Bulk IP Status Examine utilizing Safety Web sites and Open Supply Scripts – InfoSec Memo


Listed here are three attention-grabbing initiatives we are able to use to examine bulk ip addresses’ repute:

Notice: Please let me know in case you discovered extra associated scripts, and I’ll add them right here.

[[email protected] ~]# yum set up git
[[email protected] ~]# rm -r -d -f TekDefense-Automater/
[[email protected] ~]# git clone https://github.com/1aN0rmus/TekDefense-Automater.git
Cloning into 'TekDefense-Automater'...
distant: Enumerating objects: 260, achieved.
distant: Complete 260 (delta 0), reused 0 (delta 0), pack-reused 260
Receiving objects: 100% (260/260), 136.82 KiB | 0 bytes/s, achieved.
Resolving deltas: 100% (143/143), achieved.
[[email protected] ~]# ls
TekDefense-Automater
[[email protected] ~]# cd TekDefense-Automater/
[[email protected] TekDefense-Automater]# ls
Automater.py  inputs.py  outputs.py  siteinfo.py  tekdefense.xml
docs          LICENSE    README.md   websites.xml    utilities.py

[[email protected] TekDefense-Automater]# python Automater.py -h
Automater.py take a look at.txt -o take a look at.out -c take a look at.csv -w take a look at.html -d 10
[[email protected] TekDefense-Automater]# python Automater.py take a look at.txt -o take a look at.out -c take a look at.csv -w take a look at.html -d 10

Check.txt content material:

117.40.196.21

37.192.170.224

99.203.86.107

70.119.165.198

99.203.87.35

66.240.236.119

In case you are utilizing Alpine linux OS, the command is perhaps totally different. Please see some examples instructions beneath:

$ sudo apk replace
fetch https://dl-cdn.alpinelinux.org/alpine/v3.16/major/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.16/group/x86_64/APKINDEX.tar.gz
v3.16.2-203-g16a4499ea3 [https://dl-cdn.alpinelinux.org/alpine/v3.16/main]
v3.16.2-202-ge26245aea1 [https://dl-cdn.alpinelinux.org/alpine/v3.16/community]
OK: 17053 distinct packages obtainable
[node1] (native) [email protected] ~
$ sudo apk add git
OK: 395 MiB in 156 packages
[node1] (native) [email protected] ~
$ git --version
git model 2.36.2
[node1] (native) [email protected] ~
$ 

Notice: In case you are utilizing PWD (Play with docker), the copy shortcut secret’s ctrl+insert, paste is ctrl+shift+v or shift+insert.

Use Python2 Docker to Run Automater Script    

In case you are in a scenario, your linux launch doesn’t have Python2 or cannot set up Python2, you should have an issue to run this outdated script. Both you need to use my following method to run a Python2 docker to repair problem or you need to use a few of different newer scripts to run it utilizing Python3. Yow will discover these scripts from the references part.

$ docker run -it -d frolvlad/alpine-python2
43e5aec794b00c10f262e446fd210532f72a73bea93fafb689b7dfbd9f95fb10
[node1] (native) [email protected] ~/TekDefense-Automater
$ docker ps
CONTAINER ID   IMAGE                     COMMAND     CREATED         STATUS         PORTS     NAMES
43e5aec794b0   frolvlad/alpine-python2   "/bin/sh"   3 seconds in the past   Up 2 seconds             thirsty_burnell
[node1] (native) [email protected] ~/TekDefense-Automater
$ docker exec -it thirsty_burnell /bin/bash
OCI runtime exec failed: exec failed: unable to begin container course of: exec: "/bin/bash": stat /bin/bash: no such file or listing: unknown
[node1] (native) [email protected] ~/TekDefense-Automater
$ docker exec -it thirsty_burnell pwd
/
[node1] (native) [email protected] ~/TekDefense-Automater
$ docker exec -it thirsty_burnell sh
/ # python2
Python 2.7.18 (default, Oct 16 2021, 08:19:50) 
[GCC 10.3.1 20210921] on linux2
Kind "assist", "copyright", "credit" or "license" for extra info.
>>> 

/ # apk replace
fetch https://dl-cdn.alpinelinux.org/alpine/v3.15/major/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.15/group/x86_64/APKINDEX.tar.gz
v3.15.6-79-g18b652f36d [https://dl-cdn.alpinelinux.org/alpine/v3.15/main]
v3.15.6-75-g2ba602a0c7 [https://dl-cdn.alpinelinux.org/alpine/v3.15/community]
OK: 15866 distinct packages obtainable
/ # apk add git
(1/6) Putting in ca-certificates (20220614-r0)
(2/6) Putting in brotli-libs (1.0.9-r5)
(3/6) Putting in nghttp2-libs (1.46.0-r0)
(4/6) Putting in libcurl (7.80.0-r3)
(5/6) Putting in pcre2 (10.40-r0)
(6/6) Putting in git (2.34.4-r0)
Executing busybox-1.34.1-r5.set off
Executing ca-certificates-20220614-r0.set off
OK: 60 MiB in 29 packages
/ # git clone https://github.com/1aN0rmus/TekDefense-Automater.git
Cloning into 'TekDefense-Automater'...
distant: Enumerating objects: 260, achieved.
distant: Complete 260 (delta 0), reused 0 (delta 0), pack-reused 260
Receiving objects: 100% (260/260), 136.83 KiB | 5.95 MiB/s, achieved.
Resolving deltas: 100% (143/143), achieved.
/ # cd TekDefense-Automater/
/TekDefense-Automater # vi take a look at.txt
/TekDefense-Automater # python Automater.py take a look at.txt -o take a look at.out -c take a look at.csv -w take a look at.html -d 10
Traceback (most up-to-date name final):
  File "Automater.py", line 40, in <module>
    from siteinfo import SiteFacade, Web site
  File "/TekDefense-Automater/siteinfo.py", line 28, in <module>
    import requests
ImportError: No module named requests
/TekDefense-Automater # pip set up requests
DEPRECATION: Python 2.7 reached the tip of its life on January 1st, 2020. Please improve your Python as Python 2.7 is now not maintained. pip 21.0 will drop assist for Python 2.7 in January 2021. Extra particulars about Python 2 assist in pip will be discovered at https://pip.pypa.io/en/newest/growth/release-process/#python-2-support pip 21.0 will take away assist for this performance.
Accumulating requests
  Downloading requests-2.27.1-py2.py3-none-any.whl (63 kB)
     |████████████████████████████████| 63 kB 2.2 MB/s 
Accumulating urllib3<1.27,>=1.21.1
  Downloading urllib3-1.26.12-py2.py3-none-any.whl (140 kB)
     |████████████████████████████████| 140 kB 22.4 MB/s 
Accumulating certifi>=2017.4.17
  Downloading certifi-2021.10.8-py2.py3-none-any.whl (149 kB)
     |████████████████████████████████| 149 kB 21.8 MB/s 
Accumulating idna<3,>=2.5; python_version < "3"
  Downloading idna-2.10-py2.py3-none-any.whl (58 kB)
     |████████████████████████████████| 58 kB 4.8 MB/s 
Accumulating chardet<5,>=3.0.2; python_version < "3"
  Downloading chardet-4.0.0-py2.py3-none-any.whl (178 kB)
     |████████████████████████████████| 178 kB 18.7 MB/s 
Putting in collected packages: urllib3, certifi, idna, chardet, requests
Efficiently put in certifi-2021.10.8 chardet-4.0.0 idna-2.10 requests-2.27.1 urllib3-1.26.12
/TekDefense-Automater # python Automater.py take a look at.txt -o take a look at.out -c take a look at.csv -w take a look at.html -d 10

Notice” If you wish to cancel Python script operating, utilizing ctrl+ to stop.

The outcomes will present up after a few minutes (Please be affected person right here):

/TekDefense-Automater # python Automater.py take a look at.txt
____________________     Outcomes discovered for: 117.40.196.21     ____________________
No outcomes discovered within the RTex DNS
No outcomes discovered within the FNet URL
[+] VT ASN: No outcomes discovered
[+] VT Nation: No outcomes discovered
[+] VT AS Proprietor: No outcomes discovered
[+] VT pDNS: No outcomes discovered
[+] VT Malware: No outcomes discovered
[+] VT Mal URLs: No outcomes discovered
[+] Blacklist from IPVoid: No outcomes discovered
[+] ISP from IPvoid: No outcomes discovered
[+] Nation from IPVoid: No outcomes discovered
[+] Malc0de Date: No outcomes discovered
[+] Malc0de IP: No outcomes discovered
[+] Malc0de Nation: No outcomes discovered
[+] Malc0de ASN: No outcomes discovered
[+] Malc0de ASN Title: No outcomes discovered
[+] Malc0de MD5: No outcomes discovered
No outcomes discovered within the RA Rating
[+] FreeGeoIP Nation Title: No outcomes discovered
[+] FreeGeoIP Area Title: No outcomes discovered
[+] FreeGeoIP Metropolis: No outcomes discovered
[+] FreeGeoIP Zipcode: No outcomes discovered
[+] FreeGeoIP Latitude: No outcomes discovered
[+] FreeGeoIP Longitude: No outcomes discovered
[+] SANS complete goal IPs seen: No outcomes discovered
[+] SANS complete packets blocked: No outcomes discovered
[+] SANS final seen on: No outcomes discovered
[+] SANS first seen on: No outcomes discovered
No outcomes discovered within the THIP
No outcomes discovered within the TekHP
[+] ProjectHoneypot exercise kind: No outcomes discovered
[+] ProjectHoneypot first mail acquired: No outcomes discovered
[+] ProjectHoneypot final mail acquired: No outcomes discovered
[+] ProjectHoneypot complete mails acquired: No outcomes discovered
[+] ProjectHoneypot spider first seen: No outcomes discovered
[+] ProjectHoneypot spider final seen: No outcomes discovered
[+] ProjectHoneypot spider sightings: No outcomes discovered
[+] ProjectHoneypot user-agent sightings: No outcomes discovered
[+] ProjectHoneypot first submit on: No outcomes discovered
[+] ProjectHoneypot final submit on: No outcomes discovered
[+] ProjectHoneypot kind posts: No outcomes discovered
[+] ProjectHoneypot first rule break on: No outcomes discovered
[+] ProjectHoneypot final rule break on: No outcomes discovered
[+] ProjectHoneypot rule break sightings: No outcomes discovered
[+] ProjectHoneypot first dictionary assault on: No outcomes discovered
[+] ProjectHoneypot final dictionary assault on: No outcomes discovered
[+] ProjectHoneypot dictionary assault sightings: No outcomes discovered
[+] ProjectHoneypot harvester first seen: No outcomes discovered
[+] ProjectHoneypot harvester final seen: No outcomes discovered
[+] ProjectHoneypot harvester sightings: No outcomes discovered
[+] ProjectHoneypot harvester outcomes: No outcomes discovered
____________________     Outcomes discovered for: 37.192.170.224     ____________________
No outcomes discovered within the RTex DNS
No outcomes discovered within the FNet URL
[+] VT ASN: No outcomes discovered
[+] VT Nation: No outcomes discovered
[+] VT AS Proprietor: No outcomes discovered
[+] VT pDNS: No outcomes discovered
[+] VT Malware: No outcomes discovered
[+] VT Mal URLs: No outcomes discovered
[+] Blacklist from IPVoid: No outcomes discovered
[+] ISP from IPvoid: No outcomes discovered
[+] Nation from IPVoid: No outcomes discovered
[+] Malc0de Date: No outcomes discovered
[+] Malc0de IP: No outcomes discovered
[+] Malc0de Nation: No outcomes discovered
[+] Malc0de ASN: No outcomes discovered
[+] Malc0de ASN Title: No outcomes discovered
[+] Malc0de MD5: No outcomes discovered
No outcomes discovered within the RA Rating
[+] FreeGeoIP Nation Title: No outcomes discovered
[+] FreeGeoIP Area Title: No outcomes discovered
[+] FreeGeoIP Metropolis: No outcomes discovered
[+] FreeGeoIP Zipcode: No outcomes discovered
[+] FreeGeoIP Latitude: No outcomes discovered
[+] FreeGeoIP Longitude: No outcomes discovered
[+] SANS complete goal IPs seen: No outcomes discovered
[+] SANS complete packets blocked: No outcomes discovered
[+] SANS final seen on: No outcomes discovered
[+] SANS first seen on: No outcomes discovered
No outcomes discovered within the THIP
No outcomes discovered within the TekHP
[+] ProjectHoneypot exercise kind: No outcomes discovered
[+] ProjectHoneypot first mail acquired: No outcomes discovered
[+] ProjectHoneypot final mail acquired: No outcomes discovered
[+] ProjectHoneypot complete mails acquired: No outcomes discovered
[+] ProjectHoneypot spider first seen: roughly 2 years, 10 months, 4 weeks in the past
[+] ProjectHoneypot spider final seen: inside 2 years, 10 months, 4 weeks
[+] ProjectHoneypot spider sightings: 6 go to
[+] ProjectHoneypot user-agent sightings: seen with 1 user-agent(s)
[+] ProjectHoneypot first submit on: No outcomes discovered
[+] ProjectHoneypot final submit on: No outcomes discovered
[+] ProjectHoneypot kind posts: No outcomes discovered
[+] ProjectHoneypot first rule break on: No outcomes discovered
[+] ProjectHoneypot final rule break on: No outcomes discovered
[+] ProjectHoneypot rule break sightings: No outcomes discovered
[+] ProjectHoneypot first dictionary assault on: No outcomes discovered
[+] ProjectHoneypot final dictionary assault on: No outcomes discovered
[+] ProjectHoneypot dictionary assault sightings: No outcomes discovered
[+] ProjectHoneypot harvester first seen: No outcomes discovered
[+] ProjectHoneypot harvester final seen: No outcomes discovered
[+] ProjectHoneypot harvester sightings: No outcomes discovered
[+] ProjectHoneypot harvester outcomes: No outcomes discovered
____________________     Outcomes discovered for: 66.240.236.119     ____________________
No outcomes discovered within the RTex DNS
No outcomes discovered within the FNet URL
[+] VT ASN: No outcomes discovered
[+] VT Nation: No outcomes discovered
[+] VT AS Proprietor: No outcomes discovered
[+] VT pDNS: No outcomes discovered
[+] VT Malware: No outcomes discovered
[+] VT Mal URLs: No outcomes discovered
[+] Blacklist from IPVoid: No outcomes discovered
[+] ISP from IPvoid: No outcomes discovered
[+] Nation from IPVoid: No outcomes discovered
[+] Malc0de Date: No outcomes discovered
[+] Malc0de IP: No outcomes discovered
[+] Malc0de Nation: No outcomes discovered
[+] Malc0de ASN: No outcomes discovered
[+] Malc0de ASN Title: No outcomes discovered
[+] Malc0de MD5: No outcomes discovered
No outcomes discovered within the RA Rating
[+] FreeGeoIP Nation Title: No outcomes discovered
[+] FreeGeoIP Area Title: No outcomes discovered
[+] FreeGeoIP Metropolis: No outcomes discovered
[+] FreeGeoIP Zipcode: No outcomes discovered
[+] FreeGeoIP Latitude: No outcomes discovered
[+] FreeGeoIP Longitude: No outcomes discovered
[+] SANS complete goal IPs seen: 1496
[+] SANS complete packets blocked: 9910
[+] SANS final seen on: 2022-09-26
[+] SANS first seen on: 2021-09-11
No outcomes discovered within the THIP
No outcomes discovered within the TekHP
[+] ProjectHoneypot exercise kind: No outcomes discovered
[+] ProjectHoneypot first mail acquired: No outcomes discovered
[+] ProjectHoneypot final mail acquired: No outcomes discovered
[+] ProjectHoneypot complete mails acquired: No outcomes discovered
[+] ProjectHoneypot spider first seen: roughly 5 years, 8 months, 3 weeks in the past
[+] ProjectHoneypot spider final seen: inside 2 weeks
[+] ProjectHoneypot spider sightings: 604 go to
[+] ProjectHoneypot user-agent sightings: seen with 5 user-agent(s)
[+] ProjectHoneypot first submit on: No outcomes discovered
[+] ProjectHoneypot final submit on: No outcomes discovered
[+] ProjectHoneypot kind posts: No outcomes discovered
[+] ProjectHoneypot first rule break on: No outcomes discovered
[+] ProjectHoneypot final rule break on: No outcomes discovered
[+] ProjectHoneypot rule break sightings: No outcomes discovered
[+] ProjectHoneypot first dictionary assault on: No outcomes discovered
[+] ProjectHoneypot final dictionary assault on: No outcomes discovered
[+] ProjectHoneypot dictionary assault sightings: No outcomes discovered
[+] ProjectHoneypot harvester first seen: No outcomes discovered
[+] ProjectHoneypot harvester final seen: No outcomes discovered
[+] ProjectHoneypot harvester sightings: No outcomes discovered
[+] ProjectHoneypot harvester outcomes: No outcomes discovered
____________________     Outcomes discovered for: 70.119.165.198     ____________________
No outcomes discovered within the RTex DNS
No outcomes discovered within the FNet URL
[+] VT ASN: No outcomes discovered
[+] VT Nation: No outcomes discovered
[+] VT AS Proprietor: No outcomes discovered
[+] VT pDNS: No outcomes discovered
[+] VT Malware: No outcomes discovered
[+] VT Mal URLs: No outcomes discovered
[+] Blacklist from IPVoid: No outcomes discovered
[+] ISP from IPvoid: No outcomes discovered
[+] Nation from IPVoid: No outcomes discovered
[+] Malc0de Date: No outcomes discovered
[+] Malc0de IP: No outcomes discovered
[+] Malc0de Nation: No outcomes discovered
[+] Malc0de ASN: No outcomes discovered
[+] Malc0de ASN Title: No outcomes discovered
[+] Malc0de MD5: No outcomes discovered
No outcomes discovered within the RA Rating
[+] FreeGeoIP Nation Title: No outcomes discovered
[+] FreeGeoIP Area Title: No outcomes discovered
[+] FreeGeoIP Metropolis: No outcomes discovered
[+] FreeGeoIP Zipcode: No outcomes discovered
[+] FreeGeoIP Latitude: No outcomes discovered
[+] FreeGeoIP Longitude: No outcomes discovered
[+] SANS complete goal IPs seen: No outcomes discovered
[+] SANS complete packets blocked: No outcomes discovered
[+] SANS final seen on: No outcomes discovered
[+] SANS first seen on: No outcomes discovered
No outcomes discovered within the THIP
No outcomes discovered within the TekHP
[+] ProjectHoneypot exercise kind: No outcomes discovered
[+] ProjectHoneypot first mail acquired: No outcomes discovered
[+] ProjectHoneypot final mail acquired: No outcomes discovered
[+] ProjectHoneypot complete mails acquired: No outcomes discovered
[+] ProjectHoneypot spider first seen: No outcomes discovered
[+] ProjectHoneypot spider final seen: No outcomes discovered
[+] ProjectHoneypot spider sightings: No outcomes discovered
[+] ProjectHoneypot user-agent sightings: No outcomes discovered
[+] ProjectHoneypot first submit on: No outcomes discovered
[+] ProjectHoneypot final submit on: No outcomes discovered
[+] ProjectHoneypot kind posts: No outcomes discovered
[+] ProjectHoneypot first rule break on: No outcomes discovered
[+] ProjectHoneypot final rule break on: No outcomes discovered
[+] ProjectHoneypot rule break sightings: No outcomes discovered
[+] ProjectHoneypot first dictionary assault on: No outcomes discovered
[+] ProjectHoneypot final dictionary assault on: No outcomes discovered
[+] ProjectHoneypot dictionary assault sightings: No outcomes discovered
[+] ProjectHoneypot harvester first seen: No outcomes discovered
[+] ProjectHoneypot harvester final seen: No outcomes discovered
[+] ProjectHoneypot harvester sightings: No outcomes discovered
[+] ProjectHoneypot harvester outcomes: No outcomes discovered
____________________     Outcomes discovered for: 99.203.86.107     ____________________
No outcomes discovered within the RTex DNS
No outcomes discovered within the FNet URL
[+] VT ASN: No outcomes discovered
[+] VT Nation: No outcomes discovered
[+] VT AS Proprietor: No outcomes discovered
[+] VT pDNS: No outcomes discovered
[+] VT Malware: No outcomes discovered
[+] VT Mal URLs: No outcomes discovered
[+] Blacklist from IPVoid: No outcomes discovered
[+] ISP from IPvoid: No outcomes discovered
[+] Nation from IPVoid: No outcomes discovered
[+] Malc0de Date: No outcomes discovered
[+] Malc0de IP: No outcomes discovered
[+] Malc0de Nation: No outcomes discovered
[+] Malc0de ASN: No outcomes discovered
[+] Malc0de ASN Title: No outcomes discovered
[+] Malc0de MD5: No outcomes discovered
No outcomes discovered within the RA Rating
[+] FreeGeoIP Nation Title: No outcomes discovered
[+] FreeGeoIP Area Title: No outcomes discovered
[+] FreeGeoIP Metropolis: No outcomes discovered
[+] FreeGeoIP Zipcode: No outcomes discovered
[+] FreeGeoIP Latitude: No outcomes discovered
[+] FreeGeoIP Longitude: No outcomes discovered
[+] SANS complete goal IPs seen: No outcomes discovered
[+] SANS complete packets blocked: No outcomes discovered
[+] SANS final seen on: No outcomes discovered
[+] SANS first seen on: No outcomes discovered
No outcomes discovered within the THIP
No outcomes discovered within the TekHP
[+] ProjectHoneypot exercise kind: No outcomes discovered
[+] ProjectHoneypot first mail acquired: No outcomes discovered
[+] ProjectHoneypot final mail acquired: No outcomes discovered
[+] ProjectHoneypot complete mails acquired: No outcomes discovered
[+] ProjectHoneypot spider first seen: No outcomes discovered
[+] ProjectHoneypot spider final seen: No outcomes discovered
[+] ProjectHoneypot spider sightings: No outcomes discovered
[+] ProjectHoneypot user-agent sightings: No outcomes discovered
[+] ProjectHoneypot first submit on: No outcomes discovered
[+] ProjectHoneypot final submit on: No outcomes discovered
[+] ProjectHoneypot kind posts: No outcomes discovered
[+] ProjectHoneypot first rule break on: No outcomes discovered
[+] ProjectHoneypot final rule break on: No outcomes discovered
[+] ProjectHoneypot rule break sightings: No outcomes discovered
[+] ProjectHoneypot first dictionary assault on: No outcomes discovered
[+] ProjectHoneypot final dictionary assault on: No outcomes discovered
[+] ProjectHoneypot dictionary assault sightings: No outcomes discovered
[+] ProjectHoneypot harvester first seen: No outcomes discovered
[+] ProjectHoneypot harvester final seen: No outcomes discovered
[+] ProjectHoneypot harvester sightings: No outcomes discovered
[+] ProjectHoneypot harvester outcomes: No outcomes discovered
____________________     Outcomes discovered for: 99.203.87.35     ____________________
No outcomes discovered within the RTex DNS
No outcomes discovered within the FNet URL
[+] VT ASN: No outcomes discovered
[+] VT Nation: No outcomes discovered
[+] VT AS Proprietor: No outcomes discovered
[+] VT pDNS: No outcomes discovered
[+] VT Malware: No outcomes discovered
[+] VT Mal URLs: No outcomes discovered
[+] Blacklist from IPVoid: No outcomes discovered
[+] ISP from IPvoid: No outcomes discovered
[+] Nation from IPVoid: No outcomes discovered
[+] Malc0de Date: No outcomes discovered
[+] Malc0de IP: No outcomes discovered
[+] Malc0de Nation: No outcomes discovered
[+] Malc0de ASN: No outcomes discovered
[+] Malc0de ASN Title: No outcomes discovered
[+] Malc0de MD5: No outcomes discovered
No outcomes discovered within the RA Rating
[+] FreeGeoIP Nation Title: No outcomes discovered
[+] FreeGeoIP Area Title: No outcomes discovered
[+] FreeGeoIP Metropolis: No outcomes discovered
[+] FreeGeoIP Zipcode: No outcomes discovered
[+] FreeGeoIP Latitude: No outcomes discovered
[+] FreeGeoIP Longitude: No outcomes discovered
[+] SANS complete goal IPs seen: No outcomes discovered
[+] SANS complete packets blocked: No outcomes discovered
[+] SANS final seen on: No outcomes discovered
[+] SANS first seen on: No outcomes discovered
No outcomes discovered within the THIP
No outcomes discovered within the TekHP
[+] ProjectHoneypot exercise kind: No outcomes discovered
[+] ProjectHoneypot first mail acquired: No outcomes discovered
[+] ProjectHoneypot final mail acquired: No outcomes discovered
[+] ProjectHoneypot complete mails acquired: No outcomes discovered
[+] ProjectHoneypot spider first seen: No outcomes discovered
[+] ProjectHoneypot spider final seen: No outcomes discovered
[+] ProjectHoneypot spider sightings: No outcomes discovered
[+] ProjectHoneypot user-agent sightings: No outcomes discovered
[+] ProjectHoneypot first submit on: No outcomes discovered
[+] ProjectHoneypot final submit on: No outcomes discovered
[+] ProjectHoneypot kind posts: No outcomes discovered
[+] ProjectHoneypot first rule break on: No outcomes discovered
[+] ProjectHoneypot final rule break on: No outcomes discovered
[+] ProjectHoneypot rule break sightings: No outcomes discovered
[+] ProjectHoneypot first dictionary assault on: No outcomes discovered
[+] ProjectHoneypot final dictionary assault on: No outcomes discovered
[+] ProjectHoneypot dictionary assault sightings: No outcomes discovered
[+] ProjectHoneypot harvester first seen: No outcomes discovered
[+] ProjectHoneypot harvester final seen: No outcomes discovered
[+] ProjectHoneypot harvester sightings: No outcomes discovered
[+] ProjectHoneypot harvester outcomes: No outcomes discovered
/TekDefense-Automater # 

Run VirusTotal-Instruments/VT_Domain_Scanner_py3.py    

1. Register your virus complete account and get your API key

2. Modify the script so as to add your received apikey into this file

3. Run following instructions to get script obtain and module put in

[node1] (native) [email protected] ~
$ git clone https://github.com/clairmont32/VirusTotal-Instruments
Cloning into ‘VirusTotal-Instruments’…
distant: Enumerating objects: 240, achieved.
distant: Counting objects: 100% (27/27), achieved.
distant: Compressing objects: 100% (23/23), achieved.
distant: Complete 240 (delta 6), reused 0 (delta 0), pack-reused 213
Receiving objects: 100% (240/240), 7.32 MiB | 34.52 MiB/s, achieved.
Resolving deltas: 100% (97/97), achieved.
[node1] (native) [email protected] ~
$ cd VirusTotal-Instruments/
[node1] (native) [email protected] ~/VirusTotal-Instruments
$ python3 VT_Domain_Scanner_py3.py 
/root/VirusTotal-Instruments/VT_Domain_Scanner_py3.py:46: SyntaxWarning: “will not be” with a literal. Did you imply “!=”?
  if jsonResponse[‘response_code’] will not be 1:
/root/VirusTotal-Instruments/VT_Domain_Scanner_py3.py:100: SyntaxWarning: “is” with a literal. Did you imply “==”?
  if jsonResponse[‘response_code’] is 0:
Traceback (most up-to-date name final):
  File “/root/VirusTotal-Instruments/VT_Domain_Scanner_py3.py”, line 10, in <module>
    import requests
ModuleNotFoundError: No module named ‘requests’
[node1] (native) [email protected] ~/VirusTotal-Instruments
$ pip set up requests
Accumulating requests
  Downloading requests-2.28.1-py3-none-any.whl (62 kB)
     ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 62.8/62.8 kB 10.0 MB/s eta 0:00:00
Accumulating charset-normalizer<3,>=2
  Downloading charset_normalizer-2.1.1-py3-none-any.whl (39 kB)
Accumulating idna<4,>=2.5
  Downloading idna-3.4-py3-none-any.whl (61 kB)
     ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 61.5/61.5 kB 12.8 MB/s eta 0:00:00
Accumulating urllib3<1.27,>=1.21.1
  Downloading urllib3-1.26.12-py2.py3-none-any.whl (140 kB)
     ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 140.4/140.4 kB 21.8 MB/s eta 0:00:00
Accumulating certifi>=2017.4.17
  Downloading certifi-2022.9.24-py3-none-any.whl (161 kB)
     ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 161.1/161.1 kB 29.9 MB/s eta 0:00:00
Putting in collected packages: urllib3, idna, charset-normalizer, certifi, requests
Efficiently put in certifi-2022.9.24 charset-normalizer-2.1.1 idna-3.4 requests-2.28.1 urllib3-1.26.12
WARNING: Operating pip because the ‘root’ person may end up in damaged permissions and conflicting behaviour with the system package deal supervisor. It is strongly recommended to make use of a digital surroundings as an alternative: https://pip.pypa.io/warnings/venv
[node1] (native) [email protected] ~/VirusTotal-Instruments
$ python3 VT_Domain_Scanner_py3.py 
/root/VirusTotal-Instruments/VT_Domain_Scanner_py3.py:46: SyntaxWarning: “will not be” with a literal. Did you imply “!=”?
  if jsonResponse[‘response_code’] will not be 1:
/root/VirusTotal-Instruments/VT_Domain_Scanner_py3.py:100: SyntaxWarning: “is” with a literal. Did you imply “==”?
  if jsonResponse[‘response_code’] is 0:
Please make sure the file is closed.
[Errno 2] No such file or listing: ‘domains.txt’
[node1] (native) [email protected] ~/VirusTotal-Instruments

4. Put all ip addresses/URLs / Area Title into domains.txt file. One per line.

5. Run it utilizing command “python3 VT_Domain_Scanner_py3.py”

/TekDefense-Automater # cat take a look at.txt 
54.179.131.230
185.220.101.54
117.149.0.14
112.11.242.201
45.185.6.35
185.183.158.57
2600:1f18:d7f:1900:4909:f65c:c131:aa6b
/TekDefense-Automater # exit
[node1] (native) [email protected] ~/VirusTotal-Instruments
$ vi domains.txt
[node1] (native) [email protected] ~/VirusTotal-Instruments
$ python3 VT_Domain_Scanner_py3.py 
/root/VirusTotal-Instruments/VT_Domain_Scanner_py3.py:46: SyntaxWarning: “will not be” with a literal. Did you imply “!=”?
  if jsonResponse[‘response_code’] will not be 1:
/root/VirusTotal-Instruments/VT_Domain_Scanner_py3.py:100: SyntaxWarning: “is” with a literal. Did you imply “==”?
  if jsonResponse[‘response_code’] is 0:
54[.]179[.]131[.]230
<Response [403]>
185[.]220[.]101[.]54
<Response [403]>
117[.]149[.]0[.]14
<Response [403]>
112[.]11[.]242[.]201
<Response [403]>
45[.]185[.]6[.]35
<Response [403]>
185[.]183[.]158[.]57
<Response [403]>
2600:1f18:d7f:1900:4909:f65c:c131:aa6b
<Response [403]>
[node1] (native) [email protected] ~/VirusTotal-Instruments
$ ls
LICENSE                               VT_Domain_Scanner_py3.exe             VT_Domain_Scanner_py3_CLI_version.py  domains.txt
README.md                             VT_Domain_Scanner_py3.py              VT_Hash_Search.py                     outcomes.csv
[node1] (native) [email protected] ~/VirusTotal-Instruments
$ vi VT_Domain_Scanner_py3.py 
[node1] (native) [email protected] ~/VirusTotal-Instruments
$ python3 VT_Domain_Scanner_py3.py 
/root/VirusTotal-Instruments/VT_Domain_Scanner_py3.py:46: SyntaxWarning: “will not be” with a literal. Did you imply “!=”?
  if jsonResponse[‘response_code’] will not be 1:
/root/VirusTotal-Instruments/VT_Domain_Scanner_py3.py:100: SyntaxWarning: “is” with a literal. Did you imply “==”?
  if jsonResponse[‘response_code’] is 0:
54[.]179[.]131[.]230
<Response [200]>
54[.]179[.]131[.]230 was scanned efficiently.
Report is prepared for 54[.]179[.]131[.]230
185[.]220[.]101[.]54
<Response [200]>
185[.]220[.]101[.]54 was scanned efficiently.
Report is prepared for 185[.]220[.]101[.]54
117[.]149[.]0[.]14
<Response [200]>
117[.]149[.]0[.]14 was scanned efficiently.
Report is prepared for 117[.]149[.]0[.]14
112[.]11[.]242[.]201
<Response [200]>
112[.]11[.]242[.]201 was scanned efficiently.
Report is prepared for 112[.]11[.]242[.]201
45[.]185[.]6[.]35
<Response [200]>
45[.]185[.]6[.]35 was scanned efficiently.
Report is prepared for 45[.]185[.]6[.]35
185[.]183[.]158[.]57
<Response [200]>
185[.]183[.]158[.]57 was scanned efficiently.
Report is prepared for 185[.]183[.]158[.]57
2600:1f18:d7f:1900:4909:f65c:c131:aa6b
<Response [200]>
There was an error submitting the area for scanning.
Invalid URL, the scan request was not queued
There was an error submitting the area for scanning.
There was an error when scanning 2600:1f18:d7f:1900:4909:f65c:c131:aa6b. Including area to error record….
There have been 1 errors scanning domains
[‘2600:1f18:d7f:1900:4909:f65c:c131:aa6b’]
[node1] (native) [email protected] ~/VirusTotal-Instruments
$ extra outcomes.csv 
Scan Date,Area,# of Optimistic Scans,# of Complete Scans,Permalink
2020-06-13 18:40:30,54[.]179[.]131[.]230,0,79,https://www.virustotal.com/gui/url/a6be98ea89ea1fbe029e74d1b7d6e5b245f0769bd91e79c3d9d9d867f065b26f/detection/u-a6be98
ea89ea1fbe029e74d1b7d6e5b245f0769bd91e79c3d9d9d867f065b26f-1592073630
2022-09-25 17:56:57,185[.]220[.]101[.]54,10,88,https://www.virustotal.com/gui/url/ec895a3b96ac0b00ea1ca399d126e6fcf9066f720fc364b5550bf8d38e52b116/detection/u-ec895
a3b96ac0b00ea1ca399d126e6fcf9066f720fc364b5550bf8d38e52b116-1664128617
2022-09-18 13:01:53,117[.]149[.]0[.]14,1,88,https://www.virustotal.com/gui/url/44807e29e82f7a33bdb08ee2bba57985c6b4b78380e308abc61404122db994f4/detection/u-44807e29
e82f7a33bdb08ee2bba57985c6b4b78380e308abc61404122db994f4-1663506113
2022-09-26 13:01:45,112[.]11[.]242[.]201,2,88,https://www.virustotal.com/gui/url/fec3bab04a07fa515a6cc9d072d029e6c047a2eb02f4aa7e429203418120f6fd/detection/u-fec3ba
b04a07fa515a6cc9d072d029e6c047a2eb02f4aa7e429203418120f6fd-1664197305
2022-09-26 17:14:23,45[.]185[.]6[.]35,4,88,https://www.virustotal.com/gui/url/ee2c58572262408b77a73309bffbce0b08648a89395455ac864eb26593236cde/detection/u-ee2c58572
262408b77a73309bffbce0b08648a89395455ac864eb26593236cde-1664212463
2022-09-26 17:14:53,185[.]183[.]158[.]57,2,88,https://www.virustotal.com/gui/url/f30cbb07e73d3fe3bb68e140e124bff245f8e2ca6fc4b6aeb182f141e8b399e6/detection/u-f30cbb
07e73d3fe3bb68e140e124bff245f8e2ca6fc4b6aeb182f141e8b399e6-1664212493

You’ll get a url for every ip/area you place into domains.txt file. 



Source_link

Leave a Reply

Your email address will not be published.