malice-nsrl

Malice NSRL Plugin - This takes the 5.5 GB NSRL minimal set and converts it into a 77.4 MB bloom filter with an Estimate False Positive Rate of 0.001

This repository contains a Dockerfile of the NSRL lookup malice plugin malice/nsrl.

Dependencies

malice/alpine

Image Tags

REPOSITORY          TAG                 SIZE
malice/nsrl         latest              117MB
malice/nsrl         0.1.0               117MB
malice/nsrl         sha1                117MB
malice/nsrl         md5                 117MB

NOTE:

tags latest and 0.1.0 are the same as sha1

tag sha1 can query by sha1 hash

tag md5 can query by md5 hash

Installation

Install Docker.
Download trusted build from public DockerHub: docker pull malice/nsrl

Usage

docker run --rm malice/nsrl --help

Usage: nsrl [OPTIONS] COMMAND [arg...]

Malice nsrl Plugin

Version: v0.1.0, BuildTime: 20161119

Author:
  blacktop - <https://github.com/blacktop>

Options:
  --verbose, -V  verbose output
  --help, -h     show help
  --version, -v  print the version

Commands:
  web     Create a NSRL lookup web service
  build   Build bloomfilter from NSRL database
  lookup  Query NSRL for hash
  help    Shows a list of commands or help for one command

Run 'nsrl COMMAND --help' for more information on a command.

Lookup By Hash `md5|sha1`

docker run --rm malice/nsrl:md5 lookup 829e4805b0e12b383ee09abdc9e2dc3c
docker run --rm malice/nsrl:sha1 lookup 5a272b7441328e09704b6d7eabdbd51b8858fde4

NAME:
   nsrl lookup - Query NSRL for hash

USAGE:
   nsrl lookup [command options] SHA1 to query NSRL with

OPTIONS:
   --elasticsearch value  elasticsearch url for Malice to store results [$MALICE_ELASTICSEARCH_URL]
   --post, -p             POST results to Malice webhook [$MALICE_ENDPOINT]
   --proxy, -x            proxy settings for Malice webhook endpoint [$MALICE_PROXY]
   --timeout value        malice plugin timeout (in seconds) (default: 10) [$MALICE_TIMEOUT]
   --table, -t            output as Markdown table

Sample Output

JSON

{
  "nsrl": {
    "found": true,
    "hash": "5A272B7441328E09704B6D7EABDBD51B8858FDE4"
  }
}

Markdown

NSRL Database

Found ✅

Documentation

Issues

Find a bug? Want more features? Find something missing in the documentation? Let me know! Please don't hesitate to file an issue

CHANGELOG

See CHANGELOG.md

Contributing

See all contributors on GitHub.

Please update the CHANGELOG.md and submit a Pull Request on GitHub.

Name		Name	Last commit message	Last commit date
Latest commit History 103 Commits
.circleci		.circleci
docs		docs
hooks		hooks
vendor		vendor
.dockerignore		.dockerignore
.gitignore		.gitignore
CHANGELOG.md		CHANGELOG.md
Dockerfile		Dockerfile
ERROR		ERROR
Gopkg.lock		Gopkg.lock
Gopkg.toml		Gopkg.toml
LICENSE		LICENSE
Makefile		Makefile
README.md		README.md
VERSION		VERSION
config.toml		config.toml
nsrl.go		nsrl.go
shrink_nsrl.sh		shrink_nsrl.sh
template.go		template.go

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

malice-nsrl

Dependencies

Image Tags

Installation

Usage

Lookup By Hash `md5|sha1`

Sample Output

JSON

Markdown

NSRL Database

Documentation

Issues

CHANGELOG

Contributing

License

About

Releases

Packages

Languages

License

malice-plugins/nsrl

Folders and files

Latest commit

History

Repository files navigation

malice-nsrl

Dependencies

Image Tags

Installation

Usage

Lookup By Hash md5|sha1

Sample Output

JSON

Markdown

NSRL Database

Documentation

Issues

CHANGELOG

Contributing

License

About

Topics

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Languages

Lookup By Hash `md5|sha1`

Packages