Upload files to "TTPs/Analysis"

This commit is contained in:
2024-11-24 18:11:52 -05:00
parent 9245f7eeee
commit b05644f326
5 changed files with 307 additions and 0 deletions

View File

@ -0,0 +1,57 @@
import webbrowser
from Modules.submenu import build_submenu
def analysis_domain_submenu():
"""
Submenu for domain analysis tools and resources.
"""
actions = {
"1": {"description": "UrlScan", "function": open_urlscan},
"2": {"description": "Wannabrowser", "function": open_wannabrowser},
"3": {"description": "Browserling", "function": open_browserling},
"4": {"description": "Kasm", "function": open_kasm},
"5": {"description": "URL2PNG", "function": open_url2png},
}
build_submenu("Domain Analysis Tools", actions)
# Functions to open each link
def open_urlscan():
"""
Open UrlScan website.
"""
url = "https://urlscan.io/"
webbrowser.open(url)
print(f"Opening: {url}")
def open_wannabrowser():
"""
Open Wannabrowser website.
"""
url = "https://www.wannabrowser.net/"
webbrowser.open(url)
print(f"Opening: {url}")
def open_browserling():
"""
Open Browserling website.
"""
url = "https://www.browserling.com/"
webbrowser.open(url)
print(f"Opening: {url}")
def open_kasm():
"""
Open Kasm website.
"""
url = "https://www.kasmweb.com/"
webbrowser.open(url)
print(f"Opening: {url}")
def open_url2png():
"""
Open URL2PNG website.
"""
url = "https://www.url2png.com/"
webbrowser.open(url)
print(f"Opening: {url}")

View File

@ -0,0 +1,58 @@
import os
import subprocess
import webbrowser
from Modules.submenu import build_submenu
def analysis_filehash_submenu():
"""
Submenu for file hash analysis tools and methods.
"""
actions = {
"1": {"description": "Get File Hash (MD5)", "function": get_file_hash_md5},
"2": {"description": "Check File Hash on VirusTotal", "function": check_virustotal},
"3": {"description": "Other Hash Algorithms (SHA1/SHA256)", "function": get_file_hash_other},
}
build_submenu("File Hash Analysis", actions)
# Functions for file hash analysis
def get_file_hash_md5():
"""
Run a PowerShell command to get the MD5 hash of a file.
"""
file_path = input("Enter the full file path: ").strip()
try:
if os.name == 'nt': # Check if running on Windows
command = f'powershell.exe Get-FileHash -Algorithm MD5 "{file_path}"'
subprocess.run(command, shell=True)
else:
print("This command is only available on Windows with PowerShell.")
except Exception as e:
print(f"Error running PowerShell command: {e}")
def check_virustotal():
"""
Open VirusTotal to check the file hash.
"""
file_hash = input("Enter the file hash (MD5, SHA1, or SHA256): ").strip()
url = f"https://www.virustotal.com/gui/search/{file_hash}"
webbrowser.open(url)
print(f"Opening VirusTotal for hash: {file_hash}")
def get_file_hash_other():
"""
Run a PowerShell command to get SHA1 or SHA256 hash of a file.
"""
file_path = input("Enter the full file path: ").strip()
algorithm = input("Enter the hash algorithm (SHA1 or SHA256): ").strip().upper()
if algorithm not in ["SHA1", "SHA256"]:
print("Invalid algorithm. Please choose SHA1 or SHA256.")
return
try:
if os.name == 'nt': # Check if running on Windows
command = f'powershell.exe Get-FileHash -Algorithm {algorithm} "{file_path}"'
subprocess.run(command, shell=True)
else:
print("This command is only available on Windows with PowerShell.")
except Exception as e:
print(f"Error running PowerShell command: {e}")

View File

@ -0,0 +1,62 @@
import webbrowser
from Modules.submenu import build_submenu
from Modules.Imports.ttp_imports import *
def analysis_ip_submenu():
"""
Submenu for IP analysis resources and tools.
"""
actions = {
"1": {"description": "Open Censys", "function": open_censys},
"2": {"description": "Open Shodan", "function": open_shodan},
"3": {"description": "Open Feodo Tracker", "function": open_feodo},
"4": {"description": "Open IBM X-Force", "function": open_ibm_xforce},
"5": {"description": "Open Greynoise", "function": open_greynoise},
"6": {"description": "Open IP Void", "function": open_ipvoid},
"7": {"description": "Open URL Scan", "function": open_urlscan},
"8": {"description": "Open VirusTotal", "function": open_virustotal},
"9": {"description": "Open DNS Dumpster", "function": open_dnsdumpster},
"10": {"description": "Open BGP Tools", "function": open_bgptools},
}
build_submenu("IP Analysis Resources", actions)
# Functions to open each resource in the default web browser
def open_censys():
webbrowser.open("https://search.censys.io/")
print("Opening Censys in your browser...")
def open_shodan():
webbrowser.open("https://www.shodan.io/")
print("Opening Shodan in your browser...")
def open_feodo():
webbrowser.open("https://feodotracker.abuse.ch/browse/")
print("Opening Feodo Tracker in your browser...")
def open_ibm_xforce():
webbrowser.open("https://exchange.xforce.ibmcloud.com/")
print("Opening IBM X-Force in your browser...")
def open_greynoise():
webbrowser.open("https://viz.greynoise.io/")
print("Opening Greynoise in your browser...")
def open_ipvoid():
webbrowser.open("https://www.ipvoid.com/")
print("Opening IP Void in your browser...")
def open_urlscan():
webbrowser.open("https://urlscan.io/")
print("Opening URL Scan in your browser...")
def open_virustotal():
webbrowser.open("https://www.virustotal.com/gui/")
print("Opening VirusTotal in your browser...")
def open_dnsdumpster():
webbrowser.open("https://dnsdumpster.com/")
print("Opening DNS Dumpster in your browser...")
def open_bgptools():
webbrowser.open("https://bgp.tools/")
print("Opening BGP Tools in your browser...")

View File

@ -0,0 +1,65 @@
import webbrowser
from Modules.submenu import build_submenu
def analysis_malware_submenu():
"""
Submenu for malware analysis tools and resources.
"""
actions = {
"1": {"description": "Virus Total", "function": open_virus_total},
"2": {"description": "INTEZER", "function": open_intezer},
"3": {"description": "Any Run", "function": open_any_run},
"4": {"description": "Joe Security", "function": open_joe_security},
"5": {"description": "Hybrid Analysis", "function": open_hybrid_analysis},
"6": {"description": "OTX Alienvault", "function": open_otx_alienvault},
}
build_submenu("Malware Analysis Tools", actions)
# Functions to open each link
def open_virus_total():
"""
Open Virus Total website.
"""
url = "https://www.virustotal.com/gui/home/upload"
webbrowser.open(url)
print(f"Opening: {url}")
def open_intezer():
"""
Open Intezer website.
"""
url = "https://analyze.intezer.com/"
webbrowser.open(url)
print(f"Opening: {url}")
def open_any_run():
"""
Open Any Run website.
"""
url = "https://any.run/"
webbrowser.open(url)
print(f"Opening: {url}")
def open_joe_security():
"""
Open Joe Security website.
"""
url = "https://www.joesecurity.org/"
webbrowser.open(url)
print(f"Opening: {url}")
def open_hybrid_analysis():
"""
Open Hybrid Analysis website.
"""
url = "https://www.hybrid-analysis.com/"
webbrowser.open(url)
print(f"Opening: {url}")
def open_otx_alienvault():
"""
Open OTX Alienvault website.
"""
url = "https://otx.alienvault.com/"
webbrowser.open(url)
print(f"Opening: {url}")

View File

@ -0,0 +1,65 @@
import webbrowser
from Modules.submenu import build_submenu
def analysis_threat_submenu():
"""
Submenu for threat intelligence tools and resources.
"""
actions = {
"1": {"description": "Threat Intel - MyDFIR (YouTube)", "function": open_mydfir},
"2": {"description": "Threat View", "function": open_threatview},
"3": {"description": "Threat Miner", "function": open_threatminer},
"4": {"description": "Pulsedive", "function": open_pulsedive},
"5": {"description": "OTX Alienvault", "function": open_otx_alienvault},
"6": {"description": "Pyramid of Pain", "function": open_pyramid_of_pain},
}
build_submenu("Threat Intelligence Resources", actions)
# Functions to open each link
def open_mydfir():
"""
Open Threat Intel - MyDFIR YouTube video.
"""
url = "https://youtu.be/PyWKOG3q4P4?si=eh4Dl_40ZscQa9n8"
webbrowser.open(url)
print(f"Opening: {url}")
def open_threatview():
"""
Open Threat View website.
"""
url = "https://threatview.io/"
webbrowser.open(url)
print(f"Opening: {url}")
def open_threatminer():
"""
Open Threat Miner website.
"""
url = "https://www.threatminer.org/index.php"
webbrowser.open(url)
print(f"Opening: {url}")
def open_pulsedive():
"""
Open Pulsedive website.
"""
url = "https://pulsedive.com/"
webbrowser.open(url)
print(f"Opening: {url}")
def open_otx_alienvault():
"""
Open OTX Alienvault website.
"""
url = "https://otx.alienvault.com/"
webbrowser.open(url)
print(f"Opening: {url}")
def open_pyramid_of_pain():
"""
Open Pyramid of Pain resource.
"""
url = "https://detect-respond.blogspot.com/2013/03/the-pyramid-of-pain.html"
webbrowser.open(url)
print(f"Opening: {url}")