Machinae – Security Intelligence Collector

Machinae is a tool for collecting intelligence from public sites/feeds about various security-related pieces of data: IP addresses, domain names, URLs, email addresses, file hashes and SSL fingerprints. It was inspired by Automater, another excellent tool for collecting information.

Machinae - Security Intelligence Collector
Machinae – Security Intelligence Collector

The project was born from wishing to improve Automater in 4 areas:

  1. Codebase – Bring Automater to python3 compatibility while making the code more pythonic
  2. Configuration – Use a more human readable configuration format (YAML)
  3. Inputs – Support JSON parsing out-of-the-box without the need to write regular expressions, but still support regex scraping when needed
  4. Outputs – Support additional output types, including JSON, while making extraneous output optional

The tool comes with out-of-the-box support for the following data sources:

  • IPVoid
  • URLVoid
  • URL Unshortener
  • Malc0de
  • SANS
  • FreeGeoIP (freegeoip.io)
  • Fortinet Category
  • VirusTotal pDNS (via web scrape – commented out)
  • VirusTotal pDNS (via JSON API)
  • VirusTotal URL Report (via JSON API)
  • VirusTotal File Report (via JSON API)
  • Reputation Authority
  • ThreatExpert
  • VxVault
  • ProjectHoneypot
  • McAfee Threat Intelligence
  • StopForumSpam
  • Cymru MHR
  • ICSI Certificate Notary
  • TotalHash (disabled by default)
  • DomainTools Parsed Whois (Requires API key)
  • DomainTools Reverse Whois (Requires API key)
  • DomainTools Reputation
  • IP WHOIS (Using RIR REST interfaces)
  • Hacked IP
  • Metadefender Cloud (Requires API key)
  • GreyNoise (Requires API key)
  • IBM XForce (Required API key)

You can read more and download this tool over here: https://github.com/HurricaneLabs/machinae

Share