机器人>> tg-04-indicator-to-ips-domains>> 返回
项目作者: CiscoSecurity

项目描述 :
Query Threat Grid for one or more indicators and get a list of public IPs and domains
高级语言: Python
项目地址: git://github.com/CiscoSecurity/tg-04-indicator-to-ips-domains.git


Gitter chat

Indicator to IPs and Domains:

The script does the following:

  1. Query Threat Grid for the existance of each hash in the provided list
  2. If the hash exists, collect associated samples and fetch the network streams for each sample
  3. Extract the unique public IPs and Domains from each sample
  4. Output the informaiton to the console and to a files in a RESULTS directory

Before using you must update the following:

  • api_key

Usage:

The script takes a file as a parameter. The file should have one hash (MD5, SHA1, SHA256) per line.

  1. python hash_query.py hashlist.txt

Example script output:

  1. Line 1 of 1 is a Winner! - 7bdc23cc435305da225148b643fc5273a0bf4e227327e15309fe8d5d98c12c20
  3. Found 1 out of 1 hashes in the system
  5. Found 30 samples from 1 hashes:
  7. Found 9 IP Addresses:
  8.   34.195.37.78
  9.   52.20.74.226
  10.   52.22.211.38
  11.   52.26.195.230
  12.   52.173.193.166
  13.   54.164.91.17
  14.   54.210.188.78
  15.   194.150.168.74
  16.   216.239.36.21
  18. Found 5 domains:
  19.   dpckd2ftmf7lelsa.jjeyd2u37an30.com
  20.   dpckd2ftmf7lelsa.s24f53mnd7w31.com
  21.   dpckd2ftmf7lelsa.tor2web.blutmagie.de
  22.   dpckd2ftmf7lelsa.tor2web.fi
  23.   ipinfo.io