iocutil.rs

IoC utilities for malware researchers

usage

add trailing config into [dependencies] your Cargo.toml

toml iocutil="0.1.0"

and import in your Rust code

rust use iocutil::prelude::*;

what does it do?

hash manipulation

calc

```rust let c = ContentHash::of_file(r"C:\Windows\notepad.exe").unwrap();

println!("sha256: {}\nsha1: {}\nmd5: {}", c.sha256, c.sha1, c.md5); ```

retrieve

```rust let hashes: Vec<_> = SampleHash::scrape( "https://www.malware-traffic-analysis.net/2019/05/20/index.html" ).unwrap();

hashes .intoiter() .foreach(|x| println!("{}", x)); ```

API Clients

VirusTotal

``rust // read apikey from environment variable$VTAPIKEY` let client = VirusTotalClient::default();

// search new samples for recent one week(limit 300 samples) // this requires private API. It consume a request per 300 hashes. let samples: Vec<_> = client.search( fs!(at!(1, days ago) =>), Some(300) ).unwrap();

samples.intoiter().foreach(|x| println!("{}", x));

// or

let report = client .query_filereport(samples.first().unwrap()) .unwrap(); ``` other features:

AlienVault OTX

``rust // read apikey from environment variable$OTX_APIKEY` let client = AlienVaultOTXClient::default();

let pulses: Vec = client.pulses_from(at!(1, weeks ago)).unwrap();

pulses .intoiter() .inspect(|x| println!("\n# {}\n", x.name)) .map(|x| x.into()) .flatmap(|x: Vec| x) .for_each(|x: SampleHash| println!("* {}", x)) ``` other features:

future work

Author