Log4J scanner that detects vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046, etc) on your file-system within any application. It is able to even find Log4J instances that are hidden several layers deep. Works on Linux, Windows, and Mac, and everywhere else Java runs, too!

Stars: ✭ 622 (+1906.45%)

Mutual labels: scanner, cybersecurity

Netz

Discover internet-wide misconfigurations while drinking coffee

Stars: ✭ 159 (+412.9%)

Mutual labels: scanner, cybersecurity

Jssha

A JavaScript/TypeScript implementation of the complete Secure Hash Standard (SHA) family (SHA-1, SHA-224/256/384/512, SHA3-224/256/384/512, SHAKE128/256, cSHAKE128/256, and KMAC128/256) with HMAC.

Stars: ✭ 2,089 (+6638.71%)

Mutual labels: sha-256, sha-1

Intelmq

IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol.

Stars: ✭ 611 (+1870.97%)

Mutual labels: ioc, cybersecurity

MalwareHashDB

Malware hashes for open source projects.

Stars: ✭ 31 (+0%)

Mutual labels: ioc, md5

YAFRA

YAFRA is a semi-automated framework for analyzing and representing reports about IT Security incidents.

Stars: ✭ 22 (-29.03%)

Mutual labels: ioc, cybersecurity

Loki

Loki - Simple IOC and Incident Response Scanner

Stars: ✭ 2,217 (+7051.61%)

Mutual labels: ioc, scanner

Signature Base

Signature base for my scanner tools

Stars: ✭ 1,212 (+3809.68%)

Mutual labels: ioc, scanner

conti-pentester-guide-leak

Leaked pentesting manuals given to Conti ransomware crooks

Stars: ✭ 772 (+2390.32%)

Mutual labels: ioc, cybersecurity

github-watchman

Monitoring GitHub for sensitive data shared publicly

Stars: ✭ 60 (+93.55%)

Mutual labels: cybersecurity

NIST-to-Tech

An open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework (CSF)

Stars: ✭ 61 (+96.77%)

Mutual labels: cybersecurity

cytrone

CyTrONE: Integrated Cybersecurity Training Framework

Stars: ✭ 72 (+132.26%)

Mutual labels: cybersecurity

game-of-thrones-hacking-ctf

Game of Thrones hacking CTF (Capture the flag)

Stars: ✭ 57 (+83.87%)

Mutual labels: cybersecurity

CleanSCAN

A simple, smart and efficient document scanner for Android

Stars: ✭ 151 (+387.1%)

Mutual labels: scanner

OSINTBookmarks

OSINT Bookmarks for Firefox / Chrome / Edge / Safari

Stars: ✭ 34 (+9.68%)

Mutual labels: cybersecurity

View All Similar Projects ➔

ioc-scanner 🔎🆖

The ioc-scanner can search a filesystem for indicators of compromise (IoC). Indicators are defined by their md5, sha-1, or sha-256 hashes. The tool is very flexible about how it receives the IoC hashes. It will search blobs of input for strings that look like md5, sha-1, and sha-256 hashes.

Command line usage

Usage:
  ioc-scan [--log-level=LEVEL] [--stdin | --file=hashfile] [--target=root]
  ioc-scan (-h | --help)

Options:
  -h --help              Show this message.
  -f --file=hashfile     Search for hashes in specified file.
  -L --log-level=LEVEL   If specified, then the log level will be set to
                         the specified value.  Valid values are "debug", "info",
                         "warning", "error", and "critical". [default: warning]
  -s --stdin             Search for hashes on stdin.
  -t --target=root       Scan target root directory. [default: /]

Example output

❱ ioc-scan --target /bin
0313fd399b143fc40cd52a1679018305 /bin/bash

Scan elapsed time: 0:00:00.176262
Hit count by indicators:
70a6058952ed3212217105ec7865ba21    0
dff4b51907018f5cf325120aec2caf45    0
2d7a648ebe64e536944c011c8dcbb375    0
132646a2ad9deac1944be4264da30b01    0
8c109784750142b158a1459751ae5faf    0
fff485a90ef0a86fb2813eb64fd3442c    0
2d7a648ebe64e536944c011c8dcbb375    0
2a2410cef5497cbd3f6c13eaff9619da    0
3e7eb6abcce304de0822a618de756fd2    0
350cba65e28c723cbf0724c19bd7ee69    0
0313fd399b143fc40cd52a1679018305    1
ac56f4b8fac5739ccdb45777d313becf    0
69630e4574ec6798239b091cda43dca0    0
50973a3fc57d70c7911f7a952356188b9939e56b    0
b509f8545501588ecd828f970d91afc7c4aa6e238e838bd6a08ee2cd920fbe98    0

Stand-alone usage

The ioc_scanner.py file was designed to be dependency-free. This allows it to be deployed anywhere python3 is available without a full install process. There is an embedded hash list in this file that can be easily edited. This makes it possible to run this tool with automation tools like Ansible.

Here is an example of running the script remotely using the Ansible script module :

ansible --inventory=hosts-file cool-servers \
        --module-name=ansible.builtin.script \
        --args="cmd=src/ioc_scan/ioc_scanner.py executable=python3" \
        --become --ask-become-pass --user="ian.kilmister"

Optionally you can use the --file option to use a file on the remote host as a source for hashes.

ansible --inventory=hosts-file cool-servers \
        --module-name=ansible.builtin.script \
        --args="'cmd=src/ioc_scan/ioc_scanner.py --file hash_file.txt] \
               executable=python3" \
        --become --ask-become-pass --user="ian.kilmister"

Contributing

We welcome contributions! Please see CONTRIBUTING.md for details.

License

This project is in the worldwide public domain.

This project is in the public domain within the United States, and copyright and related rights in the work worldwide are waived through the CC0 1.0 Universal public domain dedication.

All contributions to this project will be released under the CC0 dedication. By submitting a pull request, you are agreeing to comply with this waiver of copyright interest.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

cisagov / ioc-scanner

Programming Languages

Labels

Projects that are alternatives of or similar to ioc-scanner

ioc-scanner 🔎🆖

Command line usage

Example output

Stand-alone usage

Contributing

License