', 'spam', 'phishing', 'blacklist', 'dnsbl']


 +---------------------------------+
 +-Events for IP:93.183.250.196
 +---------------------------------+

   +--

   [!] IP 93.183.250.196 found in malicious activity BlackList
   Detected by: [u'esentire threat labs']

   --+

   [NOT_FOUND] IP 93.183.250.196  in this CATEGORIES:['malware', 'botnet', 'spam', 'phishing', 'blacklist', 'dnsbl']


 +---------------------------------+
 +-Events for IP:176.101.204.172
 +---------------------------------+

   +--

   [!] IP 176.101.204.172 found in malicious activity BlackList
   Detected by: [u'esentire threat labs']

   --+

   [NOT_FOUND] IP 176.101.204.172  in this CATEGORIES:['malware', 'botnet', 'spam', 'phishing', 'blacklist', 'dnsbl']

 

Download sIPI



Leave a Reply

Your email address will not be published.