Thanks to visit codestin.com
Credit goes to github.com

Skip to content

billexploit/Sooty

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

72 Commits
.idea
.idea
 
 
readmeimages
readmeimages
 
 
README.md
README.md
 
 
Sooty.py
Sooty.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

Generic badge PRs Welcome GitHub contributors Generic badge HitCount

Sooty

Contents

Sooty can Currently:

  • Sanitise URL's to be safe to send in emails
  • Perform reverse DNS and DNS lookups
  • Perform reputation checks from:
  • Check if an IP address is a TOR exit node
  • Decode Proofpoint URL's, UTF-8 encoded URLS and Office SafeLink URL's
  • Get file hashes and compare them against VirusTotal (see requirements)
  • Perform WhoIs Lookups
  • Check Usernames and Emails against HaveIBeenPwned to see if a breach has occurred.
  • Simple analysis of emails to retrieve URL's, emails and header information.
  • Extract IP addresses from emails.

Requirements

  • Python 3.x
  • Install all dependencies from the requirements.txt file. pip install -r requirements.txt
  • To use the Hash comparison with VirusTotal requires an API key, replace the key VT_API_KEY in the code with your own key. The tool will still function without this key, however this feature will not work.
  • To use the Reputation Checker with AbuseIPDB requires an API Key, replace the key AB_API_KEY in the code with your own key. The tool will still function without this key, however this feature will not work.

Development

Want to contribute? Great!

Code Contributions

  • New features / requests should start by opening an issue. This helps track new features and prevent crossover.
  • If you wish to work on a feature, leave a comment on the issue page and I will assign you to it.
  • All code modifications, enhancements or additions must be done through a pull request.
  • Once reviewed and merged, contibutors will be added to the ReadMe

Changelog

Version 1.2 - The Phishing Update

  • Added first iteration of the Phishing tool.
  • Able to analyze an email (outlook / .msg only tested at the moment) and retrieve emails, urls (Proofpoint decode if necessary) and extract info from headers.
  • Extract IP's from body of email.

Version 1.1 - The Reputation Update

  • Improved Rep Checker
  • Added HaveIBeenPwned Functionality
  • Added DNS Tools and WhoIs Functionality
  • Added Hash and VirusTotal Checkers
  • Added Abuse IPDB, Tor Exit Node, BadIP's to Reputation Checker

Version 1.0

  • Initial Release
  • URL and ProofPoint Decoder
  • Initial implementation of Reputation Checker
  • Sanitize links to be safe for email

RoadMap

This is an outline of what features will be coming in future versions.

Version 1.2 - The Phishing Update

  • Add Ability to extract email addresses and URL's from mail. Edit: Added
  • Correlate emails and URL's to see if they have been reported for phishing (PhishTank)
  • Scan email attachments for malicious content, macros, files, scan hashes, etc.

Version 1.3 - The Case Update

  • Add a 'New Case' Feature, allowing output of the tool to be output to a txt file.

Contributors:

  • Aaron J Copley for his code to decode ProofPoint URL's
  • James Duarte for adding a hash and auto-check option to the hashing function
  • mrpnkt for adding the missing whois requirement to requirements.txt

About

The SOC Analysts all-in-one CLI tool to automate and speed up workflow.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%