Archives For Network Security

A couple weeks ago I blogged about my downloadOTX.sh script, which automates the collection of AlienVault OTX reports.  I hadn’t used this script in about a week, so I was surprised to see some 404 errors this morning:

$ ./downloadOTX.sh 62.141.45.205
--2015-03-09 10:47:29--  http://www.alienvault.com/apps/api/threat/pdf/?ip=62.141.45.205
Resolving www.alienvault.com (www.alienvault.com)... 64.62.160.26
Connecting to www.alienvault.com (www.alienvault.com)|64.62.160.26|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://www.alienvault.com/apps/api/threat/pdf/?ip=62.141.45.205 [following]
--2015-03-09 10:47:29--  https://www.alienvault.com/apps/api/threat/pdf/?ip=62.141.45.205
Connecting to www.alienvault.com (www.alienvault.com)|64.62.160.26|:443... connected.
HTTP request sent, awaiting response... 404 NOT FOUND
2015-03-09 10:47:30 ERROR 404: NOT FOUND.

Continue Reading…

One of the least glamorous parts of network security is capturing information on Internet hosts that exhibit malicious intent.  Here is a script that I’ve created to help automate the process of collecting AlienVault’s Open Threat Exchange (OTX) reports:

#!/usr/bin/sh
#
# downloadOTX.sh
#
# This script uses AlienVault's Open Threat Exchange (OTX) to download a PDF
# containing the IP reputation of the IP Addresses provided.
#
# USAGE:
# $ ./downloadOTX.sh 1.2.3.4
# $ ./downloadOTX.sh 1.2.3.4 1.2.3.5 1.2.3.6 etc.
#

# Set path to save files:
path=/Downloads/

# Set filename prefix and/or suffix:
prefix=
suffix=\_otx.pdf

for args in "$@"
do
    wget http://www.alienvault.com/apps/api/threat/pdf/?ip=$args -O $path$prefix$args$suffix
done

Continue Reading…

One of the least glamorous parts of network security is capturing information on Internet hosts that exhibit malicious intent.  Here is a script that I’ve created to help automate the process of collecting WHOIS information:

#!/usr/bin/sh
#
# downloadWHOIS.sh
#
# This script uses native whois command to return the WHOIS information
# of the IP Addresses provided.
#
# USAGE:
# $ ./downloadWHOIS.sh 1.2.3.4
# $ ./downloadWHOIS.sh 1.2.3.4 1.2.3.5 1.2.3.6 etc.
#

# Set path to save files:
path=/Downloads/

# Set filename prefix and/or suffix:
prefix=
suffix=\_whois.txt

for args in "$@"
do
    whois $args > $path$prefix$args$suffix
done

Continue Reading…