Machinae Security Intelligence Collector

Came across this tool while investigating IOCs and needed a fast way to gather intel on IPs, domains, hashes etc. You can find this opensource tool here:

https://github.com/HurricaneLabs/machinae

Keep in mind you can simple pip install:


pip3 install machinae

but you will still need to download the config file “machinae.yml” which can you find here:

https://github.com/HurricaneLabs/machinae/blob/master/machinae.yml

HTTP Basic Authentication and Configuration

Machinae supports HTTP Basic Auth for sites that require it through the –auth/-a flag. You will need to create a YAML file with your credentials, which will include a key to the site that requires the credentials and a list of two items, username and password or API key. For example, for the included PassiveTotal site this might look like:

passivetotal: [‘myemail@example.com’, ‘my_api_key’]
Inside the site configuration under request you will see a key such as:

1
2
3
4
5
6
json:
  request:
    url: '...'
    auth: passivetotal
The auth: passivetotal points to the key inside the authentication config passed
Once installed simply run:

Usage:

1
2
3
machinae [-h] [-c CONFIG] [-d DELAY] [-f FILE] [--nomerge] [-o {D,J,N}]
                [-O {ipv4,ipv6,fqdn,email,sslfp,hash,url}] [-q] [-s SITES]
                targets [targets ...]

Best thing about Machinae is the out of the box support with the following data sources:

IPVoid
URLVoid
URL Unshortener (http://www.toolsvoid.com/unshorten-url)
Malc0de
SANS
FreeGeoIP (freegeoip.io)
Fortinet Category
VirusTotal pDNS (via web scrape – commented out)
VirusTotal pDNS (via JSON API)
VirusTotal URL Report (via JSON API)
VirusTotal File Report (via JSON API)
Reputation Authority
ThreatExpert
VxVault
ProjectHoneypot
McAfee Threat Intelligence
StopForumSpam
Cymru MHR
ICSI Certificate Notary
TotalHash (disabled by default)
DomainTools Parsed Whois (Requires API key)
DomainTools Reverse Whois (Requires API key)
DomainTools Reputation
IP WHOIS (Using RIR REST interfaces)

Depending if you want to output the data to a file, just append it as follows:

1
machinae IP_ADDR >> IP_ADDR.txt

Really cool tool to have.

Leave a Reply

Your email address will not be published. Required fields are marked *