Sooty - A SOC Analyst CLI Tool

Sooty is a handy tool to help in Security Operations Center (SOC) operations. This tool help in the automation of security checks and the workflow of the target. Once basic security checks are performed by this tool, analysts will perform deeper analysis in the same time frame.


Link for repository:

You can easily copy binary by using the below command:

git clone


Just change the directory by using the command "cd"

cd Sooty

Use the below command for prerequisites:

pip install -r requirements.txt

To run, type the below command:


You need to register with the following repositories for the smooth working of the tool. Although it will work without these keys also, functionality will be limited.

For proper functioning and advanced features, you need to config the file available in the main directory.

You can also launch Sooty with Docker:

docker build -t sooty . && docker run --rm -it sooty

What can Sooty do?

  • Sanitization of URL
  • Able to perform WHOIS Lookup, Reverse DNS, and DNS lookups
  • Under Decoders, it will support ProofPoint Decoder, URL Decoder, Office SafeLinks Decoder, URL unShortener, Base64 Decoder, Cisco Password 7 Decoder and Unfurl URL
  • Reputation check for IP, URL, or Email Address
  • Able to check hash for malicious activity


This blog provides the basics of the tool Sooty. In this blog, I have used Kali Linux operating system for installation. You can also use another Linux-based operating system such as Fedora, Ubuntu, etc.

Subscribe us to receive more such articles updates in your email.

If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!

Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *