LocCheck : A Tool For Simplifying The Process Of Researching IOCs

LocCheck is a tool for simplifying the process of researching file hashes, IP addresses, and other indicators of compromise (IOCs).

Features

Quickstart

pip install ioccheck

You can also run the code directly

git clone https://github.com/ranguli/ioccheck && cd ioccheck
poetry install

Usage

➜ ioccheck 275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f
Checking hash 275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f.
[] Hashing algorithm: SHA256 [] VirusTotal URL:
https://virustotal.com/gui/file/275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f/
[] VirusTotal detections: 61 engines (81%) detected this file. ╒══════════════╤════════════╤═══════════════════════════════╕ │ Antivirus │ Detected │ Result │ ╞══════════════╪════════════╪═══════════════════════════════╡ │ Malwarebytes │ No │ │ ├──────────────┼────────────┼───────────────────────────────┤ │ Avast │ Yes │ EICAR Test-NOT virus!!! │ ├──────────────┼────────────┼───────────────────────────────┤ │ ClamAV │ Yes │ Win.Test.EICAR_HDB-1 │ ├──────────────┼────────────┼───────────────────────────────┤ │ Kaspersky │ Yes │ EICAR-Test-File │ ├──────────────┼────────────┼───────────────────────────────┤ │ BitDefender │ Yes │ EICAR-Test-File (not a virus) │ ├──────────────┼────────────┼───────────────────────────────┤ │ Paloalto │ No │ │ ├──────────────┼────────────┼───────────────────────────────┤ │ TrendMicro │ Yes │ Eicar_test_file │ ├──────────────┼────────────┼───────────────────────────────┤ │ FireEye │ Yes │ EICAR-Test-File (not a virus) │ ├──────────────┼────────────┼───────────────────────────────┤ │ Sophos │ Yes │ EICAR-AV-Test │ ├──────────────┼────────────┼───────────────────────────────┤ │ Microsoft │ Yes │ Virus:DOS/EICAR_Test_File │ ├──────────────┼────────────┼───────────────────────────────┤ │ McAfee │ Yes │ EICAR test file │ ├──────────────┼────────────┼───────────────────────────────┤ │ Fortinet │ Yes │ EICAR_TEST_FILE │ ├──────────────┼────────────┼───────────────────────────────┤ │ AVG │ Yes │ EICAR Test-NOT virus!!! │ ╘══════════════╧════════════╧═══════════════════════════════╛ [*]VirusTotal reputation:
3392

Using the API

Creating a hash

>>>from ioccheck import Hash
>>>from ioccheck.services import VirusTotal
>>>eicar = Hash(“275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f”)
>>> #what kind of hash is this?
>>>print(eicar.hash_type)
SHA256

Looking up a hash

>>> # With no arguments, check() tries all supported services. API keys grabbed from ~/.ioccheck by default.
>>>eicar.check()
>>> #Alternatively:
>>>eicar.check(services=VirusTotal, config_path=/foo/bar/.ioccheck)

Researching a hash

>>>Check the VirusTotal report to see if Sophos detects our hash
>>>eicar.reports.virustotal.get_detections(engines=[“Sophos”])
{‘Sophos’: {‘category’: ‘malicious’, ‘engine_name’: ‘Sophos’, ‘engine_version’: ‘1.0.2.0’, ‘result’: ‘EICAR-AV-Test’, ‘method’: ‘blacklist’, ‘engine_update’: ‘20210314’}}
>>> #What is this hash known as?
>>> print(eicar.reports.virustotal.name)
‘eicar.com-2224’
>>> # How many AV engines are detecting this hash?
>>> eicar.reports.virustotal.detection_count
60

>>> # Just show me the VirusTotal API response!
>>> eicar.reports.virustotal.api_response
<vt.object.Object file 275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f>

R K

Recent Posts

How to Use the Linux find Command to Locate Files Like a Pro

Managing files efficiently is a core skill for anyone working in Linux, whether you're a…

2 days ago

How to Check Open Ports in Linux Using netstat, ss, and lsof

Open ports act as communication endpoints between your Linux system and the outside world. Every…

2 days ago

Best Endpoint Monitoring Tools for 2026

Introduction In today’s cyber threat landscape, protecting endpoints such as computers, smartphones, and tablets from…

4 days ago

Best 9 Incident Response Automation Tools

Introduction In today's fast-paced cybersecurity landscape, incident response is critical to protecting businesses from cyberattacks.…

4 days ago

How AI Puts Data Security at Risk

Artificial Intelligence (AI) is changing how industries operate, automating processes, and driving new innovations. However,…

2 months ago

The Evolution of Cloud Technology: Where We Started and Where We’re Headed

Image credit:pexels.com If you think back to the early days of personal computing, you probably…

3 months ago