The SOC Analysts all-in-one CLI tool to automate and speed up workflow.
- Sanitise URL's to be safe to send in emails
- Perform reverse DNS and DNS lookups
- Perform reputation checks from:
- Check if an IP address is a TOR exit node
- Decode Proofpoint URL's and UTF-8 encoded URLS
- Get file hashes and compare them against VirusTotal (see requirements)
- Perform WhoIs Lookups
- Python 3.x
- To use the Hash comparison with VirusTotal requires an API key, replace the key in the code with your own key.
Want to contribute? Great!
- New features / requests should start by opening an issue. This helps track new features and prevent crossover.
- All code modifications, enhancements or additions must be done through a pull request.
- Once reviewed and merged, contibutors will be added to the ReadMe
- Aaron J Copley for his code to decode ProofPoint URL's
- James Duarte for adding a hash and auto-check option to the hashing function