wgpsec / tig Goto Github PK

View Code? Open in Web Editor NEW

849.0 15.0 138.0 1.62 MB

Threat Intelligence Gathering 威胁情报收集，旨在提高蓝队拿到攻击 IP 后对其进行威胁情报信息收集的效率。

License: Apache License 2.0

Python 100.00%

tig's People

Contributors

Stargazers

Watchers

Forkers

bg6cq tomyang9 wuwx org-mars michaelcandoo jasonlou daveqqq fleabane1 ldong2014 atdpa4sw0rd 02bx waterwei potato123-ui kaka77 9tail123 jwangkun c0c1 sbhack wang0098 xiaojiangxl wht0425 warren-jace ape0bakass znlehandwyj zhannj3a2 not-know istoliving crackercat redwifiteam icysun azazel-ginga lfoder y11en yx2124538 xiaoaliha debian457 keac pj209 losermly securitycomplicance baozhazhizi tymerdyiw netzeng qiu957919102 nacteuns dk47os3r zmf963 blockchainguard kenuosec sydneechan tai-rex 12009 phantompit modun k3rwin capjie chcmq gh-jy gitttttbottttt xiju2003 jyh583854536 crazymed leasonj gamblingmaster2020 id88 meowwbox draculanti zaigaochu zha0 liufuqin0922 solitary321 ludashuai001 afwu muqiyip harris2015 silentsoul04 ahisec flowertimes pantness traxsw pighas100kg ev1lfy tricleoo nscosine hjmark2010 jimsonzhang yu-shengi oldmuster kvi74 d0gman ggliks auxiliarya mxm-tools zhouclay excaliburpro rabbitsafe m0cun aqimmm 482949203 1f3lse

tig's Issues

小建议

建议加入360威胁情报查询，根据个人以及同事的使用反馈，360威胁情报库比较强大，建议集成进去

whois报错信息处理

出现这个问题的话把tig.py中whois.whois()改成whois.query()

另外把fofa的信息修改成fofa.info

到了查询备案信息这里，如果超时就报错

建议修改一下，加个报错抛出超时，然后继续执行下一条，现在就是一旦报错就直接退出了，也不会保存文件

报错的内容

Traceback (most recent call last):
  File ".\tig.py", line 655, in <module>
    main(i, config_path, proxies)
  File ".\tig.py", line 413, in main
    IP_reverse2_result = IP_reverse2(ip, proxies)
  File ".\tig.py", line 238, in IP_reverse2
    for ip in r.json():
  File "D:\python37\lib\site-packages\requests\models.py", line 898, in json
    return complexjson.loads(self.text, **kwargs)
  File "D:\python37\lib\json\__init__.py", line 348, in loads
    return _default_decoder.decode(s)
  File "D:\python37\lib\json\decoder.py", line 337, in decode
    obj, end = self.raw_decode(s, idx=_w(s, 0).end())
  File "D:\python37\lib\json\decoder.py", line 355, in raw_decode
    raise JSONDecodeError("Expecting value", s, err.value) from None
json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)

[EROR] 访问 https://fofa.so/api/v1/search/all?email=（我的email）&key=20fa8e7bc14fee2487b42f368a70a8e2&qbase64
=NDcuMjQwLjczLjc3&size=100 发生错误，错误信息： ReadTimeo
ut(ReadTimeoutError("HTTPSConnectionPool(host='fofa.so',
port=443): Read timed out. (read timeout=5)",),)
[EROR] 查询 47.240.73.77 的 Fofa
信息发生错误，错误信息：AttributeError("'str' object has
no attribute 'json'",)

情报查询报错

您好，配置完微步在线api后，发现无法查询，微步在线的api接口地址变了

error

Traceback (most recent call last):
File "tig.py", line 509, in
main(ip, config_path, proxies)
File "tig.py", line 288, in main
ThreatBook_result = ThreatBook(ip, config_path)
File "tig.py", line 149, in ThreatBook
confidence_level = r_json['data']['%s' % ip]['confidence_level'] # 情报可信度
KeyError: 'data'

微步 API 调用失败，错误信息：无效的API接口参数名：resource

是有BUG吗？

python3 tig.py -i X.X.X.X
+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+
|T|h|r|e|a|t| |I|n|t|e|l|l|i|g|e|n|c|e| |G|a|t|h|e|r|i|n|g|
+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+
团队：狼组安全团队作者：TeamsSix 版本：0.5

[18:18:48] 检测到您可能是第一次运行本程序，请根据程序提示输入您的API地 tig.py:71
址，如果没有直接回车即可，但在查询时将不会调用相关模块
请输入您的微步 Api：[填写的是正常的]
请输入您的Fofa邮箱：[填写的是正常的]
请输入您的Fofa Api：[填写的是正常的]
Traceback (most recent call last):
File "/Users/win/Downloads/tig-0.5/tig.py", line 508, in
console.rule("[yellow]正在查询 %s 的情报信息" % ip, align='left', style="yellow")
TypeError: rule() got an unexpected keyword argument 'align'

请问更新到0.5.2后就出现这个

PS D:\测试工具\蓝队溯源\tig-0.4.2> python3 .\tig.py -i 45.79.1.146

+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+
|T|h|r|e|a|t| |I|n|t|e|l|l|i|g|e|n|c|e| |G|a|t|h|e|r|i|n|g|
+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+
团队：狼组安全团队作者：TeamsSix 版本：0.5.2

────────────────────────────────────────────────────────────────────── 正在查询 45.79.1.146 的情报信息 ───────────────────────────────────────────────────────────────────────
Traceback (most recent call last):
File "C:\Program Files\path\Python\Python3.8\lib\configparser.py", line 789, in get
value = d[option]
File "C:\Program Files\path\Python\Python3.8\lib\collections_init_.py", line 891, in getitem
return self.missing(key) # support subclasses that define missing
File "C:\Program Files\path\Python\Python3.8\lib\collections_init_.py", line 883, in missing
raise KeyError(key)
KeyError: 'ti360_cookie'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File ".\tig.py", line 579, in
main(ip, config_path, proxies)
File ".\tig.py", line 341, in main
init_360ti(config_path)
File ".\tig.py", line 308, in init_360ti
ti_portal = cfg.get('Api Config', 'ti360_cookie').strip("'").strip()
File "C:\Program Files\path\Python\Python3.8\lib\configparser.py", line 792, in get
raise NoOptionError(option, section)
configparser.NoOptionError: No option 'ti360_cookie' in section: 'Api Config'

跑一半停住了

跑一半的时候停住= = 也没有啥提示我用的linux跑的。。。想问一下可能哪里有坑么，我已经跑出了部分信息，但是我的列表有一串，到了5个左右就GG了

关于tig 调用出现报错

$ python tig.py -i 8.8.8.8

+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+
|T|h|r|e|a|t| |I|n|t|e|l|l|i|g|e|n|c|e| |G|a|t|h|e|r|i|n|g|
+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+
    团队：狼组安全团队   作者：TeamsSix    版本：0.5

正在查询 8.8.8.8 的情报信息 ───────────────────────────────────────────────────────────────────────────────────────────
Traceback (most recent call last):
  File "tig.py", line 509, in <module>
    main(ip, config_path, proxies)
  File "tig.py", line 288, in main
    ThreatBook_result = ThreatBook(ip, config_path)
  File "tig.py", line 149, in ThreatBook
    confidence_level = r_json['data']['%s' % ip]['confidence_level']  # 情报可信度
KeyError: 'data'

IP Passive Information

Exception in thread Thread-5:
Traceback (most recent call last):
File "/usr/local/Cellar/[email protected]/3.9.2_1/Frameworks/Python.framework/Versions/3.9/lib/python3.9/configparser.py", line 789, in get
value = d[option]
File "/usr/local/Cellar/[email protected]/3.9.2_1/Frameworks/Python.framework/Versions/3.9/lib/python3.9/collections/init.py", line 941, in getitem
return self.missing(key) # support subclasses that define missing
File "/usr/local/Cellar/[email protected]/3.9.2_1/Frameworks/Python.framework/Versions/3.9/lib/python3.9/collections/init.py", line 933, in missing
raise KeyError(key)
KeyError: 'whois_enable'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/local/Cellar/[email protected]/3.9.2_1/Frameworks/Python.framework/Versions/3.9/lib/python3.9/threading.py", line 954, in _bootstrap_inner
self.run()
File "/usr/local/Cellar/[email protected]/3.9.2_1/Frameworks/Python.framework/Versions/3.9/lib/python3.9/threading.py", line 892, in run
self._target(*self._args, **self._kwargs)
File "/Users/sodme/tools/1.information/tig/tig.py", line 524, in IP_reverse_print
IP_reverse_print(ip, config_path, proxies)
File "/Users/sodme/tools/1.information/tig/tig.py", line 302, in IP_reverse_print
Whois_enable = cfg.get('IP Passive Information', 'Whois_enable')
File "/usr/local/Cellar/[email protected]/3.9.2_1/Frameworks/Python.framework/Versions/3.9/lib/python3.9/configparser.py", line 792, in get
raise NoOptionError(option, section)
configparser.NoOptionError: No option 'whois_enable' in section: 'IP Passive Information'
➜ tig

fofa,so 已经被封了，大佬修改一下fofa 的接口啊

期望后面新加的360api也在说明中指导一下使用方法

另，依赖安装少个
pip3 install prettytable