Shulou(Shulou.com)05/31 Report--

This article introduces how to use modular Hostintel to collect intelligence information of malicious hosts, the content is very detailed, interested friends can refer to, hope to be helpful to you.

What we are introducing to you today is a modular Python application that researchers can use to gather intelligence about malicious hosts.

Hostintel

This tool can be used to collect all kinds of intelligence information about the target host, and Hostintel is developed in a modular form, so users can easily add new sources of information.

Hostintel identifies the host by FQDN hostname, domain name, or IP address. The current version of this tool only supports IPv4. The output data is in CSV format and the launch destination is STDOUT, so users can save the data directly or forward it to other software. Because the output format of the data is CSV format, so the majority of users can also import the data into the Excel table or database system according to their own needs.

Help information $python hostintel.py-husage:hostintel.py [- h] [- a] [- d] [- v] [- p] [- s] [- c] [- t] [- o] [- I] [- r] ConfigurationFile InputFile Modular application to look up host intelligence information. Outputs CSV toSTDOUT.This application will not output information until it has finished allofthe input. Positional arguments: ConfigurationFile Configuration file InputFile Input file, one host per line (IP,domain, or FQDN host name) optional arguments:-h,-- help show this help message and exit-a,-- all Perform All Lookups. -d,-- dns DNS Lookup. -v,-- virustotal VirusTotal Lookup. -p,-- passivetotal PassiveTotal Lookup. -s,-- shodan Shodan Lookup. -c,-- censys Censys Lookup. -t,-- threatcrowd ThreatCrowd Lookup. -o,-- otx OTX by AlienVault Lookup. -I,-isc Internet Storm Center DShieldLookup. -r,-- carriagereturn Use carriage returns with new lines on csv. Tool installation

First, make sure that the configuration file for your computer or installation device is correct. Here you need to add your API key and user name to the configuration file. Before running the tool, you also need to install Python (the tool is developed in Python2 but theoretically supports Python3) and Pip. During the use of the tool, we also need to install various modules from the GitHub, so the git command also needs to be configured. For any platform, it is very convenient to use Git to install software. Next, install the Python dependency:

$pip install-r requirements.txt

If you have problems installing on macOS, you may also need to install part of the code base using the following command:

$pip install requests [security]

Finally, I personally recommend that you use Python's virtualenv to build a custom local Python environment for the tool: [resources].

Tool runs $python hostintel.py myconfigfile.conf myhosts.txt-a > myoutput.csv

The output file of this command: myoutput.csv can theoretically be imported directly into any database or spreadsheet.

Note: if the quality of your network connection is poor, the tool may take longer to search for data. Therefore, it is recommended that users use only one module at a time in this case and export the data manually.

Sample data

We have provided some simple sample data in the project's "sampledata" directory. The IP address, domain name and host are selected at random and are not targeted at specific organizations or individuals. The use of sample data is as follows:

List of a small number of hosts: $python hostintel.py local/config.conf sampledata/smalllist.txt-a > sampledata/smalllist.csv***Processing 8.8.8.8 * Processing 8.8.4.4 * Processing 192.168.1.1 * Processing 10.0.0.1 * Processing google.com * Processing 212.227.247.242 * Writing Output * * A large number of hosts List: $python hostintel.py local/config.conf sampledata/largerlist.txt-a > sampledata/largerlist.csv***Processing 114.34.84.13 * Processing 116.102.34.212 * Processing 118.75.180.168 * Processing 123.195.184.13 * Processing 14.110.216.236 * Processing 14.173.147.69 * Processing 14.181.192.151 * * Processing 146.120.11.66 * Processing 163.172.149.131 * Processing 54.239.26.180 * Processing 62.141.39.155 * Processing 71.135.131 * Processing 72.30.2.74 * Processing 74.125.34.101 * Processing 83.31.179.71 * * * Processing 85.25.217.155 * Processing 93.174.93.94 * Writing Output * * this is all about how to use modular Hostintel to collect intelligence information about malicious hosts. I hope the above content can be of some help to you and learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.