/Mortimer

A collection of scripts for processing network forensics type data and intelligence, mainly into a postgres database.

Primary LanguagePythonGNU Affero General Public License v3.0AGPL-3.0

Mortimer

A collection of scripts for processing network forensics type data and intel, mainly into a postgres database.

Released as open source by NCC Group Plc - http://www.nccgroup.com/

Developed for John Green, cirt at nccgroup dot com

https://github.com/nccgroup/mortimer

Released under AGPL see LICENSE for more information

  • broimport.py: Imports bro logs into postgres database. Parses bro header to create table and maps bro data types to postgres

  • extract-all.bro: Bro script to extract files from http/smtp etc

  • importdomain2ip.py: Some demo scripts to import IP intelligence from various locations. YMMV

  • importgoogle.py: Imports google safe browsing database (see wiki). Required APIKEY

  • checkfull.py: Given partial match from GSB database request full SHA hash from Google

  • importdomainlist_malicious.py

  • importiplist_malicious.py

  • importiplist2.py