LocCheck is a tool for simplifying the process of researching file hashes, IP addresses, and other indicators of compromise (IOCs).
Features
Quickstart
pip install ioccheck
You can also run the code directly
git clone https://github.com/ranguli/ioccheck && cd ioccheck
poetry install
Usage
➜ ioccheck 275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f
Checking hash 275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f.
[] Hashing algorithm: SHA256 [] VirusTotal URL:
https://virustotal.com/gui/file/275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f/
[] VirusTotal detections: 61 engines (81%) detected this file. ╒══════════════╤════════════╤═══════════════════════════════╕ │ Antivirus │ Detected │ Result │ ╞══════════════╪════════════╪═══════════════════════════════╡ │ Malwarebytes │ No │ │ ├──────────────┼────────────┼───────────────────────────────┤ │ Avast │ Yes │ EICAR Test-NOT virus!!! │ ├──────────────┼────────────┼───────────────────────────────┤ │ ClamAV │ Yes │ Win.Test.EICAR_HDB-1 │ ├──────────────┼────────────┼───────────────────────────────┤ │ Kaspersky │ Yes │ EICAR-Test-File │ ├──────────────┼────────────┼───────────────────────────────┤ │ BitDefender │ Yes │ EICAR-Test-File (not a virus) │ ├──────────────┼────────────┼───────────────────────────────┤ │ Paloalto │ No │ │ ├──────────────┼────────────┼───────────────────────────────┤ │ TrendMicro │ Yes │ Eicar_test_file │ ├──────────────┼────────────┼───────────────────────────────┤ │ FireEye │ Yes │ EICAR-Test-File (not a virus) │ ├──────────────┼────────────┼───────────────────────────────┤ │ Sophos │ Yes │ EICAR-AV-Test │ ├──────────────┼────────────┼───────────────────────────────┤ │ Microsoft │ Yes │ Virus:DOS/EICAR_Test_File │ ├──────────────┼────────────┼───────────────────────────────┤ │ McAfee │ Yes │ EICAR test file │ ├──────────────┼────────────┼───────────────────────────────┤ │ Fortinet │ Yes │ EICAR_TEST_FILE │ ├──────────────┼────────────┼───────────────────────────────┤ │ AVG │ Yes │ EICAR Test-NOT virus!!! │ ╘══════════════╧════════════╧═══════════════════════════════╛ [*]VirusTotal reputation:
3392
Using the API
Creating a hash
>>>from ioccheck import Hash
>>>from ioccheck.services import VirusTotal
>>>eicar = Hash(“275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f”)
>>> #what kind of hash is this?
>>>print(eicar.hash_type)
SHA256
Looking up a hash
>>> # With no arguments, check() tries all supported services. API keys grabbed from ~/.ioccheck by default.
>>>eicar.check()
>>> #Alternatively:
>>>eicar.check(services=VirusTotal, config_path=/foo/bar/.ioccheck)
Researching a hash
>>>Check the VirusTotal report to see if Sophos detects our hash
>>>eicar.reports.virustotal.get_detections(engines=[“Sophos”])
{‘Sophos’: {‘category’: ‘malicious’, ‘engine_name’: ‘Sophos’, ‘engine_version’: ‘1.0.2.0’, ‘result’: ‘EICAR-AV-Test’, ‘method’: ‘blacklist’, ‘engine_update’: ‘20210314’}}
>>> #What is this hash known as?
>>> print(eicar.reports.virustotal.name)
‘eicar.com-2224’
>>> # How many AV engines are detecting this hash?
>>> eicar.reports.virustotal.detection_count
60
>>> # Just show me the VirusTotal API response!
>>> eicar.reports.virustotal.api_response
<vt.object.Object file 275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f>
Introduction As cyber threats grow more sophisticated, organizations need more than just firewalls and antivirus…
Introduction When it comes to cybersecurity and ethical hacking, one of the most effective ways…
Introduction In the world of cybersecurity, knowledge is power. One of the most powerful skillsets…
Introduction In the vast ocean of the internet, the most powerful tool you already have…
Pystinger is a Python-based tool that enables SOCKS4 proxying and port mapping through webshells. It…
Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…