~alienagain/sec_scripts

b9aa396f9d8a87a50d1d6d48abe363832cfbb3fe — terceranexus6 1 year, 3 months ago e5e2a05
updating the readme
1 files changed, 46 insertions(+), 2 deletions(-)

M README.md
M README.md => README.md +46 -2
@@ 2,8 2,10 @@

These are just some simple useful scripts to look for indicators.

## ALIEN VAULT

## Search pulse

### Search pulse

This script allows searching for pulses related to an input:



@@ 17,7 19,8 @@ For example:
python3 search_pulses.py XHIDE
```

# Search HASH
### Search HASH

This scripts allows searching details about a hash:

```


@@ 31,3 34,44 @@ python3 search_HASH.py SHA256 46b501600a4ee30d014c5356bad83ad2107ba9b9c58ffc717f
```

Note: remember to use your own API key! change the "otx" variable content.


## VIRUSTOTAL

### Get report

This script will give you a fast report using a hash:

```
./get_report.sh <hash> <name of the output file>
```

For example:

```
./get_report fcdec9d9b195b8ed827fb46f1530502816fe6a04b1f5e740fda2b126df2d9fd5 example
```

This will produce a `example.json` file and a `readable_example` file. The `.json` is the whole VT report, while `readable_` is a fast-readable version with key values. In the example above, the readable would look like:

```
Threat label:
hacktool


Tags:
executable
windows
win32
pe
peexe


Meaningful name:
smb2os.exe


Imports:
mscoree.dll
``` 
This way it's easy to see in a first glance what it is.
\ No newline at end of file