https://github.com/ackatz/seclook-cli
Simple security lookups via CLI
https://github.com/ackatz/seclook-cli
cybersecurity cybersecurity-tools infosec lookup security security-tools
Last synced: 5 months ago
JSON representation
Simple security lookups via CLI
- Host: GitHub
- URL: https://github.com/ackatz/seclook-cli
- Owner: ackatz
- License: mit
- Archived: true
- Created: 2023-10-02T23:31:44.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2025-01-29T03:56:26.000Z (over 1 year ago)
- Last Synced: 2025-08-20T01:31:12.188Z (10 months ago)
- Topics: cybersecurity, cybersecurity-tools, infosec, lookup, security, security-tools
- Language: Python
- Homepage: https://pypi.org/p/seclook/
- Size: 90.8 KB
- Stars: 16
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
[](https://github.com/ackatz/seclook-cli/actions/workflows/ci.yml)
[](https://github.com/ackatz/seclook-cli/actions/workflows/cd.yml)
[](https://pepy.tech/project/seclook)
# seclook
`seclook` is a security lookup CLI tool that allows you to query various security services on the fly. It is essentially a wrapper over the `requests` library that removes the need to manually search within Web UIs or write your own requests in Postman or cURL to query these services.
You can look up information using commands like `seclook [service] [value]`, where the service can be `virustotal`, `shodan`, `emailrep`, and so on. The value is the information you're querying for and varies by service.
## Installation
1. `pip install seclook`
2. Copy [config.ini.sample](https://github.com/ackatz/seclook/blob/main/config.ini.sample) from this directory and place it in `~/.seclook/config.ini`
3. Open `~/.seclook/config.ini` and add in your own API keys for the services you want to use.
> Some services (e.g., GreyNoise, ThreatFox) _don't require API keys_, but may be rate-limited more quickly without one or have other limitations. Others (e.g., YARAify) do not need an API key at all and will not be referenced in the config file.
## Usage
Basic usage of `seclook` is as follows:
```bash
seclook [service] [value]
```
For example, to look up IP 1.1.1.1 on AbuseIPDB, you'd run:
```bash
seclook abuseipdb 1.1.1.1
```
You can pipe the output to `fx` or `jq` for further processing:
```bash
seclook emailrep andrew@akatz.org | fx
```
You can `grep` the output for known keys to get specific information:
```bash
seclook virustotal 44d88612fea8a8f36de82e1278abb02f | grep malicious
```
## Options
`--export` – Use this flag to export the results to a JSON file in your current working directory.
## Supported services
- [x] [quick](https://quick.akatz.org)
- [x] [VirusTotal](https://virustotal.com/)
- [x] [Shodan](https://www.shodan.io/)
- [x] [Emailrep](https://emailrep.io/)
- [x] [AbuseIPDB](https://www.abuseipdb.com/)
- [x] [GreyNoise](https://www.greynoise.io/)
- [x] [ThreatFox](https://threatfox.abuse.ch/)
- [x] [Pulsedive](https://pulsedive.com/)
- [x] [Yaraify](https://yaraify.abuse.ch/)
You can also view supported services by passing `list` as the service name:
```bash
seclook list
```
## Upgrading
To upgrade seclook to the latest version:
```bash
pip install --upgrade seclook
```
## Contributing
If you'd like to contribute to seclook, please feel free to fork the repository, create a feature branch, and then submit a Pull Request.
## License
MIT License
## Contact
[andrew@akatz.org](mailto:andrew@akatz.org)