mosesschwartz/pivoteer

Pivoting API

Pivoteer is an API for various REST services for rapid intel gathering and pivoting.

Installation

virtualenv venv
source venv/bin/activate

python setup.py install 

Build a config file in your working directory.

Create a config file in your local working directory and have
# NEW KEY
iSight_public_key = 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'
iSight_private_key = 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'
vt_token = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
opendns_token = "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXX"

with the appropriate keys

Examples

There are a few examples in the examples directory

(venv)Anon:examples rickcorrea$ python pivotHash.py
initial
[u'5cc3acd8532f40ee8839d6858769ddec']
[u'www.cr0798.com', u'dlq.tao8web.com']
[u'http://www.cr0798.com/haoy.ini', u'http://www.cr0798.com/gg.htm', u'http://www.cr0798.com/hawg.ini']
[u'222.186.58.37', u'222.186.50.217', u'23.102.23.44']
[]
[]
[]

initial + email pivot
[u'5cc3acd8532f40ee8839d6858769ddec']
[u'www.cr0798.com', u'dlq.tao8web.com']
[u'http://www.cr0798.com/haoy.ini', u'http://www.cr0798.com/gg.htm', u'http://www.cr0798.com/hawg.ini']
[u'222.186.58.37', u'222.186.50.217', u'23.102.23.44']
[]
[]
[]

add another domain route
[u'5cc3acd8532f40ee8839d6858769ddec']
[u'www.cr0798.com', u'dlq.tao8web.com']
[u'http://www.cr0798.com/haoy.ini', u'http://www.cr0798.com/gg.htm', u'http://www.cr0798.com/hawg.ini']
[u'222.186.58.37', u'222.186.50.217', u'23.102.23.44']
[u'308524715@qq.com']
[]
[]

Write your own

# import the functions
from pivoteer import Hopper
from pivoteer import pivotHash
from pivoteer import pivotIP
from pivoteer import pivotDomain
from pivoteer import pivotEmail
# don't forget to include your config.py file in your working directory

# do an initial pivot off a domain
bigResult = pivotHash("514d6edce7be091c45a52fcdddc47f0e279cddee50573c0dfdd2ae08c116c7ed")

print "initial\n", bigResult

# double pivot
emailPivot = Hopper()
for email in bigResult.email_container.keys():
    emailPivot = pivotEmail(email)
bigResult += emailPivot
print "initial + email pivot\n", bigResult

# triple pivot
domainPivot = Hopper()
for domain in bigResult.domain_container.keys():
    domainPivot = pivotDomain(domain)
bigResult += domainPivot

print "add another domain route\n", bigResult

To Do

• Give a proper error message when no keys or config directory is found
• Gracefully exit when a particular API key doesn't exist (e.g. if a user doesn't have an iSight account)
• Do non-blocking IO (grequests)
• Add more service pivoting services
• Allow a user to enter their tolerance for False Positives (i.e exclude related domains)