怎样使用OSTrICa

2018年6月8日 | 分类: 【技术】

【介绍】

OSTrICa是一款开源威胁情报收集器,也是一个插件模式的框架,能够可视化展示收集到的威胁情报数据。
在攻防对抗的过程中,SOC专家、事件响应人员、攻击调查人员以及网络安全分析人员需要将IoCs(Indicator of Compromise,入侵指示器)、网络流量等其它收集到的信息关联起来分析——这其实也是威胁情报的重要作用。但是,并非所有的企业都有足够的预算研发威胁情报平台。
OSTrICa是一个免费的开源的框架,使用基于插架的架构,可以让每一个人自动化地从公开的、内部的、商业的源中收集信息,并可视化显示各种类型的威胁情报数据。由专家来分析收集的情报,显示成图形格式,还可基于远程连接、文件名、mutex等,显示多个恶意软件的关联情况。

下载:https://github.com/Ptr32Void/OSTrICa
参考:http://www.77169.com/hack/201608/228269.shtm

【依赖】

OSTrICa自身并不依赖外部的库,安装的插件需要依赖库,比如:
BeautifulSoup, 几乎所有的插件都会用到
dnspython-1.12.0, mainly used by 主要由CymruWhois插件使用
ipwhois-0.11.1, PyWhois插件使用
python-deepviz-master, DeepViz插件使用(它需要API key) – 此时,DeepViz插件还没有向公众开放
python-whois-0.5.2, PyWhois插件会用到
pythonwhois-2.4.3, PyWhois插件会用到

pip install BeautifulSoup dnspython ipwhois python-deepviz python-whois pythonwhois bs4

【安装】

git clone https://github.com/Ptr32Void/OSTrICa.git && cd OSTrICa

【使用】

python main.py

输出:

OSTrICa v.0.5 - Open Source Threat Intellicence Collector
Developed by: Roberto Sponchioni - @Ptr32Void <[email protected]>
write "help" for help
Plugin location: /root/OSTrICa/ostrica/Plugins/NortonSafeWeb (NortonSafeWeb)
Loading NortonSafeWeb
Plugin location: /root/OSTrICa/ostrica/Plugins/SpyOnWeb (SpyOnWeb)
Loading SpyOnWeb
Plugin location: /root/OSTrICa/ostrica/Plugins/VT (VT)
Loading VT
Plugin location: /root/OSTrICa/ostrica/Plugins/WebSiteInformer (WebSiteInformer)
Loading WebSiteInformer
Plugin location: /root/OSTrICa/ostrica/Plugins/DomainBigData (DomainBigData)
Loading DomainBigData
Plugin location: /root/OSTrICa/ostrica/Plugins/BlackLists (BlackLists)
Loading BlackLists
Plugin location: /root/OSTrICa/ostrica/Plugins/CymruWhois (CymruWhois)
Loading CymruWhois
Plugin location: /root/OSTrICa/ostrica/Plugins/WhoisXmlApi (WhoisXmlApi)
Loading WhoisXmlApi
Plugin location: /root/OSTrICa/ostrica/Plugins/DeepViz (DeepViz)
Plugin DeepViz disabled
Plugin location: /root/OSTrICa/ostrica/Plugins/SafeBrowsing (SafeBrowsing)
Loading SafeBrowsing
Plugin location: /root/OSTrICa/ostrica/Plugins/PyWhois (PyWhois)
Loading PyWhois
Plugin location: /root/OSTrICa/ostrica/Plugins/ThreatMiner (ThreatMiner)
Loading ThreatMiner
Plugin location: /root/OSTrICa/ostrica/Plugins/ThreatCrowd (ThreatCrowd)
Loading ThreatCrowd
Plugin location: /root/OSTrICa/ostrica/Plugins/TCPIPutils (TCPIPutils)
Loading TCPIPutils
> help
Following options are available

        domain - used to collect domains information
        Example: domain=google.com or domain=google.com,yahoo.com
        ip - used to collect IP information
        Example: ip=8.8.8.8 or ip=8.8.8.8,173.194.68.99
        md5 - used to collect MD5 information
        sha256 - used to collect SHA256 information
        asn - used to collect ASN information
        email - used to collect email information
        graph - generate a graph based on all the information collected
        cola_graph - generate a graph based on all the information collected whe                                                                                                                                                             re nodes do not overlap (it might take a while to generate the graph if there ar                                                                                                                                                             e lots of nodes)
        gclean - clear graph information
        show - show all information that will be collected
        run - extract intelligece information
        help - this help
        plugins - show available plugins