AUTOMATER:- Automater is a tool to analyze URL, IP, and MD5 hash for intrusion analysis. Automater scans the given target by using a set of predefined websites. It uses sites like Virustotal, robtex, etc. Automater uses its default list of websites, so you don’t have to visit these sites individually it actually saves you time. According to the ethical hacking researcher of the International Institute of Cyber Security, it makes the analyzing process easier so that analyzing information can be used in further hacking activities.
Many times you come across, where users may get an email asking them to click on a link, and you are unsure if the link is malicious or not. In that case, you can use Automater, ethical hacking consultants warn.
- FOR LAUNCHING AUTOMATER:-
- Type automater in Linux terminal.
- Or type automater –help.
==============OUTPUT SNIP=================
- In the above screenshot, you can use the above keywords in the query as per requirement in the information gathering part.
DOMAIN ANALYSIS:-
- Type automater facebook.com
- In the above screenshot after typing automater. You will get the scanned result of the targeted domain name.
NOW SCAN WITH THE MALICIOUS SITE:-
- In the above screenshot, after scanning the target conds.ru, you can see that this domain is included in the blacklist of VirusTotal.
IP ANALYSIS:-
- Now, you can try by typing the IP address of the target, and see what kind of information it returns.
- Type automater 157.240.23.35 as shown below.
================OUTPUT SNIP===============
- In the above screenshot, after scanning the target IP no malware has been found.
NOW SCAN WITH MALICIOUS IP:-
=================OUTPUT SNIP================
- In the above screenshot after scanning the target IP 90.156.201.15. You can see VT malware marked in red it's a trojandownloader:Win32/Agent.
- The Trojandownloaderwin32/Agent executes and sends information about the computer on which it is installed by the attacker.
- 2018-09-16 is the date when the malware was scanned by Virustotal.
- For searching any string type like-VT Malware string, simply type the Malware name and the string on the internet. It will show the trojan name and the string in the results as shown below.
MD5 HASH ANALYSIS:-
- Type automater e9de0ffc9614529e73e36d0e0eae6fb9
- In the above screenshot, the md5- e9de0ffc9614529e73e36d0e0eae6fb9 was used to test if it is malicious or not hence it shows no record found which means it’s not a malicious md5.
NOW SCANNING WITH MALICIOUS MD5 VALUE:-
- Type automater b2033726c5e95fee0ba08b8c6299ff41 as shown below.
- In the above screenshot md5 – b2033726c5e95fee0ba08b8c6299ff41 contains malicious files which can harm a computer.
