~alienagain/sec_scripts

scripting for quick TH/TI lookup
adding some ideas forpython tools in intel
actualizo contenido de opencti y degrado scripts
adding a script to ingest a threat actor and indicator bundle in opencti

refs

master
browse  log 

clone

read-only
https://git.sr.ht/~alienagain/sec_scripts
read/write
git@git.sr.ht:~alienagain/sec_scripts

You can also use your local clone with git send-email.

#JUST SOME SCRIPTS!

These are just some simple useful scripts to look for indicators.

#ALIEN VAULT

#Search pulse

This script allows searching for pulses related to an input:

python3 search_pulses.py <my input>

For example:

python3 search_pulses.py XHIDE

#Search HASH

This scripts allows searching details about a hash:

python3 search_HASH.py <HASH type> <HASH value>

For example:

python3 search_HASH.py SHA256 46b501600a4ee30d014c5356bad83ad2107ba9b9c58ffc717f60f986322721d4

Note: remember to use your own API key! change the "otx" variable content.

#VIRUSTOTAL

#Get report

This script will give you a fast report using a hash:

./get_report.sh <hash> <name of the output file>

For example:

./get_report.sh fcdec9d9b195b8ed827fb46f1530502816fe6a04b1f5e740fda2b126df2d9fd5 example

This will produce a example.json file and a readable_example file. The .json is the whole VT report, while readable_ is a fast-readable version with key values. In the example above, the readable would look like:

Threat label:
hacktool


Tags:
executable
windows
win32
pe
peexe


Meaningful name:
smb2os.exe


Imports:
mscoree.dll

This way it's easy to see in a first glance what it is.