109 lines
3.3 KiB
Python
109 lines
3.3 KiB
Python
#!/usr/bin/venv python
|
|
# -*- coding: utf-8 -*-
|
|
|
|
from argparse import ArgumentParser
|
|
import requests
|
|
import re
|
|
from config import VT_ATTRIBUTES_MAPPING
|
|
from vt import VT
|
|
from dnsinformations import DNSInformations as DNS
|
|
|
|
|
|
def checkArguments():
|
|
parser = ArgumentParser(description="baoSOC")
|
|
parser.add_argument('-c', '--config', help='Config file')
|
|
parser.add_argument('--hash', help='Hash file', action='store_true')
|
|
parser.add_argument('--dns', help='Get domain name information')
|
|
parser.add_argument('--dnsattacks', help='Parse DNS pcap file')
|
|
return parser.parse_args()
|
|
|
|
def usage():
|
|
print("------------------------------")
|
|
print("| baoSOC |")
|
|
print("------------------------------\n")
|
|
print("A tool for SOC analyst\n")
|
|
print("Usage: main.py [COMMAND]")
|
|
print("-c PATH, --config PATH\t\tConfig file - mandatory")
|
|
print("--hash FILE\t\t\tHash the file and check in VirusTotal")
|
|
print("--dns FQDN\t\t\tGet information regarding the domain with whois and VirusTotal")
|
|
print("--dnsattacks FILE\t\t\tParse the DNS pcap file and identify some DNS attacks")
|
|
|
|
def mainMenu():
|
|
print("\n baoSOC ")
|
|
print(" What would you like to do? ")
|
|
print("\n OPTION 1: Sanitise URL For emails ")
|
|
print(" OPTION 2: Decoders (PP, URL, SafeLinks) ")
|
|
print(" OPTION 3: Reputation Checker")
|
|
print(" OPTION 4: DNS Tools")
|
|
print(" OPTION 5: Hashing Function")
|
|
print(" OPTION 6: Phishing Analysis")
|
|
print(" OPTION 7: URL scan")
|
|
print(" OPTION 9: Extras")
|
|
print(" OPTION 0: Exit Tool")
|
|
|
|
def readConfigFile(config):
|
|
"""
|
|
This function read the config file
|
|
"""
|
|
data = {}
|
|
try:
|
|
with open(config, 'r') as f:
|
|
lines = f.readlines()
|
|
|
|
# Split each line into te dictionary
|
|
for line in lines:
|
|
l = line.split(":")
|
|
lineParsed = l[1].replace(" ", "")
|
|
lineParsed = lineParsed.replace("\n", "")
|
|
data[l[0]] = lineParsed
|
|
|
|
except FileNotFoundError:
|
|
return None
|
|
return data
|
|
|
|
def main():
|
|
args = checkArguments()
|
|
|
|
if not args.config:
|
|
usage()
|
|
exit(1);
|
|
|
|
# Read the config file
|
|
config = readConfigFile(args.config)
|
|
if config is None:
|
|
print("Failed to read the config file")
|
|
exit(0)
|
|
|
|
#vt = VT(config['api_key'])
|
|
#report = list()
|
|
#print(vt.getIPVirusTotal("1.1.1.1", report))
|
|
|
|
if args.dns:
|
|
dns = DNS(config['api_key'], args.dns)
|
|
|
|
print("IP Informations:\n")
|
|
report = dns.resolver()
|
|
for key in report.keys():
|
|
print(f"{key}: ")
|
|
for entry in report[key]:
|
|
for subkey in entry.keys():
|
|
value = entry[subkey]
|
|
if isinstance(value, bytes):
|
|
value = value.decode()
|
|
print(f"\t{subkey}: {value}")
|
|
|
|
print("\nReport with Whois:\n")
|
|
report = dns.whois()
|
|
for key in report.keys():
|
|
if isinstance(report[key], list):
|
|
print(f"{key}:")
|
|
for value in report[key]:
|
|
print(f"\t{value}")
|
|
else:
|
|
print(f"{key}: {report[key]}")
|
|
|
|
print("\nReport with VirusTotal:\n")
|
|
|
|
if __name__ == "__main__":
|
|
main()
|