BigSnarf blog

Infosec FTW

FlowBot

Screen Shot 2014-10-25 at 1.26.17 PM

Screen Shot 2014-10-25 at 12.25.02 AM

Screen Shot 2014-10-25 at 12.09.30 AM

Commands

  • incident response checklists
  • memory capture
  • routine live memory analysis reporting
  • elasticsearch netflows
  • asset listing
  • users listing
  • users login histories
  • remote login histories
  • password changes histories
  • patch management
  • last contact firewall
  • last contact SIEM
  • software inventories
  • graph analysis netflows
  • ports listing
  • connection listing
  • stats. history
  • anomaly detection
  • dns resolution
  • passive dns lookup
  • PCAP analysis
  • osquery lookups
  • ASN
  • malware
  • blacklists
  • whitelists
  • google
  • long running history
  • zip functionality and hosting
  • ssdeep
  • cuckoo sandbox submission
  • md5
  • google safebrowsing
  • Carbon Black
  • NetWitness Pivot Query
  • RSA NetWitness
  • RSA Security Analytics graphs
  • url void
  • safe search
  • malware domain search
  • centralops
  • bit9 md5
  • virustotal
  • dns
  • asn
  • netflow
  • internal search history
  • betweeness and centrality measures
  • mathy anomaly detection
  • ML AD
  • command lookup
  • gifs
  • emoticons
  • weather
  • jokes
  • compliments
  • new
  • horoscope
  • help
  • movie quotes
  • limericks
  • daily standup reminder
  • vacay pics
  • cute pics
  • corgis
  • cat
  • youtube
  • calendar
  • fortune cookie
  • message of the day
  • password generator
  • plugins like hubbot

 

How it works:

  1. Private message to FlowBot
  2. A text pattern detected in any message
  3. HTTP response triggered when there is a match

Things that can be done:

  1. Executing a shell command
  2. Executing something on a remote server
  3. HTTP get
  4. Listing of data sources

 

Links

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: