ioccheck: simplifying the process of researching IOCs

ioccheck

A tool for simplifying the process of researching file hashes, IP addresses, and other indicators of compromise (IOCs).

Features

Look up hashes across multiple threat intelligence services, from a single command or a few lines of Python.
Currently supports the following services:
Planned support:
- URLhaus
- OTX
- InQuest Labs
- MalShare
- Malpedia
- Maltiverse

Install

pip install ioccheck

Use

Using the API

Creating a hash

>>> from ioccheck import Hash

>>> from ioccheck.services import VirusTotal

>>> eicar = Hash("275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f")

>>> # What kind of hash is this?

>>> print(eicar.hash_type)

SHA256

Looking up a hash

Researching a hash

>>> # Just show me the VirusTotal API response!

>>> eicar.reports.virustotal.api_response

<vt.object.Object file 275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f>

Source: https://github.com/ranguli

Tags: ioccheck