Skip to content

WaffleThief123/autosea

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

40 Commits
data
data
 
 
modules-bash
modules-bash
 
 
modules-python
modules-python
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
core.sh
core.sh
 
 
docker-compose.yml
docker-compose.yml
 
 

Repository files navigation

AutoSea

The Internet is like a giant body of water, everything connected in ways we might not always sea.

AutoSea is a reconnaissance tool designed for Trust & Safety teams and Abuse Researchers. It provides rapid analysis of suspicious domains, including URL deobfuscation, HTTP header inspection, DNS lookups, and VirusTotal reputation checks—all with YAML-formatted output for easy documentation.

Features

  • URL Deobfuscation — Automatically converts obfuscated URLs (hxxp://, [.], etc.) to standard format
  • HTTP Header Analysis — Fetches response headers and follows redirect chains
  • DNS Records — Full DNS lookup (A, AAAA, MX, TXT, NS, CNAME, SOA records)
  • WHOIS Lookup — Domain registration info with age calculation and warnings for recently registered domains
  • SSL Certificate Analysis — Certificate issuer, validity dates, SANs, and expiration warnings
  • Abuse Contact Lookup — RDAP-based lookup for abuse reporting contacts
  • VirusTotal Integration — Queries VT API for domain reputation and detection counts
  • Batch Processing — Process multiple URLs from a file
  • JSON Output — Optional JSON output for integration with other tools
  • YAML Output — Default output formatted for easy pasting into case notes

Installation

Prerequisites

  • Python 3.x with pip
  • System utilities: jq, curl, host, base64, sha256sum, sha512sum, sed, awk
  • A VirusTotal API key

Setup

  1. Clone the repository:

    git clone https://github.com/wafflethief123/autosea.git
cd autosea

  2. Configure your environment:

    cp ./data/.env.example ./data/.env
# Edit ./data/.env and add your VirusTotal API key

  3. Install dependencies:

    Linux (auto-detects dnf/yum/apt):

    ./core.sh --install-requirements

    macOS (requires Homebrew, Python3, and pip):

    python3 -m pip install -r ./data/python-requirements.txt --break-system-packages

Docker

# Build and run with a target URL
TARGET_URL=https://example.com docker-compose up --build

Usage

# Analyze a single domain
./core.sh https://example.com

# Analyze multiple domains
./core.sh https://example.com https://example.net https://example.org

# Process URLs from a file (one URL per line, # for comments)
./core.sh --file urls.txt

# Output in JSON format (NDJSON - one JSON object per check)
./core.sh --json https://example.com

# Combine batch processing with JSON output
./core.sh --json --file urls.txt

# Configure a custom user agent
./core.sh --user-agent

Exit Codes

Code Description
1 General error (accompanied by text explanation)
2 Invalid URL format (failed regex validation)
3 No URL provided

Contributing

Contributions are welcome. To add a new module:

  1. Create your module in the working directory (it will be sourced on startup)

  2. Add any new dependencies to ./data/bash-requirements.yml

  3. Ensure output follows YAML format:

    commandName:
    response:
        key: value
        list:
        - item 1
        - item 2

  4. Submit a pull request with your changes

License

See LICENSE for details.

About

The internet is vast, and visibility is hard for Abuse Researchers. This is a tool to hopefully help those out there who need a quicker "overview" of what's behind a domain.

Resources

Readme

License

GPL-3.0 license
Activity

Stars

1 star

Watchers

4 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages