https://github.com/n0xa/golang-stuff

A collection of Go tools I make while I learn a little about GoLang.
https://github.com/n0xa/golang-stuff

blueteam cybersecurity go golang threatintelligence

Last synced: 5 months ago
JSON representation

A collection of Go tools I make while I learn a little about GoLang.

• Host: GitHub
• URL: https://github.com/n0xa/golang-stuff
• Owner: n0xa
• License: bsd-2-clause
• Created: 2022-12-30T04:58:09.000Z (over 3 years ago)
• Default Branch: main
• Last Pushed: 2025-04-12T01:07:41.000Z (about 1 year ago)
• Last Synced: 2025-04-12T02:25:53.308Z (about 1 year ago)
• Topics: blueteam, cybersecurity, go, golang, threatintelligence
• Language: Go
• Homepage:
• Size: 44.9 KB
• Stars: 9
• Watchers: 4
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# GoLang-stuff

A collection of Go tools I make while I learn a little about GoLang.  

Mostly Work-In-Progress and tinkering with blue-team, threat intelligence things  

bgpview.io Tools

----------------

* ipasn.go lists BGP Autonomous System Numbers and info about an IP address

* asn.go lists IPv4 and IPv6 Prefixes (subnets) advertised as part of a given ASN

HPFeeds Tools

-------------

* hpfeeds-client.go is a reworked version of a broken, un-maintained HPFeeds implementation in go. I needed an easy way to just get the JSON Payload out of my Honeypot network. You can watch my MHN instance with it like this:

```

go run hpfeeds-client.go seckc-community fk6QgrnyvwbWSxCIwL5SIc2oARC4DXx46 mhn.h-i-r.net 10000 cowrie.sessions

```

or compile it first:

```

go build hpfeeds-client.go

./hpfeeds-client seckc-community fk6QgrnyvwbWSxCIwL5SIc2oARC4DXx46 mhn.h-i-r.net 10000 cowrie.sessions amun.events conpot.events

```

You can also pass the output directly to formatting and query tools like `jq` or save the json for use later.  `jq '.peerIP,.urls'` for example, will list the attacking IP addresses and any payload URLs that the honeypot reported to HPFeeds

VirusTotal Tools

----------------

Before using these tools, you must register with VirusTotal, acquire an API key and export it in the VTAPI environment variable, such as in your .bashrc or .zshrc file.   

`export VTAPI=dab2_THIS_IS_AN_EXAMPLE_API_KEY_-_CHANGEME_e8e0496bcfce5e91f0000`  

Some of these tools will iterate through a configurable number of pages of passive data (10 by default) which can use a lot of your daily API request allocation, so tune the "maxpages" variable to suit your situation if you find the number of queries it makes to be too much.

* vthash.go is a command-line tool to gather the list of detections from VirusTotal for a given file or file hash. This allows security analysts to quickly size up an unknown file they have run across to see if it's been detected previously without firing up a web browser or uploading it.

* vtdomain.go fetches information about a domain name from VirusTotal v3 `domains` API.

* vtip.go queries IP address reputation and hostnames through VirusTotal's v3 `ip_addresses` API.