ioccheck: simplifying the process of researching IOCs

ioccheck

A tool for simplifying the process of researching file hashes, IP addresses, and other indicators of compromise (IOCs).

Features

• Look up hashes across multiple threat intelligence services, from a single command or a few lines of Python.
• Currently supports the following services:
  • VirusTotal
  • MalwareBazaar
  • Shodan.io
• Planned support:
  • URLhaus
  • OTX
  • InQuest Labs
  • MalShare
  • Malpedia
  • Maltiverse

Install

Use

Using the API

Creating a hash

>>> from ioccheck import Hash

>>> from ioccheck.services import VirusTotal

>>> eicar = Hash("275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f")

>>> # What kind of hash is this?

>>> print(eicar.hash_type)

SHA256

Looking up a hash

>>> # Just show me the VirusTotal API response!

>>> eicar.reports.virustotal.api_response

<vt.object.Object file 275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f>