The SOC Analysts all-in-one CLI tool to automate and speed up workflow.
Sooty is a tool developed with the task of aiding SOC analysts with automating part of their workflow. One of the goals of Sooty is to perform as many of the routine checks as possible, allowing the analyst more time to spend on deeper analysis within the same time-frame. Details for many of Sooty's features can be found below.
Sooty is now proudly supported by Tines.com! The SOAR Platform for Enterprise Security Teams.
└── Main Menu
├── Sanitize URL's for use in emails
| └── URL Sanitizing Tool
├── Decoders
| ├── ProofPoint Decoder
| ├── URL Decoder
| ├── Office Safelinks Decoder
| ├── URL Unshortener
| ├── Base 64 Decoder
| ├── Cisco Password 7 Decoder
| └── Unfurl URL
├── Reputation Checker
| └── Reputation Checker for IP's, URL's or email addresses
├── DNS Tools
| ├── Reverse DNS Lookup
| ├── DNS Lookup
| └── WhoIs Lookup
├── Hashing Functions
| ├── Hash a File
| ├── Hash a Text Input
| ├── Check a hash for known malicious activity
| └── Hash a file and check for known malicious activity
├── Phishing Analysis
| ├── Analyze an Email
| ├── Analyze an email address for known malicious activity
| ├── Generate an email template based on analysis
| ├── Analyze a URL with Phishtank
| └── HaveIBeenPwned Lookup
├── URL Scan
| └── URLScan.io lookup
├── Extra's
| ├── About
| ├── Contributors
| ├── Version
| ├── Wiki
| └── Github Repo
└── Exit
pip install -r requirements.txt
python Sooty.py
, or simply Sooty.py
example_config.yaml
file, and rename the file to config.yaml
, example layout below:config.yaml
file with your unique name.This is an outline of what features will be coming in future versions.