_.....---..._
_..-'-. _.--' '--.._
_.-' ( 0) Y'' ''-.._
(---.._, '-._
`---.,___.-\ \----......./ /..------...____ '-.
_/ / _/ / __\ \ __\ \ `-. \
(((-' (((-' (((---' (((---` ) /
.-'.-'
Chameleon: @domchell, MDSec ActiveBreach (__`-,
``
Chameleon is a tool which assists red teams in categorising their infrastructure under arbitrary categories. Currently, the tool supports arbitrary categorisation for Bluecoat, McAfee Trustedsource and IBM X-Force. However, the tool is designed in such a way that additional proxies can be added with ease.
usage: chameleon.py [-h] [--proxy <proxy>] [--check] [--submit]
[--domain <domain>]
optional arguments:
-h, --help show this help message and exit
--proxy <proxy> Proxy type: a = all, b = bluecoat, m = mcafee, i = IBM
Xforce
--check Perform check on current category
--submit Submit new category
--domain <domain> Domain to validate
Example 1: Checking the category of your website against all supported proxies:
$ python chameleon.py --proxy a --check --domain google.com
_.....---..._
_..-'-. _.--' '--.._
_.-' ( 0) Y'' ''-.._
(---.._, '-._
`---.,___.-\ \----......./ /..------...____ '-.
_/ / _/ / __\ \ __\ \ `-. \
(((-' (((-' (((---' (((---` ) /
.-'.-'
Chameleon: @domchell, MDSec ActiveBreach (__`-,
``
[-] Targeting Bluecoat WebPulse
[-] Checking category for google.com
[-] Your site is categorised as: Search Engines/Portals
[-] Targeting McAfee Trustedsource
[-] Getting anti-automation tokens
[-] Checking category for google.com
[-] Found category: - Search Engines
[-] Targeting IBM Xforce
[-] IBM xForce Check: google.com
[-] Domain categorised as Search Engines / Web Catalogues / Portals
Example 2: Submitting your domain for the financial category for McAfee proxy only:
$ python chameleon.py --proxy m --submit --domain foobar.com
_.....---..._
_..-'-. _.--' '--.._
_.-' ( 0) Y'' ''-.._
(---.._, '-._
`---.,___.-\ \----......./ /..------...____ '-.
_/ / _/ / __\ \ __\ \ `-. \
(((-' (((-' (((---' (((---` ) /
.-'.-'
Chameleon: @domchell, MDSec ActiveBreach (__`-,
``
[-] Targeting McAfee Trustedsource
[-] Getting anti-automation tokens
[-] Checking category for foobar.com
[-] Found category: - Personal Pages
[-] Submitting URL for finance category
[-] URL submitted, please wait up to 6 hours for categorisation
Caution: when attempting to categorise a site in Bluecoat, do not check the category first otherwise it will end up uncategorised! Individual hosts can however be categorised differently.
Chameleon was developed by Dominic Chell of the MDSec ActiveBreach team.
Categorisation checks for Bluecoat and IBM X-Force were reused based on code originally developed in DomainHunter and CatMyFish.