Upload files to "TTPs/Analysis"
This commit is contained in:
57
TTPs/Analysis/analysis_domain.py
Normal file
57
TTPs/Analysis/analysis_domain.py
Normal file
@ -0,0 +1,57 @@
|
||||
import webbrowser
|
||||
from Modules.submenu import build_submenu
|
||||
|
||||
def analysis_domain_submenu():
|
||||
"""
|
||||
Submenu for domain analysis tools and resources.
|
||||
"""
|
||||
actions = {
|
||||
"1": {"description": "UrlScan", "function": open_urlscan},
|
||||
"2": {"description": "Wannabrowser", "function": open_wannabrowser},
|
||||
"3": {"description": "Browserling", "function": open_browserling},
|
||||
"4": {"description": "Kasm", "function": open_kasm},
|
||||
"5": {"description": "URL2PNG", "function": open_url2png},
|
||||
}
|
||||
build_submenu("Domain Analysis Tools", actions)
|
||||
|
||||
# Functions to open each link
|
||||
def open_urlscan():
|
||||
"""
|
||||
Open UrlScan website.
|
||||
"""
|
||||
url = "https://urlscan.io/"
|
||||
webbrowser.open(url)
|
||||
print(f"Opening: {url}")
|
||||
|
||||
def open_wannabrowser():
|
||||
"""
|
||||
Open Wannabrowser website.
|
||||
"""
|
||||
url = "https://www.wannabrowser.net/"
|
||||
webbrowser.open(url)
|
||||
print(f"Opening: {url}")
|
||||
|
||||
def open_browserling():
|
||||
"""
|
||||
Open Browserling website.
|
||||
"""
|
||||
url = "https://www.browserling.com/"
|
||||
webbrowser.open(url)
|
||||
print(f"Opening: {url}")
|
||||
|
||||
def open_kasm():
|
||||
"""
|
||||
Open Kasm website.
|
||||
"""
|
||||
url = "https://www.kasmweb.com/"
|
||||
webbrowser.open(url)
|
||||
print(f"Opening: {url}")
|
||||
|
||||
def open_url2png():
|
||||
"""
|
||||
Open URL2PNG website.
|
||||
"""
|
||||
url = "https://www.url2png.com/"
|
||||
webbrowser.open(url)
|
||||
print(f"Opening: {url}")
|
||||
|
58
TTPs/Analysis/analysis_filehash.py
Normal file
58
TTPs/Analysis/analysis_filehash.py
Normal file
@ -0,0 +1,58 @@
|
||||
import os
|
||||
import subprocess
|
||||
import webbrowser
|
||||
from Modules.submenu import build_submenu
|
||||
|
||||
def analysis_filehash_submenu():
|
||||
"""
|
||||
Submenu for file hash analysis tools and methods.
|
||||
"""
|
||||
actions = {
|
||||
"1": {"description": "Get File Hash (MD5)", "function": get_file_hash_md5},
|
||||
"2": {"description": "Check File Hash on VirusTotal", "function": check_virustotal},
|
||||
"3": {"description": "Other Hash Algorithms (SHA1/SHA256)", "function": get_file_hash_other},
|
||||
}
|
||||
build_submenu("File Hash Analysis", actions)
|
||||
|
||||
# Functions for file hash analysis
|
||||
|
||||
def get_file_hash_md5():
|
||||
"""
|
||||
Run a PowerShell command to get the MD5 hash of a file.
|
||||
"""
|
||||
file_path = input("Enter the full file path: ").strip()
|
||||
try:
|
||||
if os.name == 'nt': # Check if running on Windows
|
||||
command = f'powershell.exe Get-FileHash -Algorithm MD5 "{file_path}"'
|
||||
subprocess.run(command, shell=True)
|
||||
else:
|
||||
print("This command is only available on Windows with PowerShell.")
|
||||
except Exception as e:
|
||||
print(f"Error running PowerShell command: {e}")
|
||||
|
||||
def check_virustotal():
|
||||
"""
|
||||
Open VirusTotal to check the file hash.
|
||||
"""
|
||||
file_hash = input("Enter the file hash (MD5, SHA1, or SHA256): ").strip()
|
||||
url = f"https://www.virustotal.com/gui/search/{file_hash}"
|
||||
webbrowser.open(url)
|
||||
print(f"Opening VirusTotal for hash: {file_hash}")
|
||||
|
||||
def get_file_hash_other():
|
||||
"""
|
||||
Run a PowerShell command to get SHA1 or SHA256 hash of a file.
|
||||
"""
|
||||
file_path = input("Enter the full file path: ").strip()
|
||||
algorithm = input("Enter the hash algorithm (SHA1 or SHA256): ").strip().upper()
|
||||
if algorithm not in ["SHA1", "SHA256"]:
|
||||
print("Invalid algorithm. Please choose SHA1 or SHA256.")
|
||||
return
|
||||
try:
|
||||
if os.name == 'nt': # Check if running on Windows
|
||||
command = f'powershell.exe Get-FileHash -Algorithm {algorithm} "{file_path}"'
|
||||
subprocess.run(command, shell=True)
|
||||
else:
|
||||
print("This command is only available on Windows with PowerShell.")
|
||||
except Exception as e:
|
||||
print(f"Error running PowerShell command: {e}")
|
62
TTPs/Analysis/analysis_ip.py
Normal file
62
TTPs/Analysis/analysis_ip.py
Normal file
@ -0,0 +1,62 @@
|
||||
import webbrowser
|
||||
from Modules.submenu import build_submenu
|
||||
from Modules.Imports.ttp_imports import *
|
||||
|
||||
def analysis_ip_submenu():
|
||||
"""
|
||||
Submenu for IP analysis resources and tools.
|
||||
"""
|
||||
actions = {
|
||||
"1": {"description": "Open Censys", "function": open_censys},
|
||||
"2": {"description": "Open Shodan", "function": open_shodan},
|
||||
"3": {"description": "Open Feodo Tracker", "function": open_feodo},
|
||||
"4": {"description": "Open IBM X-Force", "function": open_ibm_xforce},
|
||||
"5": {"description": "Open Greynoise", "function": open_greynoise},
|
||||
"6": {"description": "Open IP Void", "function": open_ipvoid},
|
||||
"7": {"description": "Open URL Scan", "function": open_urlscan},
|
||||
"8": {"description": "Open VirusTotal", "function": open_virustotal},
|
||||
"9": {"description": "Open DNS Dumpster", "function": open_dnsdumpster},
|
||||
"10": {"description": "Open BGP Tools", "function": open_bgptools},
|
||||
}
|
||||
build_submenu("IP Analysis Resources", actions)
|
||||
|
||||
# Functions to open each resource in the default web browser
|
||||
def open_censys():
|
||||
webbrowser.open("https://search.censys.io/")
|
||||
print("Opening Censys in your browser...")
|
||||
|
||||
def open_shodan():
|
||||
webbrowser.open("https://www.shodan.io/")
|
||||
print("Opening Shodan in your browser...")
|
||||
|
||||
def open_feodo():
|
||||
webbrowser.open("https://feodotracker.abuse.ch/browse/")
|
||||
print("Opening Feodo Tracker in your browser...")
|
||||
|
||||
def open_ibm_xforce():
|
||||
webbrowser.open("https://exchange.xforce.ibmcloud.com/")
|
||||
print("Opening IBM X-Force in your browser...")
|
||||
|
||||
def open_greynoise():
|
||||
webbrowser.open("https://viz.greynoise.io/")
|
||||
print("Opening Greynoise in your browser...")
|
||||
|
||||
def open_ipvoid():
|
||||
webbrowser.open("https://www.ipvoid.com/")
|
||||
print("Opening IP Void in your browser...")
|
||||
|
||||
def open_urlscan():
|
||||
webbrowser.open("https://urlscan.io/")
|
||||
print("Opening URL Scan in your browser...")
|
||||
|
||||
def open_virustotal():
|
||||
webbrowser.open("https://www.virustotal.com/gui/")
|
||||
print("Opening VirusTotal in your browser...")
|
||||
|
||||
def open_dnsdumpster():
|
||||
webbrowser.open("https://dnsdumpster.com/")
|
||||
print("Opening DNS Dumpster in your browser...")
|
||||
|
||||
def open_bgptools():
|
||||
webbrowser.open("https://bgp.tools/")
|
||||
print("Opening BGP Tools in your browser...")
|
65
TTPs/Analysis/analysis_malware.py
Normal file
65
TTPs/Analysis/analysis_malware.py
Normal file
@ -0,0 +1,65 @@
|
||||
import webbrowser
|
||||
from Modules.submenu import build_submenu
|
||||
|
||||
def analysis_malware_submenu():
|
||||
"""
|
||||
Submenu for malware analysis tools and resources.
|
||||
"""
|
||||
actions = {
|
||||
"1": {"description": "Virus Total", "function": open_virus_total},
|
||||
"2": {"description": "INTEZER", "function": open_intezer},
|
||||
"3": {"description": "Any Run", "function": open_any_run},
|
||||
"4": {"description": "Joe Security", "function": open_joe_security},
|
||||
"5": {"description": "Hybrid Analysis", "function": open_hybrid_analysis},
|
||||
"6": {"description": "OTX Alienvault", "function": open_otx_alienvault},
|
||||
}
|
||||
build_submenu("Malware Analysis Tools", actions)
|
||||
|
||||
# Functions to open each link
|
||||
def open_virus_total():
|
||||
"""
|
||||
Open Virus Total website.
|
||||
"""
|
||||
url = "https://www.virustotal.com/gui/home/upload"
|
||||
webbrowser.open(url)
|
||||
print(f"Opening: {url}")
|
||||
|
||||
def open_intezer():
|
||||
"""
|
||||
Open Intezer website.
|
||||
"""
|
||||
url = "https://analyze.intezer.com/"
|
||||
webbrowser.open(url)
|
||||
print(f"Opening: {url}")
|
||||
|
||||
def open_any_run():
|
||||
"""
|
||||
Open Any Run website.
|
||||
"""
|
||||
url = "https://any.run/"
|
||||
webbrowser.open(url)
|
||||
print(f"Opening: {url}")
|
||||
|
||||
def open_joe_security():
|
||||
"""
|
||||
Open Joe Security website.
|
||||
"""
|
||||
url = "https://www.joesecurity.org/"
|
||||
webbrowser.open(url)
|
||||
print(f"Opening: {url}")
|
||||
|
||||
def open_hybrid_analysis():
|
||||
"""
|
||||
Open Hybrid Analysis website.
|
||||
"""
|
||||
url = "https://www.hybrid-analysis.com/"
|
||||
webbrowser.open(url)
|
||||
print(f"Opening: {url}")
|
||||
|
||||
def open_otx_alienvault():
|
||||
"""
|
||||
Open OTX Alienvault website.
|
||||
"""
|
||||
url = "https://otx.alienvault.com/"
|
||||
webbrowser.open(url)
|
||||
print(f"Opening: {url}")
|
65
TTPs/Analysis/analysis_threat.py
Normal file
65
TTPs/Analysis/analysis_threat.py
Normal file
@ -0,0 +1,65 @@
|
||||
import webbrowser
|
||||
from Modules.submenu import build_submenu
|
||||
|
||||
def analysis_threat_submenu():
|
||||
"""
|
||||
Submenu for threat intelligence tools and resources.
|
||||
"""
|
||||
actions = {
|
||||
"1": {"description": "Threat Intel - MyDFIR (YouTube)", "function": open_mydfir},
|
||||
"2": {"description": "Threat View", "function": open_threatview},
|
||||
"3": {"description": "Threat Miner", "function": open_threatminer},
|
||||
"4": {"description": "Pulsedive", "function": open_pulsedive},
|
||||
"5": {"description": "OTX Alienvault", "function": open_otx_alienvault},
|
||||
"6": {"description": "Pyramid of Pain", "function": open_pyramid_of_pain},
|
||||
}
|
||||
build_submenu("Threat Intelligence Resources", actions)
|
||||
|
||||
# Functions to open each link
|
||||
def open_mydfir():
|
||||
"""
|
||||
Open Threat Intel - MyDFIR YouTube video.
|
||||
"""
|
||||
url = "https://youtu.be/PyWKOG3q4P4?si=eh4Dl_40ZscQa9n8"
|
||||
webbrowser.open(url)
|
||||
print(f"Opening: {url}")
|
||||
|
||||
def open_threatview():
|
||||
"""
|
||||
Open Threat View website.
|
||||
"""
|
||||
url = "https://threatview.io/"
|
||||
webbrowser.open(url)
|
||||
print(f"Opening: {url}")
|
||||
|
||||
def open_threatminer():
|
||||
"""
|
||||
Open Threat Miner website.
|
||||
"""
|
||||
url = "https://www.threatminer.org/index.php"
|
||||
webbrowser.open(url)
|
||||
print(f"Opening: {url}")
|
||||
|
||||
def open_pulsedive():
|
||||
"""
|
||||
Open Pulsedive website.
|
||||
"""
|
||||
url = "https://pulsedive.com/"
|
||||
webbrowser.open(url)
|
||||
print(f"Opening: {url}")
|
||||
|
||||
def open_otx_alienvault():
|
||||
"""
|
||||
Open OTX Alienvault website.
|
||||
"""
|
||||
url = "https://otx.alienvault.com/"
|
||||
webbrowser.open(url)
|
||||
print(f"Opening: {url}")
|
||||
|
||||
def open_pyramid_of_pain():
|
||||
"""
|
||||
Open Pyramid of Pain resource.
|
||||
"""
|
||||
url = "https://detect-respond.blogspot.com/2013/03/the-pyramid-of-pain.html"
|
||||
webbrowser.open(url)
|
||||
print(f"Opening: {url}")
|
Reference in New Issue
Block a user