This is Hubot VTR, a series of Hubot actions for making Hubot a Computer Network Defense badass. The goal of this project is to create a series of Hubot actions for OSINT collection, Network Forensics, System Forensics, Reverse Engineering and other Network Defense tasks.
I gave a presentation about Hubot VTR at BSidesDFW. Check out my slides.
npm install hubot-vtr-scripts
"hubot-vtr-scripts": ">= 1.0.7"to the dependences list in your Hubot
external-dependencies.jsonscript between the brackets.
You're done! Restart Hubot and you're good to go!
Certain scripts require use of private APIs and these require API authentication keys. You set those as environment variables.
LASTLINE_TOKEN- provided at account registration with Lastline
LASTLINE_USER_DOMAIN- For users of Lastline hosted services, this is "user.lastline.com" otherwise it is the
user.subdomain of your Lastline Manager or Analyst FQDN.
LASTLINE_ANALYSIS_DOMAIN- For users of Lastline hosted services, this is "analysis.lastline.com" otherwise it is the
analysis.subdomain of your Lastline Manager or Analyst FQDN.
How you set these up may vary on your deployment method and operating system. For most Linux/OSX systems, you would do something like this from the command line:
If you're running your Hubot on Heroku, you would run this from your local command line where the Heroku tools are installed:
heroku config:add MYWOT_API_KEY='XXXXXXXXXXXXXXXXXXXXXXXX'
Getting the recommended community scripts necessary requires adding the following lines into
"announce.coffee", "availability.coffee", "deadline.coffee", "http-info.coffee", "isup.coffee", "news.coffee", "pypi.coffee", "sms.coffee", "heroku-status.coffee", "ip.coffee", "reload.coffee", "update.coffee", "base36.coffee", "base58.coffee", "base64.coffee"
|Code Name Generator||Generates code names for being spooky|
|Geolocate IP||Identify the physical location of an IP address|
|MyWOT||Look up the reputation of a website|
|Pipl||Look up OSINT on a users email address|
|Google Safebrowsing||Look up Safebrowsing status of a URL|
|Reputation Links||Generate links for Robtext, IP/URLVoid, etc|
|Reverse DNS||Get the urls associated with an IP address|
|Shodan||Search engine for server strings.|
|Short URL Expander||Take a shortened URL and find out where it redirects to.|
|VirusTotal||Hash, URLs, IP Addresses|
|Yara||Generates template for creating Yara rules.|
|OpenDNS||Accesses the OpenDNS Investigation graph.|
|PassiveTotal||Access PassiveTotal passive DNS system.|
Additional Optional Community Scripts
These scripts are not required, but you may find them useful for your team. They may require their own configuration.
|announce.coffee||Send messages to all chat rooms.|
|availability.coffee||Set your availability status so people know whether they're able to come over and chat with you or ping you over IM.|
|deadline.coffee||Tracks when stuff is due.|
|http-info.coffee||Returns title and description when links are posted.|
|isup.coffee||Uses downforeveryoneorjustme.com to check if a site is up.|
|news.coffee||Returns the latest news headlines from Google.|
|pypi.coffee||Simple Python Package Index querying using XMLRPC API.|
|sms.coffee||Allows Hubot to send text messages using Twilio API.|
|heroku-status.coffee||Show current Heroku status and issues.|
|ip.coffee||Return Hubot's external IP address (via jsonip.com).|
|reload.coffee||Allows Hubot to (re)load scripts without restart.|
|update.coffee||Allows hubot to update itself using git pull and npm update.|
|base36.coffee||Base36 encoding and decoding.|
|base58.coffee||Base58 encoding and decoding.|
|base64.coffee||Base64 encoding and decoding.|
From the root project directory run: