Real Time Threat Monitoring Tool V2.0
Monitoring possible threats of your company on the Internet is an impossible task to be achieved manually. Hence many threats of the company go unnoticed until it becomes viral in public. Thus causing monetary/reputation damage. This is where RTTM comes into action. RTTM (Real Time Threat Monitoring Tool) is a tool developed to scrap all pasties,github,reddit..etc in real-time to identify the occurrence of search terms configured. Upon a match, an email will be triggered. Thus allowing the company to react in case of leakage of code, any hacks tweeted..etc.. and harden themselves against an attack before it goes viral.
Over the past 2 years, the tool has evolved from simple search. Artificial intelligence has been implemented to perform a better search based on context. If regex is needed even that is supported. Thus behavior is close to humans and reduces false positives.
The best part of the tool is that alert will be sent to the email in less than 60 seconds from the time threat has made it to internet. Thus allowing response in real-time to happen.
The same tool in malicious user hands can be used offensively to get an update on any latest hacks, code leakage, etc..
List of sites which will be monitored are:
- Non-Pastie Sites
- Github
- Pastie Sites
- Pastebin.com
- Codepad.org
- Dumpz.org
- Snipplr.com
- Paste.org.ru
- Gist.github.com
- Pastebin.ca
- Kpaste.net
- Slexy.org
- Ideone.com
- Pastebin.fr
Architecture:
How it works?
Once the tool is started, the engine gets kicked off and it runs forever. The main input for this engine is the configuration file. Based on the configuration file data, the engine goes ahead and probes twitter/github/reddit for matches configured in the configuration file. Upon a match is found, the link of twitter/github/reddit pushed to sqlite DB and an email alert is triggered.
In the case of pastie sites, the logic is different. The reason being they do not support search nor streaming API’s. Hence any new pastie made by any user, the link is fetched and pushed to Kafka. From Kafka, any new link added is picked up and searched for matches configured in the configuration file. Upon a match is found, the link of pastie site is pushed to sqlite DB and an email alert is triggered.
Over the past 2 years, the tool has evolved from simple search. Artificial intelligence has been implemented to perform a better search based on context. If regex is needed even that is supported. Thus behavior is close to humans and reduces false positives.
Install && Use
Copyright (C) 2019 Naveen Rudrappa
The post [BlackHat Europe tool] Real Time Threat Monitoring Tool appeared first on Penetration Testing.
