Gordon, an aggregator of your cyber reputation checks

This post introduces the beginnings and his current architecture

Image for post
Image for post
Homepage

Why Gordon ?

Whether it be during my investigations at work or personal surfing sessions, I’m too lazy to use several sources to check if a domain or email address is suspicious or malicious. Some awesome OSINT tools exist, but I didn’t have one to aggregates them all into one simple web interface. On top of that, I wanted to start by building a usable and useful tool on AWS infrastructure that I could share with my entourage. I would have liked to share Gordon widely, but I’m constrained by the query limits that free API sources provide. Lastly, the lock down during the COVID-19 crisis gave me a lot of time, a rare resource that considerably contributed in completing Gordon.

Objectives

When I built Gordon, I tried to follow several rules:

Attempt with Slack

Before hosting Gordon entirely on AWS, I tried to build a front-end on Slack as a ‘bot’ using Slack Commands feature and processing them on AWS. It works like a charm with one engine, but with two or more it is a mess and unusable. Slack is not suitable for presenting multiple results ; it is a good chat tool for “one question, one short response” capability, but not as a reporting tool…

Image for post
Image for post
Request with Slack Command
Image for post
Image for post
Results with Slack’s Incoming Webhook

Current architecture and how it works

To get all AWS capabilities and cheapest prices, all resources are hosted in “US East (Northern Virginia)” region, except for 2 resources invoked near the user location.

Image for post
Image for post
Architecture with AWS icons
Image for post
Image for post
Waiting page with one parsed observable
  • Backup config and code on S3.
  • Re-enforce the security (input control)
  • The quality of the Python code, long way…
  • Industrialize deployment with CI/CD pipeline and Infrastructure as Code with a framework (SAM, Serverless, …).

InfoSec guy

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store