Sooty - A SOC Analyst CLI Tool
Sooty is a handy tool to help in Security Operations Center (SOC) operations. This tool help in the automation of security checks and the workflow of the target. Once basic security checks are performed by this tool, analysts will perform deeper analysis in the same time frame.
Link for repository: https://github.com/TheresAFewConors/Sooty
You can easily copy binary by using the below command:
git clone https://github.com/TheresAFewConors/Sooty.git
Just change the directory by using the command "cd"
Use the below command for prerequisites:
pip install -r requirements.txt
To run, type the below command:
You need to register with the following repositories for the smooth working of the tool. Although it will work without these keys also, functionality will be limited.
- VirusTotal API Key
- URLScan.io API Key
- AbuseIPDB API Key
- HaveIBeenPwned API Key
- PhishTank API Key
- EMAILREP API KEY
For proper functioning and advanced features, you need to config the file available in the main directory.
You can also launch Sooty with Docker:
docker build -t sooty . && docker run --rm -it sooty
What can Sooty do?
- Sanitization of URL
- Able to perform WHOIS Lookup, Reverse DNS, and DNS lookups
- Under Decoders, it will support ProofPoint Decoder, URL Decoder, Office SafeLinks Decoder, URL unShortener, Base64 Decoder, Cisco Password 7 Decoder and Unfurl URL
- Reputation check for IP, URL, or Email Address
- Able to check hash for malicious activity
This blog provides the basics of the tool Sooty. In this blog, I have used Kali Linux operating system for installation. You can also use another Linux-based operating system such as Fedora, Ubuntu, etc.
Subscribe us to receive more such articles updates in your email.
If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!
Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.