Skip to content

Real Intelligence Threat Analytics - Python addon scripts

License

Notifications You must be signed in to change notification settings

k4nfr3/ritadnspysolver

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Rita python DNS add-ons

Python scripts to add on RITA (Real Intelligence Threat Analytics)

Rita Github link : https://github.com/activecm/rita

ritadns.py

A little script that will reverse DNS an IP by looking in the MangoDB

$ python3 ./ritadns.py -s -ip 3.235.69.6 -d lab
us04web.zoom.us

rita-python.py

integration of DNS python script to the rita command (it will search for the column header "Destination IP" and do a dnsresolution on that column)
./rita-python.py show-beacons lab | head -n 10
./rita-python.py show-long-connections home | head -n 10

rita-alerter.py

As the name states, it's an SYSLOG alerter. I will save the states of the beacon entries and send SYSLOG for all new entries.
we can set a threshold (default = 0.7)

Todo : add show-long-connections and show-exploded-dns to the rita-alerter.py
make it compatible with -H --human-readable option
do it in Go in Rita

if somebody requests it, I can add SMTP alerting instead of SYSLOG

Teston: Python3.6.9
Requirements: PyMango, Pandas, Numpy, Argparse

About

Real Intelligence Threat Analytics - Python addon scripts

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages