Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/sroberts/cacador

Indicator Extractor
https://github.com/sroberts/cacador

dfir golang security

Last synced: 28 days ago
JSON representation

Indicator Extractor

Host: GitHub
URL: https://github.com/sroberts/cacador
Owner: sroberts
License: mit
Created: 2016-01-31T01:53:42.000Z (almost 9 years ago)
Default Branch: master
Last Pushed: 2018-07-14T12:35:05.000Z (over 6 years ago)
Last Synced: 2024-04-16T03:47:17.104Z (8 months ago)
Topics: dfir, golang, security
Language: Go
Homepage:
Size: 44.9 KB
Stars: 130
Watchers: 12
Forks: 23
Open Issues: 15
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE

Awesome Lists containing this project

cybersecurity-golang-security - cacador - Indicator extractor of IOCs (Data Parsing)
awesome-go-security - cacador - Indicator extractor of IOCs (Data Parsing)

README

        # cacador

[![CircleCI](https://circleci.com/gh/sroberts/cacador.svg?style=svg)](https://circleci.com/gh/sroberts/cacador)

[![Go Report Card](https://goreportcard.com/badge/github.com/sroberts/cacador)](https://goreportcard.com/report/github.com/sroberts/cacador)

Cacador (Portugese for hunter) is tool for extracting common [indicators of compromise](https://en.wikipedia.org/wiki/Indicator_of_compromise) from a block of text.

## The Short Way: Downloading Cacador

The easiest way to get cacador is to [download the latest release for your platform](https://github.com/sroberts/cacador/releases). Good? Great.

## The Long Way: Compiling Cacador

-   Install golang

-   `go get github.com/sroberts/cacador`

-   Compile with `go build`

## Running

Run with `./cacador`. It accepts text from stdin and writes a JSON blob of IOCs to stdout. For example `cat text.txt | ./cacador | import` where text is some IOC rich text and import pushes your new IOCs into your threat management system.

Cacador does recognize two command line flags:

-   `-comment="Foo"` which makes it possible to leave a note as metadata.

-   `-tags="Foo, bar, baz"` which adds tags.

## Generating a new release

-   Install [goreleaser](https://github.com/goreleaser/goreleaser) via `go get github.com/goreleaser/goreleaser`.

-   Push your branch to GitHub.

-   Tag it via `git tag -a v1.0.3 -m "Release 1.0.3 - Minor bugfix edition."`

-   Push the tag to GitHub via `git push origin v1.0.3`

-   Ensure you have a `GITHUB_TOKEN` env var set.

-   Run `goreleaser`.

## Why?

Other tools for doing indicator extraction are pretty awesome (like [armbues/ioc_parser](https://github.com/armbues/ioc_parser) or [sroberts/jager](https://github.com/sroberts/jager)), but what's nice about cacador is you can compile it and put it in your path and use it for Unix style workflows with [pipes and things](http://www.december.com/unix/tutor/pipesfilters.html). Also it's super fast and was a good excuse to learn [Go](http://golang.org).