IoC utilities for malware researchers
add trailing config into [dependencies]
your Cargo.toml
toml
iocutil="0.1.0"
and import in your Rust code
rust
use iocutil::prelude::*;
```rust let c = ContentHash::of_file(r"C:\Windows\notepad.exe").unwrap();
println!("sha256: {}\nsha1: {}\nmd5: {}", c.sha256, c.sha1, c.md5); ```
```rust let hashes: Vec<_> = SampleHash::scrape( "https://www.malware-traffic-analysis.net/2019/05/20/index.html" ).unwrap();
hashes .intoiter() .foreach(|x| println!("{}", x)); ```
``rust
// read apikey from environment variable
$VTAPIKEY`
let client = VirusTotalClient::default();
// search new samples for recent one week(limit 300 samples) // this requires private API. It consume a request per 300 hashes. let samples: Vec<_> = client.search( fs!(at!(1, days ago) =>), Some(300) ).unwrap();
samples.intoiter().foreach(|x| println!("{}", x));
// or
let report = client .query_filereport(samples.first().unwrap()) .unwrap(); ``` other features:
``rust
// read apikey from environment variable
$OTX_APIKEY`
let client = AlienVaultOTXClient::default();
let pulses: Vec
pulses
.intoiter()
.inspect(|x| println!("\n# {}\n", x.name))
.map(|x| x.into())
.flatmap(|x: Vec
support other IoCs (like IPs, URLs)
documentation