{"id":13845658,"url":"https://github.com/ranguli/ioccheck","last_synced_at":"2025-07-12T03:31:27.847Z","repository":{"id":46799964,"uuid":"347266272","full_name":"ranguli/ioccheck","owner":"ranguli","description":"A tool for simplifying the process of researching IOCs.","archived":true,"fork":false,"pushed_at":"2021-09-24T23:48:30.000Z","size":898,"stargazers_count":25,"open_issues_count":9,"forks_count":0,"subscribers_count":5,"default_branch":"main","last_synced_at":"2024-08-05T17:45:02.843Z","etag":null,"topics":["blueteam","hacking","hacktoberfest","ioc","security"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ranguli.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-03-13T03:54:22.000Z","updated_at":"2023-09-19T13:56:37.000Z","dependencies_parsed_at":"2022-08-22T23:31:07.348Z","dependency_job_id":null,"html_url":"https://github.com/ranguli/ioccheck","commit_stats":null,"previous_names":[],"tags_count":6,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ranguli%2Fioccheck","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ranguli%2Fioccheck/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ranguli%2Fioccheck/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ranguli%2Fioccheck/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ranguli","download_url":"https://codeload.github.com/ranguli/ioccheck/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225791376,"owners_count":17524773,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["blueteam","hacking","hacktoberfest","ioc","security"],"created_at":"2024-08-04T17:03:32.135Z","updated_at":"2024-11-21T19:30:27.447Z","avatar_url":"https://github.com/ranguli.png","language":"Python","funding_links":[],"categories":["Python"],"sub_categories":[],"readme":"# ioccheck\n[![Documentation Status](https://readthedocs.org/projects/ioccheck/badge/?version=latest)](https://ioccheck.readthedocs.io/en/latest/?badge=latest)\n[![Tests](https://github.com/ranguli/ioccheck/actions/workflows/main.yml/badge.svg)](https://github.com/ranguli/ioccheck/actions/workflows/main.yml)\n[![Maintainability](https://api.codeclimate.com/v1/badges/abf6cb8ead9e0269ab22/maintainability)](https://codeclimate.com/github/ranguli/ioccheck/maintainability)\n[![PyPi Status](https://img.shields.io/pypi/v/ioccheck.svg)](https://pypi.org/project/ioccheck/)\n[![codecov](https://codecov.io/gh/ranguli/ioccheck/branch/main/graph/badge.svg?token=pjjBiTgJFC)](https://codecov.io/gh/ranguli/ioccheck)\n\nA tool for simplifying the process of researching file hashes, IP addresses,\nand other indicators of compromise (IOCs).\n\n\n## Features\n* Look up hashes across multiple threat intelligence services, from a single command or a few lines of Python.\n* Currenty supports the following services:\n  * [VirusTotal](https://virustotal.com)\n  * [MalwareBazaar](https://bazaar.abuse.ch/)\n  * [Shodan.io](https://shodan.io/)\n* Planned support:\n  * [URLhaus](https://urlhaus.abuse.ch/)\n  * [OTX](https://otx.alienvault.com/)\n  * [InQuest Labs](https://labs.inquest.net/)\n  * [MalShare](https://www.malshare.com/)\n  * [Malpedia](https://malpedia.caad.fkie.fraunhofer.de/)\n  * [Maltiverse](https://maltiverse.com/)\n\n## Quickstart\n```bash\npip install ioccheck\n```\n\nYou can also run the code directly\n```bash\ngit clone https://github.com/ranguli/ioccheck \u0026\u0026 cd ioccheck\npoetry install\n```\n\nPopulate `~/.config/ioccheck/credentials` with an entry for each service you have credentials for: \n\n```\n[virustotal]\napi_key=YOUR_API_KEY_HERE\n\n[malwarebazaar]\napi_key=YOUR_API_KEY_HERE\n\n[shodan]\napi_key=YOUR_API_KEY_HERE\n\n[twitter]\nconsumer_key=YOUR_API_KEY_HERE\nconsumer_secret=YOUR_API_KEY_HERE\naccess_token=YOUR_API_KEY_HERE\naccess_secret=YOUR_API_KEY_HERE\n```\n\n## Usage\n```\n➜  ioccheck 275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f\n\nChecking hash 275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f.\n[*] Hashing algorithm:\nSHA256\n\n[*] VirusTotal URL:\nhttps://virustotal.com/gui/file/275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f/\n\n[*] VirusTotal detections:\n61 engines (81%) detected this file.\n\n╒══════════════╤════════════╤═══════════════════════════════╕\n│ Antivirus    │ Detected   │ Result                        │\n╞══════════════╪════════════╪═══════════════════════════════╡\n│ Malwarebytes │ No         │                               │\n├──────────────┼────────────┼───────────────────────────────┤\n│ Avast        │ Yes        │ EICAR Test-NOT virus!!!       │\n├──────────────┼────────────┼───────────────────────────────┤\n│ ClamAV       │ Yes        │ Win.Test.EICAR_HDB-1          │\n├──────────────┼────────────┼───────────────────────────────┤\n│ Kaspersky    │ Yes        │ EICAR-Test-File               │\n├──────────────┼────────────┼───────────────────────────────┤\n│ BitDefender  │ Yes        │ EICAR-Test-File (not a virus) │\n├──────────────┼────────────┼───────────────────────────────┤\n│ Paloalto     │ No         │                               │\n├──────────────┼────────────┼───────────────────────────────┤\n│ TrendMicro   │ Yes        │ Eicar_test_file               │\n├──────────────┼────────────┼───────────────────────────────┤\n│ FireEye      │ Yes        │ EICAR-Test-File (not a virus) │\n├──────────────┼────────────┼───────────────────────────────┤\n│ Sophos       │ Yes        │ EICAR-AV-Test                 │\n├──────────────┼────────────┼───────────────────────────────┤\n│ Microsoft    │ Yes        │ Virus:DOS/EICAR_Test_File     │\n├──────────────┼────────────┼───────────────────────────────┤\n│ McAfee       │ Yes        │ EICAR test file               │\n├──────────────┼────────────┼───────────────────────────────┤\n│ Fortinet     │ Yes        │ EICAR_TEST_FILE               │\n├──────────────┼────────────┼───────────────────────────────┤\n│ AVG          │ Yes        │ EICAR Test-NOT virus!!!       │\n╘══════════════╧════════════╧═══════════════════════════════╛\n\n[*] VirusTotal reputation:\n3392\n```\n\n## Using the API\n\nCreating a hash\n```python\n\u003e\u003e\u003e from ioccheck import Hash\n\u003e\u003e\u003e from ioccheck.services import VirusTotal\n\u003e\u003e\u003e eicar = Hash(\"275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f\")\n\u003e\u003e\u003e # What kind of hash is this?\n\u003e\u003e\u003e print(eicar.hash_type)\nSHA256\n```\n\nLooking up a hash\n```python\n\u003e\u003e\u003e # With no arguments, check() tries all supported services. API keys grabbed from ~/.ioccheck by default.\n\u003e\u003e\u003e eicar.check()\n\u003e\u003e\u003e # Alternatively:\n\u003e\u003e\u003e eicar.check(services=VirusTotal, config_path=/foo/bar/.ioccheck)\n```\n\nResearching a hash\n```python\n\u003e\u003e\u003e # Check the VirusTotal report to see if Sophos detects our hash\n\u003e\u003e\u003e eicar.reports.virustotal.get_detections(engines=[\"Sophos\"])\n{'Sophos': {'category': 'malicious', 'engine_name': 'Sophos', 'engine_version': '1.0.2.0', 'result': 'EICAR-AV-Test', 'method': 'blacklist', 'engine_update': '20210314'}}\n\u003e\u003e\u003e # What is this hash known as?\n\u003e\u003e\u003e print(eicar.reports.virustotal.name)\n'eicar.com-2224'\n\u003e\u003e\u003e # How many AV engines are detecting this hash?\n\u003e\u003e\u003e eicar.reports.virustotal.detection_count\n60\n```\n\n\n```\n\u003e\u003e\u003e # Just show me the VirusTotal API response!\n\u003e\u003e\u003e eicar.reports.virustotal.api_response\n\u003cvt.object.Object file 275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f\u003e\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Franguli%2Fioccheck","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Franguli%2Fioccheck","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Franguli%2Fioccheck/lists"}