hubot-vtr-scriptsdeprecated

A set of scripts to make Hubot a Digital Forensics & Incident Response sidekick

Usage no npm install needed!

<script type="module">
  import hubotVtrScripts from 'https://cdn.skypack.dev/hubot-vtr-scripts';
</script>

README

hubot-vtr-scripts

Build Status

This is Hubot VTR, a series of Hubot actions for making Hubot a Computer Network Defense badass. The goal of this project is to create a series of Hubot actions for OSINT collection, Network Forensics, System Forensics, Reverse Engineering and other Network Defense tasks.

I gave a presentation about Hubot VTR at BSidesDFW. Check out my slides.

Setup

First things first you'll need Node.js and NPM installed, after that setting up Hubot VTR using NPM is easy.

  1. npm install hubot-vtr-scripts

  2. Add "hubot-vtr-scripts": ">= 1.0.7" to the dependences list in your Hubot package.json.

  3. Add "hubot-vtr-scripts" into your external-dependencies.json script between the brackets.

You're done! Restart Hubot and you're good to go!

Environment Variables

Certain scripts require use of private APIs and these require API authentication keys. You set those as environment variables.

How you set these up may vary on your deployment method and operating system. For most Linux/OSX systems, you would do something like this from the command line:

export MYWOT_API_KEY=XXXXXXXXXXXXXX

If you're running your Hubot on Heroku, you would run this from your local command line where the Heroku tools are installed:

heroku config:add MYWOT_API_KEY='XXXXXXXXXXXXXXXXXXXXXXXX'

Community Scripts

Getting the recommended community scripts necessary requires adding the following lines into hubot-scripts.json:

"announce.coffee",
"availability.coffee",
"deadline.coffee",
"http-info.coffee",
"isup.coffee",
"news.coffee",
"pypi.coffee",
"sms.coffee",
"heroku-status.coffee",
"ip.coffee",
"reload.coffee",
"update.coffee",
"base36.coffee",
"base58.coffee",
"base64.coffee"

VTR Scripts

Script Description
Code Name Generator Generates code names for being spooky
Geolocate IP Identify the physical location of an IP address
MyWOT Look up the reputation of a website
Pipl Look up OSINT on a users email address
Google Safebrowsing Look up Safebrowsing status of a URL
Reputation Links Generate links for Robtext, IP/URLVoid, etc
Reverse DNS Get the urls associated with an IP address
Shodan Search engine for server strings.
Short URL Expander Take a shortened URL and find out where it redirects to.
VirusTotal Hash, URLs, IP Addresses
Yara Generates template for creating Yara rules.
OpenDNS Accesses the OpenDNS Investigation graph.

Additional Optional Community Scripts

These scripts are not required, but you may find them useful for your team. They may require their own configuration.

Core

Script Description
announce.coffee Send messages to all chat rooms.
availability.coffee Set your availability status so people know whether they're able to come over and chat with you or ping you over IM.
deadline.coffee Tracks when stuff is due.
http-info.coffee Returns title and description when links are posted.
isup.coffee Uses downforeveryoneorjustme.com to check if a site is up.
news.coffee Returns the latest news headlines from Google.
pypi.coffee Simple Python Package Index querying using XMLRPC API.
sms.coffee Allows Hubot to send text messages using Twilio API.

Administrative Scripts

Script Description
heroku-status.coffee Show current Heroku status and issues.
ip.coffee Return Hubot's external IP address (via jsonip.com).
reload.coffee Allows Hubot to (re)load scripts without restart.
update.coffee Allows hubot to update itself using git pull and npm update.

Encoding

Script Description
base36.coffee Base36 encoding and decoding.
base58.coffee Base58 encoding and decoding.
base64.coffee Base64 encoding and decoding.

Testing

From the root project directory run:

npm test

Special Thanks