Skip to content
/ NetRay Public

Lightweight swiss army knife type utility to perform various quick checks on domains and IP addresses. Aim of the project is to combine common information gathering tools such as WHOIS with integration with various data providers through API, and enable analyst to avoid having to access multiple web based interfaces.

6 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

lawsecnet/NetRay

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

29 Commits
archive
archive
 
 
readme_files
readme_files
 
 
.DS_Store
.DS_Store
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
netray2.py
netray2.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

NetRay

NetRay demo

Lightweight swiss army knife type utility to perform various quick checks on domains and IP addresses. Aim of the project is to combine common information gathering tools such as WHOIS with integration with various data providers through API, and enable analyst to avoid having to access multiple web based interfaces.

NetRay allows you to gather in one place data from the infrastructure analysis services - Passive Total, Shodan, and Censys - and facilitate the transfer of indicators from one service to another. How Netray works will be most easily explained by discussing the various elements of the interface:

NetRay interface

  1. At the top, you'll find entry fields in which you respectivelly enter the indicator you're interested in and the API keys for querying Passive Total, Shodan, and Censys. API querying functions work independently of each other so if we will use only one or two of the modules you do not need to enter all the keys.

  2. In the upper right corner there is a display which stores all the indicators you searched for. In this way you always have visibility into what path we went through to get to the current result.

  3. Below are the buttons that activate the lookups. Thus, we have access to:

  • WHOIS query using the Python IPWhois or Python Whois module - depending on whether we indicate an IP address or a domain.

  • Searching passive DNS results from the Passive Total database.

  • Display host information from Shodan. Since this function works on IP addresses, in the case of a domain, the application will perform a reverse DNS query using the socket library.

  • Searching in the Shodan database and displaying the results.

  • Display the properties of the TLS certificate from the Censys database. Use SHA256 certificate hash as a search term.

  • Searching the Censys database for certificates. Here you do not have to limit ourselves to domains, IP addresses, and hashes as seach terms.

  • Display information about the host from the Censys database. A function analogous to the Shodan functionality.

  • Clearing the record of searched indices.

  • Display Switcher. Since depending on how we work we may want to have some results available all the time I have not introduced any automation in terms of data display switching - if the switch is active the data will be displayed on the left, if not then on the right.

  1. Below you will find two windows in which search results will be displayed. To make things easier, the application detects IP addresses, domains, SHA256 hashes, JARM hashes, email addresses, and AS numbers in the results. These elements are highlighted, and clicking on them places them in the search entry box.

Happy hunting!

About

Lightweight swiss army knife type utility to perform various quick checks on domains and IP addresses. Aim of the project is to combine common information gathering tools such as WHOIS with integration with various data providers through API, and enable analyst to avoid having to access multiple web based interfaces.

Resources

Readme
Activity

Stars

6 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages