theresafewconors / sooty Goto Github PK
View Code? Open in Web Editor NEWThe SOC Analysts all-in-one CLI tool to automate and speed up workflow.
License: GNU General Public License v3.0
The SOC Analysts all-in-one CLI tool to automate and speed up workflow.
License: GNU General Public License v3.0
What is the feature that you are requesting?
Default URLScan type to private
Additional information
Instead of defaulting to public, what do you think of defaulting to private with an option to choose what you want, or just hit enter to leave default?
Is your feature request related to a problem? Please describe.
No problem, just thinking. Before I submit a PR with changes, I wanted to bounce the idea off of you first since it is your baby after all.
Additional context
None. Just a privacy goof.
requirements.txt file specifies pywin32 as a requirement, however this only applies if you are using windows. It will fail if you are not. Changing to pywin32==224; sys_platform == ‘windows’
will fix issue.
Hello. I have python code for integration with urlscan.io (api key required). If this is a feature you'd like to add I can create a pull request.
Hello, I tried to make a file that contains hash list. I make a some modification for list.txt input. I have a purpose for match hash list with vt hash signature to decide its malware or not line by line. But the problem is, that it takes a very long time for giving the result. I am new in programming, so i dont know whats wrong with that. Sorry I'm not fluent in English, i hope u understand what im saying. is there any solution?
Issue
Emails don't open on first attempt if a space is in the email name
Effect
Emails have to be opened a second time in order for Python to read them
Describe the bug
Traceback
I've installed this tool many times and have only been able to get it working once and the last 4 times always fails. I work in a SOC and would love to be able to use this for my workflow.
Reproduction Steps
Steps to reproduce the behavior:
Traceback (most recent call last):
File "Sooty.py", line 17, in <module>
import strictyaml
ModuleNotFoundError: No module named 'strictyaml'
Desktop Operating System:
Thanks for your work on Sooty so far, super helpful!
I'd like to be able to interact with Sooty via the CLI rather than the text menu.
ie: ./Sooty --sanitise "URL" or ./Sooty --AnalyzeEmail "email.msg"
It'd make it faster than using the TUI and scriptable.
Pip install the requirement.txt in Kali linux.
Enter IP, URL or Email Address: 8.8.8.8
WHO IS REPORT:
CIDR: 8.0.0.0/9
Name: LVLT-ORG-8-8
Range: 8.0.0.0 - 8.127.255.255
Descr: Level 3 Parent, LLC
Country: US
State: LA
City: Monroe
Address: 100 CenturyLink Drive
Post Code: 71203
Created: 1992-12-01
Updated: 2018-04-23
VirusTotal Report:
Traceback (most recent call last):
File "Sooty.py", line 1218, in
mainMenu()
File "Sooty.py", line 180, in mainMenu
switchMenu(input())
File "Sooty.py", line 55, in switchMenu
repChecker()
File "Sooty.py", line 392, in repChecker
params = {'apikey': configvars.data['VT_API_KEY'], 'ip': wIP}
NameError: name 'configvars' is not defined
Any idea?
Saw the Check if the IP is a Tor exit node
looked at the code. You would be amazed at how many people don't know about that, good job! https://github.com/TheresAFewConors/Sooty/blob/master/Sooty.py#L204
Some suggestions:
More IP reputation sources, maybe operating individually but have 'scoring' option that weights them based on total results?
Bitcon address reputation checker:
Some kind of phone number reputation checker:
URL Scanner tool, for browsing to a suspect site:
Office Safelinks Stripper, like:
Host scanning with Nessus or Nmap, or both?
I believe this feature works, I am just not easily understanding how to present it the header? I select option 1 and I get this:
Error Opening File
Extracting Headers...
Header Error
Traceback (most recent call last):
File "Sooty.py", line 592, in analyzePhish
print(" FROM: ", str(msg.SenderName), ", ", str(msg.SenderEmailAddress))
UnboundLocalError: local variable 'msg' referenced before assignment
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "Sooty.py", line 996, in
mainMenu()
File "Sooty.py", line 165, in mainMenu
switchMenu(input())
File "Sooty.py", line 54, in switchMenu
phishingMenu()
File "Sooty.py", line 573, in phishingMenu
phishingSwitch(input())
File "Sooty.py", line 101, in phishingSwitch
analyzePhish()
File "Sooty.py", line 603, in analyzePhish
f.close()
I realize it is an error saying that it didn't receive any input but where do I put the header?
Thanks,
Hi,
While installing we are getting below error
python3 Sooty.py
Traceback (most recent call last):
File "Sooty.py", line 11, in
import html.parser
ModuleNotFoundError: No module named 'html.parser'
What is the feature that you are requesting?
I'm thinking of redoing the menus to clean up the code. By putting the contents in dictionaries, we could generate the menus more consistently. It would allow us to take a lot of the printing code out. I haven't counted lines, but it might be quite a lot.
Another advantage: adding a new function only requires an edit in one part of the document - the dictionary.
What's your take?
Additional information
An example is listed below. I do need to really think about this carefully as it won't be entirely as easy as the example code below.
Is your feature request related to a problem? Please describe.
N/A
Additional context
Current code example for the phishing menu:
def phishingMenu():
print("\n --------------------------------- ")
print(" P H I S H I N G ")
print(" --------------------------------- ")
print(" What would you like to do? ")
print(" OPTION 1: Analyze an Email ")
print(" OPTION 2: Analyze an Email Address for Known Activity")
print(" OPTION 3: Generate an Email Template based on Analysis")
print(" OPTION 4: Analyze an URL with Phishtank")
print(" OPTION 9: HaveIBeenPwned")
print(" OPTION 0: Exit to Main Menu")
phishingSwitch(input())
def phishingSwitch(choice):
if choice == '1':
analyzePhish()
if choice == '2':
analyzeEmailInput()
if choice == '3':
emailTemplateGen()
if choice == '4':
phishtankModule()
if choice == '9':
haveIBeenPwned()
else:
mainMenu()
We could shorten this to the following dict:
phishingMenuDict = {
# Number is the keyboard shortcut, name is the functionname, desc is what the users see as menu option
0: {"name":"exit", "desc":"back to main menu"},
1: {"name":"analyzePhish", "desc":"Analyze an Email"},
2: {"name":"analyzeEmailInput", "desc":"Analyze an Email Address for Known Activity"},
3: {"name":"emailTemplateGen", "desc":"Generate an Email Template based on Analysis"},
4: {"name":"phishtankModule", "desc":"Analyze an URL with Phishtank"}
9: {"name":"haveIBeenPwned", "desc":"HaveIBeenPwned"}
}
Then we need to write 1 function to generate a menu so that we could throw multiple of these dicts to that function. some semi code:
def menuGenerator(menuName):
print(20 * "-")
if menu = "main":
print(mainMenuDict["title"])
else:
print(someOtherMenuDictName)
print((20 * "-") + "\n")
# That's the printing covered, below is the menu selection
for menuItem in someOtherMenuDict:
# Prints something like Option 1: Analyze an Email
print(" Option " + menuItem + ": " + someOtherMenuDictName["desc"])
userChoice = input()
# Check user input
if userChoice in someOtherMenuDict:
someOtherMenuDict(userChoice)
else:
print("Invalid option, please choose again")
OPTION 2: Decoders (PP, URL) > OPTION 1: ProofPoint Decoder
This option works (the URL is decoded correctly) but upon selecting 'OPTION 1' you're taken to the next line with no prompt for the URL.
Using 'OPTION 2: URL Decoder' presents you with 'url: ' which I think is the intended behavior.
Add support to Base64 extraction and decoding for URLs.
Already done on my fork, under the Decoders menu.
I just run a regex to detect possible b64 strings and then try to decode each match, printing on success.
Nice work on the enhancements, I'll keep adding until you tell me to stop haha
What is the feature that you are requesting?
1.) The BadIP API returns "IP Not Found" even for some IPs present in the BadIP DB, i would work on the code to make it full-proof.
Additional information
Is your feature request related to a problem? Please describe.
BadIP is making decision based on just 1 category listed for the IOC.
Customize the code to consider all the categories marked and display result.
Additional context
What is the feature that you are requesting?
.eml support for the _ Analyze an Email_ feature. As .msg is Windows only.
What is the feature that you are requesting?
The feature will automatically create a TxT file with the name of the URL, IP provided for reputation check and save the output of the reputation check feature to that file with proper formatting.
Additional information
If further / more specific details are required, feel free to list them here.
Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. If not related to an existing problem this can be left blank or removed.
Additional context
Add any other context, screenshots or information about the feature request here.
These are some more things I'm currently working on
VirusTotal
-URL scan
-submit file hash
Alien Vault OTX - pull reputation data on:
-domain
-ip
Apility (they have a free API, it has a rate limit, but I haven't hit it ever.
-domain
-ip
The more sources, the better, since some miss things. If there are more sources, a sort of average "combined threat score" can be found. Let me know if you're interested in any of these.
A few more I might be wanting to work on in the future are:
urlhaus - to pull urls and hashes
threatminer
Can not execute Sooty after install
S.O. Ubuntu Server 18.04.4
Python3
installed all the requirements --> OK
modify API Keys in config.yaml
but when i try to run "python3 Sooty.py" i get this error message:
"Traceback (most recent call last):
File "Sooty.py", line 17, in
import strictyaml
ModuleNotFoundError: No module named 'strictyaml'"
I appreciate the call out as a contributor for the Proofpoint script, but I can't take credit for it. I wanted to be sure that you saw my reply on Gist (https://gist.github.com/aaronjcopley/65a5198bf7b35361fdd315e786be9b9d#gistcomment-2936712) because I also noted there is a newer version published there.
Thanks!
What is the Issue you are experiencing?
Give a description of what issue you are facing? eg. issue installing from requirements file, etc.
Cannot get past PEP 517 during cryptography install
What Operating System are you using?
The OS of the device that Sooty is running on.
--Windows 10 Pro 2004
--Python 3.8 via Windows Store (Tried 3.9 from Python website as well)
Additional Information
Any additional information that may benefit this case. (apologies for the bold section of the log; I'm done frustrating myself trying to figure out why it's doing that)
--Log entry:
Building wheels for collected packages: cffi, cryptography
Building wheel for cffi (setup.py) ... error
ERROR: Command errored out with exit status 1:
command: 'C:\Users\cpi\AppData\Local\Microsoft\WindowsApps\PythonSoftwareFoundation.Python.3.8_qbz5n2kfra8p0\python.exe' -u -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'C:\Users\cpi\AppData\Local\Temp\pip-install-48xku_ov\cffi\setup.py'"'"'; file='"'"'C:\Users\cpi\AppData\Local\Temp\pip-install-48xku_ov\cffi\setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(file);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, file, '"'"'exec'"'"'))' bdist_wheel -d 'C:\Users\cpi\AppData\Local\Temp\pip-wheel-jvlszf95'
cwd: C:\Users\cpi\AppData\Local\Temp\pip-install-48xku_ov\cffi
Complete output (37 lines):
configtest.c
running bdist_wheel
running build
running build_py
creating build
creating build\lib.win-amd64-3.8
creating build\lib.win-amd64-3.8\cffi
copying cffi\api.py -> build\lib.win-amd64-3.8\cffi
copying cffi\backend_ctypes.py -> build\lib.win-amd64-3.8\cffi
copying cffi\cffi_opcode.py -> build\lib.win-amd64-3.8\cffi
copying cffi\commontypes.py -> build\lib.win-amd64-3.8\cffi
copying cffi\cparser.py -> build\lib.win-amd64-3.8\cffi
copying cffi\error.py -> build\lib.win-amd64-3.8\cffi
copying cffi\ffiplatform.py -> build\lib.win-amd64-3.8\cffi
copying cffi\lock.py -> build\lib.win-amd64-3.8\cffi
copying cffi\model.py -> build\lib.win-amd64-3.8\cffi
copying cffi\pkgconfig.py -> build\lib.win-amd64-3.8\cffi
copying cffi\recompiler.py -> build\lib.win-amd64-3.8\cffi
copying cffi\setuptools_ext.py -> build\lib.win-amd64-3.8\cffi
copying cffi\vengine_cpy.py -> build\lib.win-amd64-3.8\cffi
copying cffi\vengine_gen.py -> build\lib.win-amd64-3.8\cffi
copying cffi\verifier.py -> build\lib.win-amd64-3.8\cffi
copying cffi_init.py -> build\lib.win-amd64-3.8\cffi
copying cffi_cffi_include.h -> build\lib.win-amd64-3.8\cffi
copying cffi\parse_c_type.h -> build\lib.win-amd64-3.8\cffi
copying cffi_embedding.h -> build\lib.win-amd64-3.8\cffi
copying cffi_cffi_errors.h -> build\lib.win-amd64-3.8\cffi
running build_ext
building '_cffi_backend' extension
creating build\temp.win-amd64-3.8
creating build\temp.win-amd64-3.8\Release
creating build\temp.win-amd64-3.8\Release\c
creating build\temp.win-amd64-3.8\Release\c\libffi_msvc
C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\BIN\x86_amd64\cl.exe /c /nologo /Ox /W3 /GL /DNDEBUG /MD -Ic/libffi_msvc "-IC:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.8_3.8.1776.0_x64__qbz5n2kfra8p0\include" "-IC:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.8_3.8.1776.0_x64__qbz5n2kfra8p0\include" "-IC:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\INCLUDE" "-IC:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\ATLMFC\INCLUDE" "-IC:\Program Files (x86)\Windows Kits\10\include\10.0.10240.0\ucrt" /Tcc/_cffi_backend.c /Fobuild\temp.win-amd64-3.8\Release\c/_cffi_backend.obj
_cffi_backend.c
c:\program files\windowsapps\pythonsoftwarefoundation.python.3.8_3.8.1776.0_x64__qbz5n2kfra8p0\include\pyconfig.h(206): fatal error C1083: Cannot open include file: 'basetsd.h': No such file or directory
error: command 'C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\BIN\x86_amd64\cl.exe' failed with exit status 2
ERROR: Failed building wheel for cryptography
Failed to build cffi cryptography
ERROR: Could not build wheels for cryptography which use PEP 517 and cannot be installed directly
This is not a bug, I think this is just me being a rusher, but I am trying to debug my own issue trying to install this,
I have run the requirments.txt against pip and install all the features, I am now in the process of running the sooty.py file
Traceback (most recent call last):
File "Sooty.py", line 17, in <module>
import strictyaml
ModuleNotFoundError: No module named 'strictyaml
But when checking
root@kali:/home/kali/Desktop# pip install strictyaml
Requirement already satisfied: strictyaml in /usr/local/lib/python2.7/dist-packages (1.0.6)
Requirement already satisfied: python-dateutil>=2.6.0 in /usr/local/lib/python2.7/dist-packages (from strictyaml) (2.8.1)
Requirement already satisfied: ruamel.yaml>=0.14.2 in /usr/local/lib/python2.7/dist-packages (from strictyaml) (0.16.7)
Requirement already satisfied: six>=1.5 in /usr/local/lib/python2.7/dist-packages (from python-dateutil>=2.6.0->strictyaml) (1.12.0)
Requirement already satisfied: ruamel.yaml.clib>=0.1.2; platform_python_implementation == "CPython" and python_version < "3.8" in /usr/local/lib/python2.7/dist-packages (from ruamel.yaml>=0.14.2->strictyaml) (0.2.0)
Requirement already satisfied: ruamel.ordereddict; platform_python_implementation == "CPython" and python_version <= "2.7" in /usr/local/lib/python2.7/dist-packages (from ruamel.yaml>=0.14.2->strictyaml) (0.4.14)
Looks like I already have it installed?
I wonder if you know how I could look at resolving this! in the mean time
Kind Regards,
Jay,
/Sooty-master/Sooty.py", line 10, in
from unfurl import core ModuleNotFoundError: No module named 'unfurl'
MacOS Catalina
What is the Issue you are experiencing?
Give a description of what issue you are facing? eg. issue installing from requirements file, etc.
I have cloned the Sooty github page, installed the requirements, and I am running Python 3+. whenever I CD into the 'sooty' directory, I cannot get the application to launch.
What Operating System are you using?
The OS of the device that Sooty is running on.
I am using a Virtual environment with Debian. LinuxMint
Additional Information
Any additional information that may benefit this case.
Looks like other github actions are all performing normally, I just cannot get the application to launch.
#7 https://www.phishtank.com/api_info.php - Verify if a URL has been used in a phishing attack
Describe the bug
Hi while I was trying to launch Sooty for the first time. I received a message error that no module named 'strictyaml'. This stopped launching Sooty
Reproduction Steps
Steps to reproduce the behavior:
1.navigate the the main branch on cli
2. launch Sooty by command python3 Sooty.py
3. error pop up and no further action
...
Expected behavior
Application to launch
Screenshots
If applicable, add screenshots to help explain your problem.
Desktop Operating System:
Additional context
Add any other context about the problem here.
What is the feature that you are requesting?
It would be useful to have an ioc extractor from PDF or webpages, to CSV
Additional information
Maybe this module would be useful: https://github.com/armbues/ioc_parser
Additional context
For instance, a new report from AV vendors came out. I could use Sooty to extract IOCs and input it in our tools.
What is the feature that you are requesting?
Update email rep checker to utilize API key for extended requests
Additional information
No
Is your feature request related to a problem? Please describe.
Currently limited with very few requests that can be used, using an API key gives two options depending on the key:
Still allows for Sooty to make requests without a key, just provides further functionality.
What is the feature that you are requesting?
Some features used in the tool can leak information to attackers and open source intelligence such as the scan to URLscan.
Therefore the tool should provide a one-shot disclaimer and a disclaimer likely in the README.
I would also suggest adding the passive alternative of scan -> search.
Additional information
Scanning on URLscan can lead to expose sensitive documents, sessions. It can also tip attacker that a specific campaign and even a specific email address is valid, information that they can use in a more advanced campaign.
Describe the bug
When utilizing the function hashRating(), as soon it hits:
if value['detected'] == True:
it moves to the except statement.
Reproduction Steps
Steps to reproduce the behavior:
result = response.json()
Expected behavior
A clear and concise description of what was expected to happen.
Expect to get a total number of hits from VirusTotal or a not found.
Screenshots
If applicable, add screenshots to help explain your problem.
Desktop Operating System:
Additional context
Working on on modifying the function and will post when done.
Issue
Issue caused by Python not releasing the email files.
Effect
Emails cannot be opened twice during the same instance.
Another good tool, may overlap with current options but worth mentioning since its had a few additions. The API is mentioned on the contact page.
Sadly, instead of just tying the API requests to tokens issued on an account like everyone else is doing, Troy has added a monthly cost to it's use. (Which paired with the recent announcement to sell HIBP hints towards a total cash-in on his end)
I suppose the necessary change here would be adding the token field like you've done with the others.
Pip install -r requirements.txt results in:
Collecting pywin32==224 (from -r requirements.txt (line 12))
ERROR: Could not find a version that satisfies the requirement pywin32==224 (from -r requirements.txt (line 12)) (from versions: none)
Same for pip3.
Tried this on both plain Ubuntu 18.04 LTS and Ubuntu 18.04 LTS in Windows subsystem for Linux: same error.
Apologies if this is a daft question but to get the email analysis working I had to install VS 2015 Update 3 however I note that mainstream support has now ended. (https://support.microsoft.com/en-gb/lifecycle/search/1117)
Is there a more recent version this works with/is there a plan to move to something newer?
The following Error:
ubuntu@ubuntu-VirtualBox:~/Desktop$ python Sooty.py
File "Sooty.py", line 7
[<]!DOCTYPE html[>]
^
SyntaxError: invalid syntax
Tracking case for PR35
Describe the bug
No module named 'tkinter' when running for first time
Traceback (most recent call last):
File "Sooty.py", line 21, in
import tkinter
ModuleNotFoundError: No module named 'tkinter'
Reproduction Steps
Steps to reproduce the behavior:
Expected behavior
A clear and concise description of what was expected to happen.
Screenshots
If applicable, add screenshots to help explain your problem.
Desktop Operating System:
Additional context
Python 3.7.5
Would using the HIBP API similarly to the VT API be a possible feature request?
Hey,
I was testing out Sooty today, but I ran into an issue just testing out something.
I did a reputation check for a website (first one that came to mind) and i got the following traceback info.
WHO IS REPORT:
CIDR: 13.32.0.0/12
Name: AT-88-Z
Range: 13.32.0.0 - 13.47.255.255
Descr: Amazon Technologies Inc.
Country: US
State: WA
City: Seattle
Address: 410 Terry Ave N.
Post Code: 98109
Created: 2016-08-09
Updated: 2018-04-12
VirusTotal Report:
There's been an error - check your API key, or VirusTotal is possible down
Traceback (most recent call last):
File "C:\code\Sooty\venv\lib\site-packages\urllib3\contrib\pyopenssl.py", line 456, in wrap_socket
cnx.do_handshake()
File "C:\code\Sooty\venv\lib\site-packages\OpenSSL\SSL.py", line 1915, in do_handshake
self._raise_ssl_error(self._ssl, result)
File "C:\code\Sooty\venv\lib\site-packages\OpenSSL\SSL.py", line 1639, in _raise_ssl_error
raise SysCallError(errno, errorcode.get(errno))
OpenSSL.SSL.SysCallError: (10054, 'WSAECONNRESET')
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "C:\code\Sooty\venv\lib\site-packages\urllib3\connectionpool.py", line 600, in urlopen
chunked=chunked)
File "C:\code\Sooty\venv\lib\site-packages\urllib3\connectionpool.py", line 343, in _make_request
self._validate_conn(conn)
File "C:\code\Sooty\venv\lib\site-packages\urllib3\connectionpool.py", line 839, in _validate_conn
conn.connect()
File "C:\code\Sooty\venv\lib\site-packages\urllib3\connection.py", line 344, in connect
ssl_context=context)
File "C:\code\Sooty\venv\lib\site-packages\urllib3\util\ssl_.py", line 347, in ssl_wrap_socket
return context.wrap_socket(sock, server_hostname=server_hostname)
File "C:\code\Sooty\venv\lib\site-packages\urllib3\contrib\pyopenssl.py", line 462, in wrap_socket
raise ssl.SSLError('bad handshake: %r' % e)
ssl.SSLError: ("bad handshake: SysCallError(10054, 'WSAECONNRESET')",)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "C:\code\Sooty\venv\lib\site-packages\requests\adapters.py", line 449, in send
timeout=timeout
File "C:\code\Sooty\venv\lib\site-packages\urllib3\connectionpool.py", line 638, in urlopen
_stacktrace=sys.exc_info()[2])
File "C:\code\Sooty\venv\lib\site-packages\urllib3\util\retry.py", line 399, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='check.torproject.org', port=443): Max retries exceeded with url: /cgi-bin/TorBulkExitList.py?ip=1.1.1.1 (Caused by SSLError(SSLError("bad handshake: SysCallError(10054, 'WSAECONNRESET')")))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "C:\code\Sooty\Sooty.py", line 996, in <module>
mainMenu()
File "C:\code\Sooty\Sooty.py", line 165, in mainMenu
switchMenu(input())
File "C:\code\Sooty\Sooty.py", line 54, in switchMenu
phishingMenu()
File "C:\code\Sooty\Sooty.py", line 573, in phishingMenu
phishingSwitch(input())
File "C:\code\Sooty\Sooty.py", line 107, in phishingSwitch
haveIBeenPwned()
File "C:\code\Sooty\Sooty.py", line 679, in haveIBeenPwned
phishingMenu()
File "C:\code\Sooty\Sooty.py", line 573, in phishingMenu
phishingSwitch(input())
File "C:\code\Sooty\Sooty.py", line 109, in phishingSwitch
mainMenu()
File "C:\code\Sooty\Sooty.py", line 165, in mainMenu
switchMenu(input())
File "C:\code\Sooty\Sooty.py", line 48, in switchMenu
repChecker()
File "C:\code\Sooty\Sooty.py", line 355, in repChecker
req = requests.get(TOR_URL)
File "C:\code\Sooty\venv\lib\site-packages\requests\api.py", line 75, in get
return request('get', url, params=params, **kwargs)
File "C:\code\Sooty\venv\lib\site-packages\requests\api.py", line 60, in request
return session.request(method=method, url=url, **kwargs)
File "C:\code\Sooty\venv\lib\site-packages\requests\sessions.py", line 533, in request
resp = self.send(prep, **send_kwargs)
File "C:\code\Sooty\venv\lib\site-packages\requests\sessions.py", line 646, in send
r = adapter.send(request, **kwargs)
File "C:\code\Sooty\venv\lib\site-packages\requests\adapters.py", line 514, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='check.torproject.org', port=443): Max retries exceeded with url: /cgi-bin/TorBulkExitList.py?ip=1.1.1.1 (Caused by SSLError(SSLError("bad handshake: SysCallError(10054, 'WSAECONNRESET')")))
I haven't had the time yet to find out why this is happening myself. There seems to be an SSL verification issue, but I don't know with which service.
When trying to launch Sooty, getting the below error.
python Sooty.py
File "Sooty.py", line 822
SyntaxError: Non-ASCII character '\xe2' in file Sooty.py on line 822, but no encoding declared; see http://python.org/dev/peps/pep-0263/ for details
What is the Issue you are experiencing?
All of the dependancies install without any issues. However when I run python3 Sooty.py Python crashes
What Operating System are you using?
macOS 10.15.7
Python 3.8.6
Additional Information
The issue appears to be in the libcrypto module
/usr/lib/libcrypto.dylib
abort() called
Invalid dylib load. Clients should not load the unversioned libcrypto dylib as it does not have a stable ABI.
fixed, no probs. was something with the python version
When try to run Sooty.py in Kali after installing all requirement.txt using pip command with Python3 available.
Getting error when I ran python Sooty.py
Traceback (most recent call last):
File "Sooty.py", line 13, in
import urllib.parse
ImportError: No module named parse
Issue installing requirements
Collecting dfir-unfurl (from -r requirements.txt (line 6))
Could not find a version that satisfies the requirement dfir-unfurl (from -r requirements.txt (line 6)) (from versions: )
No matching distribution found for dfir-unfurl (from -r requirements.txt (line 6))
What Operating System are you using?
Kali / Debian
What is the Issue you are experiencing?
Give a description of what issue you are facing? eg. issue installing from requirements file, etc.
Cannot use the sooty.py when i use the ubuntu PC with proxy setting
What Operating System are you using?
The OS of the device that Sooty is running on.
ubuntu 20
Additional Information
Any additional information that may benefit this case.
Describe the bug
When using the Option 4: DNS lookup and select option 3: WHOIS Lookup, when entering any of the requested i.e. IP / Domain the result goes into endless loop, it does not exit after giving the output. See attached
Reproduction Steps
Steps to reproduce the behavior:
Expected behavior
It should have thrown the output and given another prompt to select options, rather it goes into endless loop.
Screenshots
attached screenshot
Desktop Operating System:
Additional context
Add any other context about the problem here.
Using Office365.com as an example, the WhoIs and VT check work fine, but the next two don't:
Checking BadIP's...
Error reaching BadIPs
ABUSEIPDB Report:
Error Reaching ABUSE IPDB
Whereas when using the IP that was resolved through the WhoIS check (52.165.129.203):
Checking BadIP's...
IP not found
ABUSEIPDB Report:
IP: 52.165.129.203
Reports: 0
Abuse Score: 0%
Last Report: None
Can the script not be tweaked to just use the IP resolved through the WhoIS check to perform those final two checks?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.