Skip to content

Commit

Permalink
Merge pull request #20 from ackatz/add_yaraify
Browse files Browse the repository at this point in the history
Add YARAify
  • Loading branch information
ackatz authored Oct 16, 2023
2 parents d786000 + b65345b commit 71e0944
Show file tree
Hide file tree
Showing 6 changed files with 31 additions and 3 deletions.
3 changes: 2 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ You can look up information using commands like `seclook [service] [value]`, whe
2. Copy [config.ini.sample](https://github.com/ackatz/seclook/blob/main/config.ini.sample) from this directory and place it in `~/.seclook/config.ini`
3. Open `~/.seclook/config.ini` and add in your own API keys for the services you want to use.

> Some services (e.g., GreyNoise, ThreatFox) _don't require API keys_, but may be rate-limited more quickly without one or have other limitations.
> Some services (e.g., GreyNoise, ThreatFox) _don't require API keys_, but may be rate-limited more quickly without one or have other limitations. Others (e.g., YARAify) do not need an API key at all and will not be referenced in the config file.
## Usage

Expand Down Expand Up @@ -62,6 +62,7 @@ seclook virustotal 44d88612fea8a8f36de82e1278abb02f | grep malicious
- [x] [GreyNoise](https://www.greynoise.io/)
- [x] [ThreatFox](https://threatfox.abuse.ch/)
- [x] [Pulsedive](https://pulsedive.com/)
- [x] [Yaraify](https://yaraify.abuse.ch/)

You can also view supported services by passing `list` as the service name:

Expand Down
2 changes: 1 addition & 1 deletion pyproject.toml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[tool.poetry]
name = "seclook"
version = "0.5.3"
version = "0.6.0"
description = "Simple security lookups via CLI"
authors = ["ackatz <[email protected]>"]
license = "MIT"
Expand Down
4 changes: 4 additions & 0 deletions seclook/cli.py
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
greynoise_lookup,
threatfox_lookup,
pulsedive_lookup,
yaraify_lookup,
)
from seclook.openai import gpt4_summarize
import json
Expand Down Expand Up @@ -37,6 +38,7 @@ def main(service, value, export, gpt4):
"greynoise",
"threatfox",
"pulsedive",
"yaraify",
]

if not service:
Expand Down Expand Up @@ -70,6 +72,8 @@ def main(service, value, export, gpt4):
result = threatfox_lookup.search(value)
elif service.lower() == "pulsedive":
result = pulsedive_lookup.search(value)
elif service.lower() == "yaraify":
result = yaraify_lookup.search(value)

if export:
desktop = os.path.join(os.path.expanduser("~"), "Desktop")
Expand Down
10 changes: 10 additions & 0 deletions seclook/lookups/yaraify_lookup.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
import requests

base_url = "https://yaraify-api.abuse.ch/api/v1/"


def search(value):
data = {"query": "lookup_hash", "search_term": f"{value}"}
headers = {"Content-Type": "application/json"}
response = requests.post(base_url, headers=headers, json=data)
return response.json()
7 changes: 7 additions & 0 deletions seclook/tests/test_missing_value.py
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,13 @@ def test_threatfox_missing_value():
assert "Missing value argument for 'threatfox'." in result.output


def test_yaraify_missing_value():
runner = CliRunner()
result = runner.invoke(main, ["yaraify"])
assert result.exit_code != 0
assert "Missing value argument for 'yaraify'." in result.output


def test_pulsedive_missing_value():
runner = CliRunner()
result = runner.invoke(main, ["pulsedive"])
Expand Down
8 changes: 7 additions & 1 deletion seclook/tests/test_valid_service_value.py
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,12 @@ def test_threatfox_valid_value():
assert result.exit_code == 0


def test_yaraify_valid_value():
runner = CliRunner()
result = runner.invoke(main, ["yaraify", "asdf"])
assert result.exit_code == 0


def test_pulsedive_valid_value():
runner = CliRunner()
result = runner.invoke(main, ["pulsedive", "1.1.1.1"])
Expand All @@ -28,7 +34,7 @@ def test_virustotal_valid_value():

def test_emailrep_valid_value():
runner = CliRunner()
result = runner.invoke(main, ["emailrep", "andrew@akatz.org"])
result = runner.invoke(main, ["emailrep", "example@example.org"])
assert result.exit_code == 0


Expand Down

0 comments on commit 71e0944

Please sign in to comment.