iocutil.rs
IoC utilities for malware researchers
usage
add trailing config into [dependencies]
your Cargo.toml
="0.1.0"
and import in your Rust code
use *;
what does it do?
hash manipulation
calc
let c = of_file.unwrap;
println!;
retrieve
let hashes: = scrape.unwrap;
hashes
.into_iter
.for_each;
API Clients
VirusTotal
// read apikey from environment variable `$VTAPIKEY`
let client = default;
// search new samples for recent one week(limit 300 samples)
// this requires private API. It consume a request per 300 hashes.
let samples: = client.search.unwrap;
samples.into_iter.for_each;
// or
let report = client
.query_filereport
.unwrap;
other features:
- download file
- allinfo report
- etc.
AlienVault OTX
// read apikey from environment variable `$OTX_APIKEY`
let client = default;
let pulses: = client.pulses_from.unwrap;
pulses
.into_iter
.inspect
.map
.flat_map
.for_each
other features:
- query a hash indicator
future work
-
add api clients for reverse.it and so on
-
support other IoCs (like IPs, URLs)
-
documentation
Author
- 0x75960 0x75960@strelka.cc