Sooty - A SOC Analyst CLI Tool

Sooty is a handy tool to help in Security Operations Center (SOC) operations. This tool help in the automation of security checks and the workflow of the target. Once basic security checks are performed by this tool, analysts will perform deeper analysis in the same time frame.

Download

Link for repository: https://github.com/TheresAFewConors/Sooty

You can easily copy binary by using the below command:

git clone https://github.com/TheresAFewConors/Sooty.git

Installation

Just change the directory by using the command "cd"

cd Sooty

Use the below command for prerequisites:

pip install -r requirements.txt

To run, type the below command:

python3 Sooty.py

You need to register with the following repositories for the smooth working of the tool. Although it will work without these keys also, functionality will be limited.

• VirusTotal API Key
• URLScan.io API Key
• AbuseIPDB API Key
• HaveIBeenPwned API Key
• PhishTank API Key
• EMAILREP API KEY

For proper functioning and advanced features, you need to config the file available in the main directory.

You can also launch Sooty with Docker:

docker build -t sooty . && docker run --rm -it sooty

What can Sooty do?

• Sanitization of URL
• Able to perform WHOIS Lookup, Reverse DNS, and DNS lookups
• Under Decoders, it will support ProofPoint Decoder, URL Decoder, Office SafeLinks Decoder, URL unShortener, Base64 Decoder, Cisco Password 7 Decoder and Unfurl URL
• Reputation check for IP, URL, or Email Address
• Able to check hash for malicious activity

Conclusion

This blog provides the basics of the tool Sooty. In this blog, I have used Kali Linux operating system for installation. You can also use another Linux-based operating system such as Fedora, Ubuntu, etc.